turnserver (coturn) plugin instructions? sctp missing?

[ikkeT]

Hi,

I wanted to try coturn for my nextcloud talk instance. I thought it's the easiest to do in opnsense (OPNsense 26.1.4-amd64). I installed the community plugin turnserver. I configured it with selected acme cert used in opnsense, and the auth string. I enabled the tls option. I opened firewall for WAN interface for the 5439 port.

What happens: The server doesn't respond to nextcloud talk. If I look at the logs I see this error: ERROR: Cannot create SCTP socket listener.

Do I'd need to open the firewall ports manually to all the tun/tuns and session port ranges myself or should plugin do it automatically based on config ranges? And should I somehow manually install sctp?

I'm sorry if I missed the instructions, but I didn't find any. This page does it manually, but it's not doc for the plugin: https://blog.wolfspyre.com/2024/may/opnsense-gets-its-turn/

[lolaFF]

That error usually means SCTP isn't supported/loaded in your OPNsense kernel, and coturn can still work without it. Try disabling SCTP in config or ignore it if using UDP/TCP/TLS only.
For Nextcloud Talk, you'll likely need to manually open the relay port range (e.g., 49152–65535 UDP) on WAN-plugins often don't auto-create those rules.

[ikkeT]

Unfortunately there is no sctp option in conf. But I don't mind if the error isn't fatal. Even if I opened the ports listed in udp range and both tun and stun ports, and enabled the coturn plugin, nextcloud admin portal shows no connect. My laptop is in LAN which has all ports open.

Code Select Expand

root@OPNsense:~ # grep -ic sctp /usr/local/etc/turnserver.conf.default
0


[ikkeT]

I found a test utility. It hangs like this from LAN:

turnutils_uclient -p 5439 -w long_thing -v -y my.example.com
0: (1158733): INFO: IPv4. Connected from: 192.168.1.59:50155
0: (1158733): INFO: IPv4. Connected to: 1.2.3.4:5439
0: (1158733): INFO: allocate sent