I'm trying to get (as a Docker stack) Matrix Synapse (matrixdotorg/synapse) together with Coturn (coturn/coturn) to work. Matrix is fully working with TLS certs. Also the coturn server works with disabled TLS without any problems. But when I enable TLS then it fails completely.
In the Matrix' homeserver.yaml the following TURN settings are in place:
turn_uris: [ "turns:turn.example.com?transport=udp", "turns:turn.example.com?transport=tcp", "turn:turn.example.com?transport=udp", "turn:turn.example.com?transport=tcp" ]
turn_shared_secret: "secretstuff"
turn_user_lifetime: 1h
turn_allow_guests: true
Tis is the full turnserver.conf file:
listening-port=3478
# tls-listening-port=5349
listening-ip=172.16.1.2
relay-ip=172.16.1.2
external-ip=1.2.3.4
min-port=49152
max-port=65535
verbose
use-auth-secret
static-auth-secret=secretstuff
realm=turn.example.com
user-quota=12
total-quota=1200
no-tcp-relay
stale-nonce=600
cert=/etc/certs/fullchain.pem
pkey=/etc/certs/privkey.pem
no-software-attribute
no-multicast-peers
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
allowed-peer-ip=172.16.1.2
pidfile="/var/tmp/turnserver.pid"
no-cli
no-tlsv1
no-tlsv1_1
If I disable the TLS listener (commented out line) then everything works perfectly fine.
But as soon as I enable the TLS listener no connection is possible (call button creates a call and it rings on the other side but when I pick up it just says "connecting" and stays in that state.
In the logs I don't get any useful hint.
The TLS certificates on the TURN server are for "turn.example.com" - the realm name of the server.
I have already tried everything I found online - in GitHub and in tutorials. But nothing worked.
As end devices Android smartphones with the Element App are used.
