coTurn server behind NAT [closed]

Question

I am using coTurn as my turn server in my application. what is the minimum configuration to do to make my Turn server work behind NAT? what are all ports I have to open for it to work behind NAT? As I have read coturn comes with inbuilt STUN so can I use STUN address in my application instead of default google STUN mentioned here https://github.com/coturn/coturn/wiki/CoturnConfig if so what should be my configuration there to be modified in the javascript object in RTCPeerConnection

Answer 1

I'm assuming work behind NAT refers to the TURN server, and not to the application.

In this case, you can refer to the external-ip parameter in coturn configuration:

TURN Server public/private address mapping, if the server is behind NAT. In that situation, if a -X is used in form "-X " then that ip will be reported as relay IP address of all allocations.

This works for example in NAT scenarios like AWS of GCP, where there's a 1:1 mapping between a private IP address, where coturn can listen on, and an ephemeral public IP address.

Your application can just be configured to use coturn in the ice settings as if coturn was listening directly on the public IP.

e.g.:

listening-ip=172.10.1.1

external-ip=3.3.3.3/172.10.1.1

Furthermore, coturn will respond to Allocate requests with relay transport addresses with the public IP in the XOR-RELAYED-ADDRESS of the Allocate Success response.

The port will be the same as the one allocated on the private interface. So for example if the relay is allocated on 172.10.1.1:40032, the XOR-RELAYED-ADDRESS will contain 3.3.3.3:40032.

Needless to say, whatever port range is configured in coturn's configuration needs to be reachable from the applications. For example if min-port is 40000 and max-port is 50000, there must be a Security Group for that EC2 instance which allows accessing to UDP 40000-50000.

By default coturn acts also as a STUN server (even fully RFC-5780 compatible if listening on more than one IP address).