To make the server work for both devices inside and outside the network, follow these steps:
1. Set up the realm
Change the value of realm to the public domain or external IP address of your server. This is important for successfully authenticating external requests.
If your server’s public address is 1.2.3.4, set it to:
realm = "1.2.3.4"
2. Set up bind
The bind ensures that the STUN/TURN server listens on the private IP for connections within the local network.
If your server’s private address is 192.168.1.25, set it to:
bind = "192.168.1.25:3478"
If you require the STUN/TURN service to listen on all interfaces at the same time, configure it as:
bind = "0.0.0.0:3478"
These configurations are only required for [[turn.interfaces]].
3. Set up external
The external is where the server’s public IP is defined so that external computers can properly communicate with the STUN/TURN server.
If your server’s public address is 1.2.3.4, set it to:
external = "1.2.3.4:3478"
4. Authentication
The [auth] It is configured with static users:
[auth]
user1 = "test"
user2 = "test"
This allows authenticated connections with static credentials user1:test and user2:test. Be sure to use more secure credentials if you plan to expose this service to external devices.
The other sections can be left by default.
When you perform the parameterization in the turn-server.toml, this must be observed as follows:
[turn]
realm = "1.2.3.4" # IP pública del servidor
[[turn.interfaces]]
transport = "udp"
bind = "192.168.1.25:3478" # La IP privada del servidor en la red local o 0.0.0.0 cuando se desea escuchar todas las interfaces
external = "1.1.1.1:3478" # La IP pública del servidor visible desde el exterior
[[turn.interfaces]]
transport = "tcp"
bind = "192.168.1.25:3478" # La IP privada del servidor en la red local o 0.0.0.0 cuando se desea escuchar todas las interfaces
external = "1.1.1.1:3478" # La IP pública del servidor visible desde el exterior
[api]
bind = "127.0.0.1:3000"
[log]
level = "info"
[auth]
# Credenciales para autenticación TURN/STUN
user1 = "test"
user2 = "test"
Each time you make a modification to the turn-server.toml, restart the service Aranda Turn Stun WebRTC Server for the changes to take effect.
Scenarios
The following scenarios and the result are described below according to the settings in the sample.
| Scenario | Specialist | Network Status | ARC Agent | Network Status | Result |
|---|---|---|---|---|---|
| 1 | You can only access the TURN/STUN server using the public IP | External | You can only access the TURN/STUN server using the public IP. | External | The Specialist and the ARC Agent can establish communication by consuming the TURN/STUN server over the public IP. |
| 2 | You can only access the TURN/STUN server using the public IP. | External | You can access the TURN/STUN server using the public IP. | Internal | The Specialist and the ARC Agent can establish communication by consuming the TURN/STUN server over the public IP. |
| 3 | You can access the TURN/STUN server using the public IP. | Internal | You can access the TURN/STUN server using the public IP. | Internal | The Specialist and the ARC Agent can establish communication by consuming the TURN/STUN server over the public IP. |
| 4 | You can only access the TURN/STUN server using the private IP. | Internal | You can only access the TURN/STUN server using the private IP. | Internal | The Specialist and the ARC Agent can establish communication by consuming the TURN/STUN server over the private IP. |
| 5 | You can only access the TURN/STUN server using the public IP. | External | You cannot use the public IP to connect to the TURN/STUN server, as your access is restricted to the internal network (private IP). | Internal | The Specialist and the ARC Agent are unable to establish communication due to a connectivity problem between networks (external and internal). |
| 6 | You can only access the TURN/STUN server using the public IP. | External | You cannot use the public IP to connect to the TURN/STUN server, as its access is restricted. | External | The Specialist and the ARC Agent are unable to establish communication due to a connectivity problem between networks. |
⚠ Note:
- To cover scenarios 1, 2, and 3, configure in the AMD website the External Turn server as follows:
Name: configuration name.
URL: turn.1.2.3.4:3478 (1.2.3.4 refers to the server’s public IP).
User: user1.
Password: test.
⚠ Notes:
- To cover the scenario (4), configure in the ADM website the External Turn server as follows:
Name: configuration name.
URL: turn.192.168.1.25:3478 (192.168.1.25 refers to the server’s private IP).
User: user1.
Password: test.- If in the turn-server.toml was set up
0.0.0.0in the parameterbind, the configuration must be performed on the site as above.