Matrix video calls fail or cancel using self-hosted COTURN

Question

Matrix video calls fail or cancel using self-hosted COTURN

88 Views Asked by tai At 04 April 2025 at 10:12

I'm self-hosting a matrix synapse server and want to achieve video call functionality using a self-hosted COTURN server.

Both synapse and coturn are running in separate docker containers, coturn running in host mode while synapse being in an isolated network environment which is reachable via a reverse proxy.

I'm somehow able to establish video call connections, however, they fail in 1 of 2 cases after a couple of seconds.

As clients, both sides use SchildiChat.

Here's my COTURN turnserver.conf:

use-auth-secret
static-auth-secret=my_static_auth_secret
realm=myserverdomain.org

cert=/path/to/ssl/fullchain.pem
pkey=/path/to/ssl/privkey.pem

min-port=49152
max-port=65535

verbose

mysql-userdb="host=1.2.3.4 dbname=mydbname user=mydbuser password=mystr0ngdbpasswd"

cli-password=mystr0ngclipasswd

Here's the TURN part of my synapse homeserver.yaml:

turn_uris:
  - "turns:myserverdomain.org?transport=udp"
  - "turns:myserverdomain.org?transport=tcp"
  - "turn:myserverdomain.org?transport=udp"
  - "turn:myserverdomain.org?transport=tcp"
turn_shared_secret: "my_static_auth_secret"
turn_user_lifetime: "1h"

Here's the pastebin of the coturn logs

What I found interesting were the following lines:

coturn  | 33: (30): INFO: session 005000000000000001: realm <myserverdomain.org> user <>: incoming packet message processed, error 401: Unauthorized

and

<1234567890:@myuser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, error 403: Forbidden IP

Here's a log output of a successful video call:

coturn  | 243: (30): INFO: session 005000000000000003: usage: realm=<myserverdomain.org>, username=<1234567890:@otheruser:m.myserverdomain.org>, rp=5, rb=316, sp=5, sb=436
coturn  | 243: (30): INFO: session 005000000000000003: peer usage: realm=<myserverdomain.org>, username=<1234567890:@otheruser:m.myserverdomain.org>, rp=0, rb=0, sp=0, sb=0
coturn  | 243: (30): INFO: session 005000000000000003: closed (2nd stage), user <1234567890:@otheruser:m.myserverdomain.org> realm <myserverdomain.org> origin <>, local 192.168.172.102:3478, remote xxx.xxx.xxx.xxx:6639, reason: allocation timeout
coturn  | 243: (30): INFO: session 005000000000000003: delete: realm=<myserverdomain.org>, username=<1234567890:@otheruser:m.myserverdomain.org>
coturn  | 271: (29): INFO: session 004000000000000006: TCP socket closed remotely xxx.xxx.xxx.xxx:53818
coturn  | 271: (29): INFO: session 004000000000000006: usage: realm=<myserverdomain.org>, username=<>, rp=0, rb=0, sp=0, sb=0
coturn  | 271: (29): INFO: session 004000000000000006: peer usage: realm=<myserverdomain.org>, username=<>, rp=0, rb=0, sp=0, sb=0
coturn  | 271: (29): INFO: session 004000000000000006: closed (2nd stage), user <> realm <myserverdomain.org> origin <>, local 192.168.172.102:3478, remote xxx.xxx.xxx.xxx:53818, reason: TCP connection closed by client (callback)
coturn  | 466: (32): INFO: session 007000000000000007: peer 192.168.0.166 lifetime updated: 300
coturn  | 466: (32): INFO: session 007000000000000007: realm <myserverdomain.org> user <1234567898:@myuser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 466: (32): INFO: session 007000000000000007: peer xxx.xxx.xxx.xxx lifetime updated: 300
coturn  | 466: (32): INFO: session 007000000000000007: realm <myserverdomain.org> user <1234567898:@myuser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 466: (32): INFO: session 007000000000000007: peer 192.168.172.102 lifetime updated: 300
coturn  | 466: (32): INFO: session 007000000000000007: realm <myserverdomain.org> user <1234567898:@myuser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 466: (32): INFO: session 007000000000000007: peer 192.168.172.102 lifetime updated: 300
coturn  | 466: (32): INFO: session 007000000000000007: realm <myserverdomain.org> user <1234567898:@myuser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 466: (33): INFO: session 008000000000000007: peer 192.168.0.166 lifetime updated: 300
coturn  | 466: (33): INFO: session 008000000000000007: realm <myserverdomain.org> user <1234567898:@myuser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 466: (33): INFO: session 008000000000000007: peer xxx.xxx.xxx.xxx lifetime updated: 300
coturn  | 466: (33): INFO: session 008000000000000007: realm <myserverdomain.org> user <1234567898:@myuser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 466: (33): INFO: session 008000000000000007: peer 192.168.172.102 lifetime updated: 300
coturn  | 466: (33): INFO: session 008000000000000007: realm <myserverdomain.org> user <1234567898:@myuser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 466: (33): INFO: session 008000000000000007: peer 192.168.172.102 lifetime updated: 300
coturn  | 466: (33): INFO: session 008000000000000007: realm <myserverdomain.org> user <1234567898:@myuser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (25): INFO: session 000000000000000001: peer 10.11.12.13 lifetime updated: 300
coturn  | 482: (25): INFO: session 000000000000000001: realm <myserverdomain.org> user <1234567890:@otheruser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (27): INFO: session 002000000000000003: peer 10.11.12.13 lifetime updated: 300
coturn  | 482: (27): INFO: session 002000000000000003: realm <myserverdomain.org> user <1234567890:@otheruser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (27): INFO: session 002000000000000003: peer 192.168.16.180 lifetime updated: 300
coturn  | 482: (27): INFO: session 002000000000000003: realm <myserverdomain.org> user <1234567890:@otheruser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (27): INFO: session 002000000000000003: peer xxx.xxx.xxx.xxx lifetime updated: 300
coturn  | 482: (27): INFO: session 002000000000000003: realm <myserverdomain.org> user <1234567890:@otheruser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (27): INFO: session 002000000000000003: peer 192.168.172.102 lifetime updated: 300
coturn  | 482: (27): INFO: session 002000000000000003: realm <myserverdomain.org> user <1234567890:@otheruser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (27): INFO: session 002000000000000003: peer 192.168.172.102 lifetime updated: 300
coturn  | 482: (27): INFO: session 002000000000000003: realm <myserverdomain.org> user <1234567890:@otheruser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (25): INFO: session 000000000000000001: peer 192.168.16.180 lifetime updated: 300
coturn  | 482: (25): INFO: session 000000000000000001: realm <myserverdomain.org> user <1234567890:@otheruser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (25): INFO: session 000000000000000001: peer xxx.xxx.xxx.xxx lifetime updated: 300
coturn  | 482: (25): INFO: session 000000000000000001: realm <myserverdomain.org> user <1234567890:@otheruser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (25): INFO: session 000000000000000001: peer 192.168.172.102 lifetime updated: 300
coturn  | 482: (25): INFO: session 000000000000000001: realm <myserverdomain.org> user <1234567890:@otheruser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (25): INFO: session 000000000000000001: peer 192.168.172.102 lifetime updated: 300
coturn  | 482: (25): INFO: session 000000000000000001: realm <myserverdomain.org> user <1234567890:@otheruser:m.myserverdomain.org>: incoming packet CREATE_PERMISSION processed, success
coturn  | 482: (32): INFO: session 007000000000000007: peer xxx.xxx.xxx.xxx lifetime updated: 600
coturn  | 482: (32): INFO: session 007000000000000007: realm <myserverdomain.org> user <1234567898:@myuser:m.myserverdomain.org>: incoming packet CHANNEL_BIND processed, success

I have no idea how I could be unauthorized or use a forbidden IP here since I haven't set a listening-ip at all. The static-auth-secret is the same that I use on matrix synapse.

Any help in solving this is greatly appreciated. I used to have quite good video calls using XMPP/Jabber back then (which had an integrated COTURN server in its docker container) but I decided to change to Matrix for various reasons.

Original Q&A

Matrix video calls fail or cancel using self-hosted COTURN

There are 0 best solutions below

Related Questions in TURN

Related Questions in COTURN

Related Questions in MATRIX-SYNAPSE

Trending Questions

Popular # Hahtags

Popular Questions