Only internal calls possible

mniehren

here is my turnserver.conf:

server-name=kopanotest.tuxlan.de
realm=kopanotest.tuxlan.de
cert=/etc/tuxlan/keys/public_tuxlan.pem
pkey=/etc/tuxlan/keys/key_tuxlan.pem
fingerprint
listening-ip=0.0.0.0
listening-port=3478
tls-listening-port=5349
use-auth-secret
static-auth-secret=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
cipher-list=“DEFAULT”
no-multicast-peers
min-port=32355
max-port=65535

I’ve create 3 account’s for you: kopano1, kopano2, kopano3, the passwords are the same as the account name

The server is reachable under https://kopanotest.tuxlan.de/meet

Webapp does currently not work, i am playing with OIDC for single sign on …

best regards,
Michael

fbartels

@mniehren and what have you configured in kwmserver for it?

mniehren

@fbartels

here is my kwmserver.cfg:

oidc_issuer_identifier = https://kopanotest.tuxlan.de
insecure = no
enable_guest_api = yes
registration_conf = /etc/kopano/konnectd-identifier-registration.yaml
turn_uris = turn:kopanotest.tuxlan.de:5349?transport=tcp
turn_server_shared_secret = /etc/turnserver.secret
public_guest_access_regexp = ^group/public/.*

mniehren

@fbartels

if your support need root access over ssh, send me the public key to michael@niehren.de

fbartels

@mniehren said in Only internal calls possible:

turn_uris = turn:kopanotest.tuxlan.de:5349?transport=tcp

There are two issues on this line:

you are using the tls port of turn, but classify it as non-tls in the url (turn: instead of turns:)
but: most browsers do not fully support turns, so its recommended to use a non tls connection to the server.

mniehren

@fbartels

so it’s better to take turn with port 3478 for all browsers ?

fbartels

@mniehren yes

Edit: well it does not have to be this port, but simply the non-tls port of your turn. To raise the chance to get connections on public hotspots you should actually make your turn listen on port 443.