Only internal calls possible

mniehren

Hi,

i successfully setup kopano meet, but only internal calls are working.

If i have 2 machines within the same internal network and connect from
both machines to the external kopano-meet server, the 2 logged in users
can call each other and everything run’s as expected.

If i login from an external machine to the same kopano-meet-server with
the same credentials the call will not be established and it stays in an
endless ringing …

I see nothing in the firewall, the port 443 and 5349 are open. Do i need other
ports ?

Any idea ?

best regards
Michael

fbartels

Hi @mniehren,

that sounds like you are either missing a Turn server, or your turn server is not properly configured.

mniehren

Hi Felix,

after more check’s i can say, the turnserver is ok and it run’s. Only some client’s doesn’t work:

with Firefox everything works under Windows, Linux, Android 9 and Android 10
- 1 hint under Android 9 (Lineageos) with Firefox 68.8.0 and Chrome: there is no green button to start a call
  or create an new group, is this a known issue ?
with Google Chrome no connection is established. I tried under Android 9 and 10, also with
the current version 81.0.4044.138
with the Vivaldi Browser under Linux will also no connection be established

best regards,
Michael

fbartels

How have you configured your system/turn server?

If you have a subscription it may be a good idea to reach out to our support so that we can check directly on your system.

mniehren

@fbartels

here is my turnserver.conf:

server-name=kopanotest.tuxlan.de
realm=kopanotest.tuxlan.de
cert=/etc/tuxlan/keys/public_tuxlan.pem
pkey=/etc/tuxlan/keys/key_tuxlan.pem
fingerprint
listening-ip=0.0.0.0
listening-port=3478
tls-listening-port=5349
use-auth-secret
static-auth-secret=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
cipher-list=“DEFAULT”
no-multicast-peers
min-port=32355
max-port=65535

I’ve create 3 account’s for you: kopano1, kopano2, kopano3, the passwords are the same as the account name

The server is reachable under https://kopanotest.tuxlan.de/meet

Webapp does currently not work, i am playing with OIDC for single sign on …

best regards,
Michael

fbartels

@mniehren and what have you configured in kwmserver for it?

mniehren

@fbartels

here is my kwmserver.cfg:

oidc_issuer_identifier = https://kopanotest.tuxlan.de
insecure = no
enable_guest_api = yes
registration_conf = /etc/kopano/konnectd-identifier-registration.yaml
turn_uris = turn:kopanotest.tuxlan.de:5349?transport=tcp
turn_server_shared_secret = /etc/turnserver.secret
public_guest_access_regexp = ^group/public/.*

mniehren

@fbartels

if your support need root access over ssh, send me the public key to michael@niehren.de

fbartels

@mniehren said in Only internal calls possible:

turn_uris = turn:kopanotest.tuxlan.de:5349?transport=tcp

There are two issues on this line:

you are using the tls port of turn, but classify it as non-tls in the url (turn: instead of turns:)
but: most browsers do not fully support turns, so its recommended to use a non tls connection to the server.

mniehren

@fbartels

so it’s better to take turn with port 3478 for all browsers ?

fbartels

@mniehren yes

Edit: well it does not have to be this port, but simply the non-tls port of your turn. To raise the chance to get connections on public hotspots you should actually make your turn listen on port 443.