Create STUN/TURN server for Talk

Taken from HowTo: Setup Nextcloud Talk with TURN server and modified for Devuan Linux. Devuan is a fork of Debian Linux which does not use system-d.

I've summarized and modified the original article.

Whatever firewall you may use, it needs to allow the TURN port to access the server on both UDP and TCP. Default below is port 3478

I'm using coturn as the TURN server, as it has a package on Devuan, and gone with most of the defaults. The script below (run as root)

• installs coturn
• configures it to autostart
• saves the excellently commented config (adding .original)
• creates a new config
  • uses the default TURN port of 3478, change that if you want
  • generates a random auth key
  • sets realm to the current hostname
  • modifies logging to use syslog, but also create a separate log file
  • creates a commented external-ip for use if your server is NAT'd
• starts coturn

The following script can be downloaded and run, or simply copy/paste the commands one by one. Note that the lines containing cat down to EOF (on line by itself) are one command

setupcoturn.sh

#! /usr/bin/env bash
 
# install latest version of coturn
apt install -y coturn
# set to enable coturn
sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn
# save the original turnserver.conf file
mv /etc/turnserver.conf /etc/turnserver.conf.original
# create a new turnserver.conf file with most of the stuff filled in
cat <<EOF>/etc/turnserver.conf
# If you change this, you must change the port in your firewall and your nextcloud talk config
listening-port=3478
fingerprint
use-auth-secret
# randomly created key to be used on clients utilizing the server (your Talk server)
static-auth-secret=`openssl rand -hex 32`
realm=`hostname -f`
total-quota=100
bps-capacity=0
stale-nonce
no-multicast-peers
no-stdout-log # turn off logging to STDOUT
log-file=/var/log/turn.log # remove this to not have a separate file
syslog # also use syslog for logging
simple-log
# modify the following if you are behind a NAT
# (change external.ip.address to public IP) and uncomment
#external-ip=`hostname -I | cut -d' ' -f1`/external.ip.address
EOF
service coturn start

1. Log into the NextCloud instance as an administrator
2. click on the circle in upper right to get menu
3. Select Administration Settings
4. Select Talk on left (under Administration)
5. Scroll down to STUN servers
   1. enter hostname/IP and port in stun (example.org:3478)
   2. note, it auto checks via javascript, so best to copy/paste
6. Scroll down to TUIRN servers
   1. Select turn:only
   2. enter hostname/IP and port in next block (same as above)
   3. paste key from static-auth-secret on server
   4. select UPD and TCP
7. both of these (STUN for sure) will throw an error message if the server can not connect.

Simply make a Talk connection between two people, where at least one is behind a firewall. If it works, you've done it correctly.

• https://help.nextcloud.com/t/howto-setup-nextcloud-talk-with-turn-server/30794