Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization via login/password for Coturn #3191

Closed
ZelChief opened this issue Feb 16, 2024 · 3 comments
Closed

Authorization via login/password for Coturn #3191

ZelChief opened this issue Feb 16, 2024 · 3 comments

Comments

@ZelChief
Copy link

Coturn server will not work with static-auth-secret under NAT as a TURN server. You can find information about this issue here:

  1. TURN Server not working coturn/coturn#162 (comment)
  2. Stun on CoTurn doesnt work coturn/coturn#933 (comment)

But if configure in /etc/turnserver.conf static login and password, Coturn will work as turn server under NAT.

lt-cred-mech
user=turnuser:secret

Describe the solution you'd like
Can you add а variable to matrix-coturn to setup lt-cred-mech and to disable static-auth-secret?
@ZelChief ZelChief changed the title Authorisation via login/password for Coturn Authorization via login/password for Coturn Feb 16, 2024
@ZelChief ZelChief closed this as not planned Won't fix, can't repro, duplicate, stale Feb 16, 2024
@ZelChief ZelChief reopened this Feb 16, 2024
@ZelChief
Copy link
Author

@spantaleev can you show the way to setup login and password for Coturn?

@ZelChief
Copy link
Author

In homeserver.yaml.j2 there is necessary variables:

# The Username and password if the TURN server needs them and
# does not use a token
#
turn_username: "TURNSERVER_USERNAME"
turn_password: "TURNSERVER_PASSWORD"

Maybe there is a way to use them for external Coturn server?

@spantaleev
Copy link
Owner

This is now implemented.

As described in the new Changing the authentication mechanism documentation section, the only thing you should need to make use of it is this additional configuration:

matrix_coturn_authentication_method: lt-cred-mech

Credentials will be generated automatically and passed to all components involved.

The aforementioned bug reports indicate that switching to lt-cred-mech helps, but I see no explanation why. If we find out more about it, we may consider making lt-cred-mech the default for the playbook.

KarolosLykos pushed a commit to KarolosLykos/matrix-docker-ansible-deploy that referenced this issue Mar 5, 2024
@spantaleev @KarolosLykos
Add lt-cred-mech authentication mechanism to Coturn
8cea61b 
All homeserver implementations have been updated to support this as
well.

It's just Jitsi that possibly doesn't work with anything other than `auth-secret`.

Fixes spantaleev#3191
@ZelChief ZelChief mentioned this issue Jun 8, 2024
Open
ignyx pushed a commit to Tawkie/matrix-docker-ansible-deploy that referenced this issue Jun 20, 2024
@spantaleev @ignyx
Add lt-cred-mech authentication mechanism to Coturn
a3314b1 
All homeserver implementations have been updated to support this as
well.

It's just Jitsi that possibly doesn't work with anything other than `auth-secret`.

Fixes spantaleev#3191
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spantaleev @ZelChief