Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running coturn.service as coturn user is not working #1000

Open
elhananjair opened this issue Sep 28, 2022 · 5 comments
Open

Running coturn.service as coturn user is not working #1000

elhananjair opened this issue Sep 28, 2022 · 5 comments
Labels
question

Comments

@elhananjair
Copy link

Hello @fancycode
I was trying to run coturn.service as coturn user and group. I am using lets-encrypt. When I try to test a connection from Nextcloud Talk I am getting this error, "No working ICE Candidates returned by the TURN Server".
But when I changed the user and group of coturn.service into root everything works fine. Is there any way that I run the service with coturn user instead of root?
@ggarber
Copy link
Contributor

ggarber commented Oct 10, 2022

What logs/errors you get in the console when you start coturn with coturn user and test a connection?

@elhananjair
Copy link
Author

I haven't seen any error on the log

@ggarber
Copy link
Contributor

ggarber commented Oct 11, 2022

Can you start the turnserver with -verbose command line option and share all the logs you get when you test a connection and get the "No working ICE Candidates" ?

@ioscanner
Copy link

I am seeing this same issue. If I start with service it shows /usr/bin/turnserver -c /etc/turnserver.conf --pidfile=
Then coturn doesn't work. If I just type /usr/bin/turnserver -c /etc/turnserver.conf as root it works just fine. But for some reason the services don't start correctly. I dumped to logs but didn't see anything that explained why it didn't work.

I double checked that all files are owned by turnserver.

syslog:
Oct 13 19:12:44 turn systemd[1]: Starting coTURN STUN/TURN Server...
Oct 13 19:12:44 turn turnserver: 0: : 0 bytes per second allowed, combined server capacity
Oct 13 19:12:44 turn turnserver: 0: : #012RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server#012Version Coturn-4.5.2 'dan Eider'
Oct 13 19:12:44 turn turnserver: 0: : #012Max number of open files/sockets allowed for this process: 524288
Oct 13 19:12:44 turn turnserver: 0: : #012Due to the open files/sockets limitation,#012max supported number of TURN Sessions possible is: 262000 (approximately)
Oct 13 19:12:44 turn turnserver: 0: : #12#012==== Show him the instruments, Practical Frost: ====#12
Oct 13 19:12:44 turn turnserver: 0: : TLS supported
Oct 13 19:12:44 turn turnserver: 0: : DTLS supported
Oct 13 19:12:44 turn turnserver: 0: : DTLS 1.2 supported
Oct 13 19:12:44 turn turnserver: 0: : TURN/STUN ALPN supported
Oct 13 19:12:44 turn turnserver: 0: : Third-party authorization (oAuth) supported
Oct 13 19:12:44 turn turnserver: 0: : GCM (AEAD) supported
Oct 13 19:12:44 turn turnserver: 0: : OpenSSL compile-time version: OpenSSL 3.0.2 15 Mar 2022 (0x30000020)
Oct 13 19:12:44 turn turnserver: 0: :
Oct 13 19:12:44 turn turnserver: 0: : SQLite supported, default database location is /var/lib/turn/turndb
Oct 13 19:12:44 turn turnserver: 0: : Redis supported
Oct 13 19:12:44 turn turnserver: 0: : PostgreSQL supported
Oct 13 19:12:44 turn turnserver: 0: : MySQL supported
Oct 13 19:12:44 turn turnserver: 0: : MongoDB is not supported
Oct 13 19:12:44 turn turnserver: 0: :
Oct 13 19:12:44 turn turnserver: 0: : Default Net Engine version: 3 (UDP thread per CPU core)#12#012=====================================================#12
Oct 13 19:12:44 turn turnserver: 0: : Domain name: domain
Oct 13 19:12:44 turn turnserver: 0: : Default realm: domain
Oct 13 19:12:44 turn turnserver: 0: : WARNING: cannot find certificate file: /etc/letsencrypt/live/domain/fullchain.pem (1)
Oct 13 19:12:44 turn turnserver: 0: : WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
Oct 13 19:12:44 turn turnserver: 0: : WARNING: cannot find private key file: /etc/letsencrypt/live/domain/privkey.pem (1)
Oct 13 19:12:44 turn turnserver: 0: : WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
Oct 13 19:12:44 turn turnserver: 0: : NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
Oct 13 19:12:44 turn turnserver: 0: : ===========Discovering listener addresses: =========
Oct 13 19:12:44 turn turnserver: 0: : Listener address to use: 127.0.0.1
Oct 13 19:12:44 turn turnserver: 0: : Listener address to use: ...253
Oct 13 19:12:44 turn turnserver: 0: : Listener address to use: ::1
Oct 13 19:12:44 turn turnserver: 0: : =====================================================
Oct 13 19:12:44 turn turnserver: 0: : Total: 1 'real' addresses discovered
Oct 13 19:12:44 turn turnserver: 0: : =====================================================
Oct 13 19:12:44 turn turnserver: 0: : NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
Oct 13 19:12:44 turn turnserver: 0: : ===========Discovering relay addresses: =============
Oct 13 19:12:44 turn turnserver: 0: : Relay address to use: ...253
Oct 13 19:12:44 turn turnserver: 0: : Relay address to use: ::1
Oct 13 19:12:44 turn turnserver: 0: : =====================================================
Oct 13 19:12:44 turn turnserver: 0: : Total: 2 relay addresses discovered
Oct 13 19:12:44 turn turnserver: 0: : =====================================================
Oct 13 19:12:44 turn turnserver: 0: : IO method (main listener thread): epoll (with changelist)
Oct 13 19:12:44 turn turnserver: 0: : Wait for relay ports initialization...
Oct 13 19:12:44 turn turnserver: 0: : relay ...253 initialization...
Oct 13 19:12:44 turn turnserver: 0: : relay ...253 initialization done
Oct 13 19:12:44 turn turnserver: 0: : relay ::1 initialization...
Oct 13 19:12:44 turn turnserver: 0: : relay ::1 initialization done
Oct 13 19:12:44 turn turnserver: 0: : Relay ports initialization done
Oct 13 19:12:44 turn turnserver: 0: : IO method (general relay thread): epoll (with changelist)
Oct 13 19:12:44 turn turnserver: 0: : IO method (general relay thread): epoll (with changelist)
Oct 13 19:12:44 turn turnserver: 0: : turn server id=0 created
Oct 13 19:12:44 turn turnserver: 0: : turn server id=1 created
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver: 0: : IO method (general relay thread): epoll (with changelist)
Oct 13 19:12:44 turn turnserver[16151]: 0: : 0 bytes per second allowed, combined server capacity
Oct 13 19:12:44 turn turnserver[16151]: 0: :
Oct 13 19:12:44 turn turnserver[16151]: RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Oct 13 19:12:44 turn turnserver[16151]: Version Coturn-4.5.2 'dan Eider'
Oct 13 19:12:44 turn turnserver[16151]: 0: :
Oct 13 19:12:44 turn turnserver[16151]: Max number of open files/sockets allowed for this process: 524288
Oct 13 19:12:44 turn turnserver[16151]: 0: :
Oct 13 19:12:44 turn turnserver[16151]: Due to the open files/sockets limitation,
Oct 13 19:12:44 turn turnserver[16151]: max supported number of TURN Sessions possible is: 262000 (approximately)
Oct 13 19:12:44 turn turnserver[16151]: 0: :
Oct 13 19:12:44 turn turnserver[16151]: ==== Show him the instruments, Practical Frost: ====
Oct 13 19:12:44 turn turnserver[16151]: 0: : TLS supported
Oct 13 19:12:44 turn turnserver[16151]: 0: : DTLS supported
Oct 13 19:12:44 turn turnserver[16151]: 0: : DTLS 1.2 supported
Oct 13 19:12:44 turn turnserver[16151]: 0: : TURN/STUN ALPN supported
Oct 13 19:12:44 turn turnserver[16151]: 0: : Third-party authorization (oAuth) supported
Oct 13 19:12:44 turn turnserver[16151]: 0: : GCM (AEAD) supported
Oct 13 19:12:44 turn turnserver[16151]: 0: : OpenSSL compile-time version: OpenSSL 3.0.2 15 Mar 2022 (0x30000020)
Oct 13 19:12:44 turn turnserver[16151]: 0: :
Oct 13 19:12:44 turn turnserver[16151]: 0: : SQLite supported, default database location is /var/lib/turn/turndb
Oct 13 19:12:44 turn turnserver[16151]: 0: : Redis supported
Oct 13 19:12:44 turn turnserver[16151]: 0: : PostgreSQL supported
Oct 13 19:12:44 turn turnserver[16151]: 0: : MySQL supported
Oct 13 19:12:44 turn turnserver[16151]: 0: : MongoDB is not supported
Oct 13 19:12:44 turn turnserver[16151]: 0: :
Oct 13 19:12:44 turn turnserver[16151]: 0: : Default Net Engine version: 3 (UDP thread per CPU core)
Oct 13 19:12:44 turn turnserver[16151]: =====================================================
Oct 13 19:12:44 turn turnserver[16151]: 0: : Domain name: domain
Oct 13 19:12:44 turn turnserver[16151]: 0: : Default realm: domain
Oct 13 19:12:44 turn turnserver[16151]: 0: : WARNING: cannot find certificate file: /etc/letsencrypt/live/domain/fullchain.pem (1)
Oct 13 19:12:44 turn turnserver[16151]: 0: : WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
Oct 13 19:12:44 turn turnserver[16151]: 0: : WARNING: cannot find private key file: /etc/letsencrypt/live/domain/privkey.pem (1)
Oct 13 19:12:44 turn turnserver[16151]: 0: : WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
Oct 13 19:12:44 turn turnserver[16151]: 0: : NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
Oct 13 19:12:44 turn turnserver[16151]: 0: : ===========Discovering listener addresses: =========
Oct 13 19:12:44 turn turnserver[16151]: 0: : Listener address to use: 127.0.0.1
Oct 13 19:12:44 turn turnserver[16151]: 0: : Listener address to use: ...253
Oct 13 19:12:44 turn turnserver[16151]: 0: : Listener address to use: ::1
Oct 13 19:12:44 turn turnserver[16151]: 0: : =====================================================
Oct 13 19:12:44 turn turnserver[16151]: 0: : Total: 1 'real' addresses discovered
Oct 13 19:12:44 turn turnserver[16151]: 0: : =====================================================
Oct 13 19:12:44 turn turnserver[16151]: 0: : NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
Oct 13 19:12:44 turn turnserver[16151]: 0: : ===========Discovering relay addresses: =============
Oct 13 19:12:44 turn turnserver[16151]: 0: : Relay address to use: ...253
Oct 13 19:12:44 turn turnserver[16151]: 0: : Relay address to use: ::1
Oct 13 19:12:44 turn turnserver[16151]: 0: : =====================================================
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn systemd[1]: Started coTURN STUN/TURN Server.
Oct 13 19:12:44 turn turnserver[16151]: 0: : Total: 2 relay addresses discovered
Oct 13 19:12:44 turn turnserver[16151]: 0: : =====================================================
Oct 13 19:12:44 turn turnserver[16151]: 0: : IO method (main listener thread): epoll (with changelist)
Oct 13 19:12:44 turn turnserver[16151]: 0: : Wait for relay ports initialization...
Oct 13 19:12:44 turn turnserver[16151]: 0: : relay ...253 initialization...
Oct 13 19:12:44 turn turnserver[16151]: 0: : relay ...253 initialization done
Oct 13 19:12:44 turn turnserver[16151]: 0: : relay ::1 initialization...
Oct 13 19:12:44 turn turnserver[16151]: 0: : relay ::1 initialization done
Oct 13 19:12:44 turn turnserver[16151]: 0: : Relay ports initialization done
Oct 13 19:12:44 turn turnserver[16151]: 0: : IO method (general relay thread): epoll (with changelist)
Oct 13 19:12:44 turn turnserver[16151]: message repeated 3 times: [ 0: : IO method (general relay thread): epoll (with changelist)]
Oct 13 19:12:44 turn turnserver[16151]: 0: : turn server id=0 created
Oct 13 19:12:44 turn turnserver[16151]: 0: : turn server id=1 created
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver[16151]: 0: : turn server id=2 created
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv6. SCTP listener opened on : ::1:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv6. TCP listener opened on : ::1:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv6. SCTP listener opened on : ::1:5350
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. SCTP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver[16151]: 0: : IPv4. TCP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : turn server id=2 created
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv6. SCTP listener opened on : ::1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv6. TCP listener opened on : ::1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv6. SCTP listener opened on : ::1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv6. TCP listener opened on : ::1:5350
Oct 13 19:12:44 turn turnserver: 0: : IO method (general relay thread): epoll (with changelist)
Oct 13 19:12:44 turn turnserver: 0: : IPv6. SCTP listener opened on : ::1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv6. TCP listener opened on : ::1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv6. SCTP listener opened on : ::1:5350
Oct 13 19:12:44 turn turnserver: 0: : turn server id=3 created
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. UDP listener opened on: 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : 127.0.0.1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv6. SCTP listener opened on : ::1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv6. TCP listener opened on : ::1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. UDP listener opened on: 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv6. SCTP listener opened on : ::1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv6. TCP listener opened on : ::1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv6. TCP listener opened on : ::1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : 127.0.0.1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. UDP listener opened on: ...253:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. UDP listener opened on: ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv6. UDP listener opened on: ::1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv6. UDP listener opened on: ::1:5350
Oct 13 19:12:44 turn turnserver: 0: : Total General servers: 4
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : ...253:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv4. SCTP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv4. TCP listener opened on : ...253:5350
Oct 13 19:12:44 turn turnserver: 0: : IO method (auth thread): epoll (with changelist)
Oct 13 19:12:44 turn turnserver: 0: : IPv6. SCTP listener opened on : ::1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv6. TCP listener opened on : ::1:5349
Oct 13 19:12:44 turn turnserver: 0: : IPv6. SCTP listener opened on : ::1:5350
Oct 13 19:12:44 turn turnserver: 0: : IPv6. TCP listener opened on : ::1:5350
Oct 13 19:12:44 turn turnserver: 0: : IO method (auth thread): epoll (with changelist)
Oct 13 19:12:44 turn turnserver: 0: : IO method (admin thread): epoll (with changelist)
Oct 13 19:12:44 turn turnserver: 0: : IPv4. CLI listener opened on : 127.0.0.1:5766
Oct 13 19:12:44 turn turnserver: 0: : SQLite DB connection success: /var/lib/turn/turndb

turnserver.conf
listening-port=5349
tls-listening-port=443
#listening-ip=...253
#relay-ip=...253
fingerprint
#lt-cred-mech
use-auth-secret
static-auth-secret=secret
cli-password=password
realm=domain
total-quota=100
bps-capacity=0
stale-nonce
cert=/etc/letsencrypt/live/domain/fullchain.pem
pkey=/etc/letsencrypt/live/domain/privkey.pem
cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
dh-file=/opt/dhparam.pem
no-tlsv1
no-tlsv1_1
syslog
#no-stdout-log
#log-file=/var/log/turnserver.log
#no-loopback-peers
no-multicast-peers
verbose

@ggarber
Copy link
Contributor

ggarber commented Oct 21, 2022

Have you seen this issue?

Oct 13 19:12:44 turn turnserver[16151]: 0: : WARNING: cannot find certificate file: /etc/letsencrypt/live/domain/fullchain.pem (1)

It looks like the TLS interfaces cannot be started because the certificate is not readable and maybe that TLS interface is the one that your clients are trying to use?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ggarber @ioscanner @elhananjair