99 lines
3.1 KiB
ReStructuredText
99 lines
3.1 KiB
ReStructuredText
How to enable VoIP relaying on your Home Server with TURN
|
|
|
|
Overview
|
|
--------
|
|
The synapse Matrix Home Server supports integration with TURN server via the
|
|
TURN server REST API
|
|
(http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00). This allows
|
|
the Home Server to generate credentials that are valid for use on the TURN
|
|
server through the use of a secret shared between the Home Server and the
|
|
TURN server.
|
|
|
|
This document describes how to install coturn
|
|
(https://github.com/coturn/coturn) which also supports the TURN REST API,
|
|
and integrate it with synapse.
|
|
|
|
coturn Setup
|
|
============
|
|
|
|
You may be able to setup coturn via your package manager, or set it up manually using the usual ``configure, make, make install`` process.
|
|
|
|
1. Check out coturn::
|
|
|
|
git clone https://github.com/coturn/coturn.git coturn
|
|
cd coturn
|
|
|
|
2. Configure it::
|
|
|
|
./configure
|
|
|
|
You may need to install ``libevent2``: if so, you should do so
|
|
in the way recommended by your operating system.
|
|
You can ignore warnings about lack of database support: a
|
|
database is unnecessary for this purpose.
|
|
|
|
3. Build and install it::
|
|
|
|
make
|
|
make install
|
|
|
|
4. Create or edit the config file in ``/etc/turnserver.conf``. The relevant
|
|
lines, with example values, are::
|
|
|
|
lt-cred-mech
|
|
use-auth-secret
|
|
static-auth-secret=[your secret key here]
|
|
realm=turn.myserver.org
|
|
|
|
See turnserver.conf for explanations of the options.
|
|
One way to generate the static-auth-secret is with pwgen::
|
|
|
|
pwgen -s 64 1
|
|
|
|
5. Ensure youe firewall allows traffic into the TURN server on
|
|
the ports you've configured it to listen on (remember to allow
|
|
both TCP and UDP if you've enabled both).
|
|
|
|
6. If you've configured coturn to support TLS/DTLS, generate or
|
|
import your private key and certificate.
|
|
|
|
7. Start the turn server::
|
|
|
|
bin/turnserver -o
|
|
|
|
|
|
synapse Setup
|
|
=============
|
|
|
|
Your home server configuration file needs the following extra keys:
|
|
|
|
1. "turn_uris": This needs to be a yaml list
|
|
of public-facing URIs for your TURN server to be given out
|
|
to your clients. Add separate entries for each transport your
|
|
TURN server supports.
|
|
|
|
2. "turn_shared_secret": This is the secret shared between your Home
|
|
server and your TURN server, so you should set it to the same
|
|
string you used in turnserver.conf.
|
|
|
|
3. "turn_user_lifetime": This is the amount of time credentials
|
|
generated by your Home Server are valid for (in milliseconds).
|
|
Shorter times offer less potential for abuse at the expense
|
|
of increased traffic between web clients and your home server
|
|
to refresh credentials. The TURN REST API specification recommends
|
|
one day (86400000).
|
|
|
|
As an example, here is the relevant section of the config file for
|
|
matrix.org::
|
|
|
|
turn_uris: [ "turn:turn.matrix.org:3478?transport=udp", "turn:turn.matrix.org:3478?transport=tcp" ]
|
|
turn_shared_secret: n0t4ctuAllymatr1Xd0TorgSshar3d5ecret4obvIousreAsons
|
|
turn_user_lifetime: 86400000
|
|
|
|
Now, restart synapse::
|
|
|
|
cd /where/you/run/synapse
|
|
./synctl restart
|
|
|
|
...and your Home Server now supports VoIP relaying!
|