Choosing and using CoTurn as a STUN and TURN server for ICE

— door Evert Mouw

Introduction

Internet Protocol (IP) based voice and messaging are very popular and increasingly so. SIP phone systems such as Lynx and Asterisk and XMPP based instant messengers (IM) from Facebook and Google are gradually replacing traditional phone systems and older IM clients. I have written previously on the good client Jitsi that handles both protocols. Another development is the rise of WebRTC for in-browser conferencing.

However, to enable systems to communicate, they have to see each other. Many devices have “hidden” private IP addresses because we don’t have enough IPv4 addresses and therefore use Network Address Translation (NAT). NAT makes it difficult for devices to transmit files, video and voice. A method to bypass NAT is ICE. ICE makes use of other protocols, notably STUN and TURN. In order to use ICE (and make those nice phone calls), you want a server that implements both protocols. Actually, there are quite a few that do.

But what is the best STUN and TURN server for your ICE based NAT traversals? (The rest of the article is rather technical.)

Lots of choices

I prefer C/C++ implementations over Java ones because better CPU and memory usage — not unimportant on your server or maybe your small Raspberry Pi! So I will leave out most of the Java implementations. This is one of the well-known Java implementations:

These are C/C++ servers but they lack some features:

A C/C++ server with many features is CoTurn:

CoTurn installation

From the INSTALL file for v4.1.1.1:

Debian

Debian “jessie” (and the recent version of Ubuntu and Mint) have the predecessor of this project packaged as “rfc5766-turn-server”, see the link: http://packages.qa.debian.org/r/rfc5766-turn-server.html

So we need to install a newer version.

If you are using the Debian package from the project download site, then follow these instructions:

Unpack the archive:

Read the INSTALl file:

Install the *.deb file:

(to install the bare package without any dependencies, type:

And enable coturn:

After the install, read the documentation in /usr/share/doc/coturn directory.

All binaries will be installed in /usr/bin/ directory. The turn*.conf config files are in /etc directory.

The service start-up control scripts will be in /etc/init.d/coturn and in /etc/defaults/coturn files.

Builing your own is needed if you have a Raspberry Pi or whatever.

Arch Linux

ArchLinux has this TURN server package:

https://aur.archlinux.org/packages/coturn/

CoTurn configuration

from /usr/local/share/doc/turnserver/postinstall.txt

Create a self-signed certificate

Ports needed on your firewall

(UDP & TCP)

  • 3478
  • 3479
  • 5349
  • 5350