Closed Speed7811 closed 5 months ago
Can you check the browser console if it says any error? Otherwise the mostlikely issue is that the secret is not matching
Hey,
the secret is 100% correct. In 27 it is the same secret and I didn't changed it. Addionally I have a second Nextcloud 27 instance which uses the same Coturn server an there is no problem!
Here you can find the console window - it seems to be something with the certificate expiration:
Addionally I got with nmap the certificate and it doesn't seems to be expired - so why don't Talk accept it?
The result of nmap (I changed my domain to 'mydomain'):
pi@cloud:~ $ nmap -v -p 443 --script ssl-cert coturn.mydomain.de
Starting Nmap 7.93 ( https://nmap.org ) at 2024-05-08 21:20 CEST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Initiating Ping Scan at 21:20
Scanning coturn.mydomain.de (20.113.158.244) [2 ports]
Completed Ping Scan at 21:20, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:20
Completed Parallel DNS resolution of 1 host. at 21:20, 0.03s elapsed
Initiating Connect Scan at 21:20
Scanning coturn.mydomain.de (20.113.158.244) [1 port]
Discovered open port 443/tcp on 20.113.158.244
Completed Connect Scan at 21:20, 0.01s elapsed (1 total ports)
NSE: Script scanning 20.113.158.244.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.03s elapsed
Nmap scan report for coturn.mydomain.de (20.113.158.244)
Host is up (0.015s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-cert: Subject: commonName=coturn.mydomain.de
| Subject Alternative Name: DNS:coturn.mydomain.de
| Issuer: commonName=R3/organizationName=Let's Encrypt/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-03-20T21:24:03
| Not valid after: 2024-06-18T21:24:02
| MD5: 24cf3c73e472bcd4580b678f8a438785
| SHA-1: 07cdd5b76a24677a64c0fc5d164dac36078da719
| -----BEGIN CERTIFICATE-----
| MIIE5jCCA86gAwIBAgISBLQR3QILIVLgMMcmlsQI1AkTMA0GCSqGSIb3DQEBCwUA
| MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
| EwJSMzAeFw0yNDAzMjAyMTI0MDNaFw0yNDA2MTgyMTI0MDJaMBgxFjAUBgNVBAMT
| DWNvdHVybi5yd2guZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP
| vmeHNZOf9Dhw8MfUu8rz6xL/fDGupj651flx6OfkpOb+NzzE6w1M06MKQPkr4NBc
| w9lQn72MPHO4t8PG+gaEoyWgcUTUrov6H47Cj361v9V4XOHUAUJjzMYbQqUM/DHs
| jQriZezF4b5yHGRimHn7gZwtbuGpJWlNmTOF9lFTZhah/L2DPkZPdSpwdovfpezO
| RcuUunVxRP1Fw5ck2AQTZ/NS3Dlo2xRKX2PcK4eHvQPWs2i8mxon3Y2M4qmtnUWu
| EtWsT2GC/4BUY7VHUHGB6O0AnCla8DHecys+NftI8ydf1aQ5yiT9IKzUgjG4TOwi
| jaQVq8/bg5VrKxWs0zRFAgMBAAGjggIOMIICCjAOBgNVHQ8BAf8EBAMCBaAwHQYD
| VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
| BBYEFEqst+Eh0oBQmskGt+tE0G06tCy7MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
| QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
| Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
| MBgGA1UdEQQRMA+CDWNvdHVybi5yd2guZGUwEwYDVR0gBAwwCjAIBgZngQwBAgEw
| ggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBIsONr2qZHNA/lagL6nTDrHFIBy1bd
| LIHZu7+rOdiEcwAAAY5d9t1BAAAEAwBGMEQCIA+PxdlMaLgNm6avnX6Bt1hA2s6E
| kGAPL58uiujWnB5VAiA3QpVClY02owdyDjVgmULcfo1LVOuV7INGDzyddq8O9AB2
| ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjl323UEAAAQDAEcw
| RQIgZzyDID3CBMZcgfKsHm43JX9HhJu24yKAvVphiTpmQakCIQD5XCSOtltmr/G3
| GN4CovDNWLZ28GhEYZqaHD7xMlpRHjANBgkqhkiG9w0BAQsFAAOCAQEAORUiywRI
| mh8WzdTrZ9+62B0qlMNzDoiKfbu09d5LfXfel0SsFML9j6hCeQfWbeHhZCExeLef
| 8F9iQurh922DI9MDIlI079c+wNSZOfL2THdnAwtFtdjqrJAQr6Lb8h/xePhOzRJr
| dNzPqf4+rcm7QshWlQNVXSevzABBEoAxiWDhbccdedqfQrNQ6CwqK6HaSMh79uZl
| iFHsr9+Jh8MQFc8gwDjnyOsr6Mq1gBl2nZH65pBLJ23QvumVAnRhLXV8L2UReGnl
| gVfScX/yiaXp50NmQwoWmBTq+LMBavWIGcUwZjxTeJm74Ls1gyxbsJDF448hNr98
| AVXRQ5XYhasyYg==
|_-----END CERTIFICATE-----
NSE: Script Post-scanning.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds
Please check your nextcloud.log. The failure might be expected if the nextcloud server itself is unable to connect to your coturn. But you should see an error in the log.
Some additional infos can be found at https://github.com/nextcloud/spreed/issues/11327
Hey,
loglevel is already set 0 which means 'debug'. I have a tail -f /var/log/nextcloud/nextcloud.log running and I'm sure that I'm the only user which uses the Nextcloud instance. When I press the "Check"-button I don't get any protocol entries written in the log.
As I meantioned in the comment it looks like the Coturn server can be contacted but cause seems to be that the certificate doesn't be accepted.
Best regards
Rainer
I just noticed that you get a 403 on the request, that must happen before it hits the controller, otherwise an exception should be logged like https://github.com/nextcloud/spreed/blob/0d7b4f9befb7f1eb7996b8d4d5c5253a20298aa6/lib/Controller/CertificateController.php#L49
anything special about your user? Full admin rights ?
For the sake of trying, can you retest when you remove the „:443“ part?
Did you check https://github.com/nextcloud/spreed/issues/11550?
Hey... yes I got a 403 here:
I tried it by removing the "443" and the same result.
I checked the coturn logs during the test and I got some TLS errors:
17831: : session 000000000000000161: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : session 000000000000000163: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : session 001000000000000154: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : session 000000000000000166: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : IPv4. Local relay addr: 10.0.0.4:42072
17831: : session 000000000000000161: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 000000000000000161: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : IPv4. Local relay addr: 10.0.0.4:58386
17831: : session 000000000000000163: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 000000000000000163: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : IPv4. Local relay addr: 10.0.0.4:41107
17831: : session 001000000000000154: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 001000000000000154: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : IPv4. Local relay addr: 10.0.0.4:61846
17831: : session 000000000000000166: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 000000000000000166: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : session 000000000000000162: TLS/TCP socket disconnected: 91.248.xxx.xx:51214
17831: : session 000000000000000162: usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000162: peer usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000162: closed (2nd stage), user <> realm <coturn.mydomain.de> origin <>, local 10.0.0.4:443, remote 91.248.xxx.xx:51214, reason: TLS/TCP socket buffer operation error (callback)
17831: : session 000000000000000164: TLS/TCP socket disconnected: 91.248.xxx.xx:51213
17831: : session 000000000000000164: usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000164: peer usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000164: closed (2nd stage), user <> realm <coturn.mydomain.de> origin <>, local 10.0.0.4:443, remote 91.248.xxx.xx:51213, reason: TLS/TCP socket buffer operation error (callback)
17831: : session 000000000000000166: TLS/TCP socket disconnected: 91.248.xxx.xx:51216
17831: : session 000000000000000166: usage: realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, rp=2, rb=152, sp=2, sb=228
17831: : session 000000000000000166: peer usage: realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000166: closed (2nd stage), user <1715198726:turn-test-user> realm <coturn.mydomain.de> origin <>, local 10.0.0.4:443, remote 91.248.xxx.xx:51216, reason: **TLS/TCP socket buffer operation error (callback)**
Are there any changes which belongs to the communication with TLS? I don't changed anything on the Coturn Server an with 27 it works.
Best regards
Rainer
Or is your admin user not in the list of groups that are allowed to use talk? #11550
Lol... thats it!
I'm the admin user but I changed the permissions a few weeks ago... I remove the Talk permission from the admin. I have never thought that the Turnserver check needs the talk permission.
You made my day! Thank you so much!
Best regards
Rainer
Maybe the TURN server check should always be allowed for admins, similar to https://github.com/nextcloud/spreed/pull/8330 and https://github.com/nextcloud/spreed/pull/10961
Yeah, that's why there is #11550 as a good-first-issue
...mondays :see_no_evil:
Dear all,
we are using Nextcloud 27 (Latest Version) with Talk (latest version for 27). We are using Coturn on a separate Ubuntu 22.04 LTS server (version 2.1.5 => Latest on 22.04) and now updated Nextcloud to Version 28. Now in the Administration page of "Talk" I can press the button to check the Turn server and there is a exclamation mark. In 27 there no problem.
See the image to show the problem:
My questions are:
Talk app
Talk app version: 18.0.7
Custom Signaling server configured: yes
Custom TURN server configured: yes
Custom STUN server configured: yes
Browser
Microphone available: yes
Camera available: yes
Operating system: Windows
Browser name: Opera
Browser version: 109.0.5097.68
Browser log
Server configuration
Operating system: Ubuntu 22.04 LTS
Web server: Apache
Database: Maria
PHP version: 8.2
Nextcloud Version: 28.0.5
List of activated apps:
Nextcloud configuration:
Server log (data/nextcloud.log)