search

strukturag / nextcloud-spreed-signaling

Standalone signaling server for Nextcloud Talk.
GNU Affero General Public License v3.0
373 stars 70 forks source link

STUN Server Returns LAN IP #86

Closed jscottbranson closed 3 years ago

jscottbranson commented 3 years ago

Hello,

Environment Server/Host OS: Centos8-Stream NC: 21.0.0

Docker Container Versions nextcloud-spreed-signaling_spreedbackend: latest nextcloud-spreed-signaling_coturn: latest nextcloud-spreed-signaling_janus: latest nats: 2.1 alpine: 3.11

Issue I'm running a dedicated signaling server in my LAN. The signaling server is NAT'd behind a gateway, and the gateway is reachable by public IPv4 (e.g., 8.7.6.5). The signaling server itself only has a LAN IPv4 (e.g., 10.0.0.11). The server is not functioning correctly, as client calls never connect.

Client side firewall logs show that clients are trying to connect to the signaling server's LAN IP (10.0.0.11) rather than the publicly routable IP (8.7.6.5). Thus, the issue is that the signaling server is telling clients it's (LAN) IPv4 address rather than the public/gateway IP, which makes sense given that the signaling server has no awareness of the public IPv4.

Attempted Resolution I attempted to resolve this by creating /etc/coturn/turnserver.conf in the coturn Docker image. I set external-ip= to the public IPv4, and I restarted the Docker container. This had no effect on client behavior, and they continued trying to connect to the LAN IP.

Perhaps I'm overlooking a setting in the signaling server.conf or elsewhere? Oddly, the signaling server was working, until I updated the server and made some changes to the network environment.

Thanks so much, and I really appreciate the work that has gone into this incredible setup.

~Scott

jscottbranson commented 3 years ago

It appears that the WAN IPv4 address must be passed to Janus as well as Coturn.

For Janus: command: ["janus", "--full-trickle", "--nat-1-1=8.7.6.5"] into the appropriate section in docker-compose.yml

For Coturn: external-ip=8.7.6.5/10.0.0.11 into /etc/coturn/turnserver.conf inside the running Docker container.

I'll keep testing this setup, though it seems to be working as expected.

I'm wondering if it might make sense to map turnserver.conf into the Docker container (similar to nats or spreed), so users can more easily configure external-ip.

fancycode commented 3 years ago

If Janus is not running directly in the internet, it needs access to a STUN server to get its external IP or it must be configured through the nat 1-1 setting manually.

There is documentation at the Nextcloud Talk docs on how to setup coturn: https://nextcloud-talk.readthedocs.io/en/latest/TURN/