Turn server configuration for UDP ports

[Amal-David]

In the documentation, there is a mention of forwarding all ports. However I'm a bit lost on that when it comes to having a TURN server. The turn server setup was supposed to avoid opening a range of UDP ports right?

[alangecker]

partially right: the purpose of the TURN server is to allow people to connect, even if all the UDP Ports are blocked in their network, so yeah for that, the udp ports are not directly needed. But the latency over TURN and TCP is much higher than via UDP, so it is recommended to use UDP whenever possible and connections via TURN only as a fallback option.

[Amal-David]

I agree on the latency part but security is still a concern when it comes to certain deployments, so I was wondering how to enable turn server so that the UDP ports are not open in a wide range.

P.S: I did select Enable Turn Server when setting up the docker but still BBB only works when the UDP ports are open. Any suggestions for me to disable UDP ports for outside access and then get BBB running?

[alangecker]

this includes some work, for which I currently won't spent time on, so unfortunately you have to do it by yourself :D

but it includes:

• change IP freeswitch listens to (instead of public one an internal one like 10.7.7.1)
  • I think it must be rtp-ip in mod/freeswitch/conf/sip_profiles/external.xml, but i',m not sure
• same for kurento:
  • guess that must be ip in the NODE_CONFIG variable for webrtc-sfu in docker-compose.yml
• adjusting coturn, so it forwards requests to 10.7.7.1 instead of the public ip