Coturn-synapse does not start

,

My YunoHost server

Hardware: Computer
YunoHost version: 3.4.2.4

Description of my problem

I noticed that the video calls lil not work anymore in Matrix (Riot + Synapse) so I tried to restart coturn, either from the web interface or in command line.

Log in the web interface

Impossible de démarrer le service « coturn-synapse » Journaux récents : -- Logs begin at Mon 2019-04-01 11:01:23 CEST, end at Tue 2019-04-02 21:53:43 CEST. -- avril 02 20:34:40 mondomaine.fr systemd[1]: Starting coturn... -- Subject: L'unité (unit) coturn-synapse.service a commencé à démarrer -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- L'unité (unit) coturn-synapse.service a commencé à démarrer. avril 02 20:34:40 mondomaine.fr systemd[1]: coturn-synapse.service: Control process exited, code=exited status=217 avril 02 20:34:40 mondomaine.fr systemd[1]: Failed to start coturn. -- Subject: L'unité (unit) coturn-synapse.service a échoué -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- L'unité (unit) coturn-synapse.service a échoué, avec le résultat failed. avril 02 20:34:40 mondomaine.fr systemd[1]: coturn-synapse.service: Unit entered failed state. avril 02 20:34:40 mondomaine.fr systemd[1]: coturn-synapse.service: Failed with result 'exit-code'. avril 02 21:53:43 mondomaine.fr systemd[1]: Starting coturn... -- Subject: L'unité (unit) coturn-synapse.service a commencé à démarrer -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- L'unité (unit) coturn-synapse.service a commencé à démarrer. avril 02 21:53:43 mondomaine.fr systemd[1]: coturn-synapse.service: Control process exited, code=exited status=217 avril 02 21:53:43 mondomaine.fr systemd[1]: Failed to start coturn. -- Subject: L'unité (unit) coturn-synapse.service a échoué -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- L'unité (unit) coturn-synapse.service a échoué, avec le résultat failed. avril 02 21:53:43 mondomaine.fr systemd[1]: coturn-synapse.service: Unit entered failed state. avril 02 21:53:43 mondomaine.fr systemd[1]: coturn-synapse.service: Failed with result 'exit-code'. 

Command line sudo systemctl start coturn-synapse.service

systemctl status coturn-synapse.service

  ● coturn-synapse.service - coturn
   Loaded: loaded (/etc/systemd/system/coturn-synapse.service;
   Active: failed (Result: exit-code) since Tue 2019-04-02 22:
     Docs: man:coturn(1)
           man:turnadmin(1)
           man:turnserver(1)
  Process: 3288 ExecStart=/usr/bin/turnserver -o -c /etc/matri

Hello,

If you try this what is the result ?

sudo -u turnserver /usr/bin/turnserver -o -c /etc/matrix-synapse/coturn.conf

no “turnserver” user found.

In my user list, there is a matrix-synapse but nothing linked to calibre.

Well,

Can you give me the result of :

dpkg -l | grep coturn

Nothing is returned.

I tried aptitude show coturn

Paquet : coturn
Version : 4.5.0.5-1+deb9u1
État: non installé
Priorité : supplémentaire
Section : net

Should I install it ?

I tried to manually install coturn ( aptitude install coturn ) and now, your 1st command have a result, but the phones/video calls in matrix still fails :

sudo -u turnserver /usr/bin/turnserver -o -c /etc/matrix-synapse/coturn.conf
[sudo] Mot de passe de mamie : 
0: log file opened: /var/tmp/turn_29043_2019-04-05.log
0: 
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.5 'dan Eider'
0: 
Max number of open files/sockets allowed for this process: 1048576
0: 
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0: 

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.0j  20 Nov 2018 (0x101000af)
0: 
0: SQLite supported, default database location is /var/lib/turn/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0: 
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: log file opened: /var/log/matrix-synapse/turnserver.log
0: Domain name: 
0: Default realm: matrix.monserveur.fr
0: ERROR: 
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
0: WARNING: cannot find certificate file: /etc/yunohost/certs/matrix.monserveur.fr/crt.pem (1)
0: WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
0: WARNING: cannot find private key file: /etc/yunohost/certs/matrix.monserveur.fr/key.pem (1)
0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 192.168.0.102
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 192.168.0.102
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================

It seems that it works now, without any change :slightly_smiling_face:

Coturn does start now, but when I tried it, both users were on the same network as the server.

When at least one user is not, the connection fails.

I thought it could be the internet box but even when redirecting ALL connections to the server, it failed.

The only thing I can think of is the config of coturn as said in the git page.

I just launched manually /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh to see if an external ip was missing.
It seems the script went right (it looks like the whole script is displayed in the console, but with my external IP address set as it should).

I have 2 problems :

  1. There is no /etc/cron.d/coturn_config_rotate file (that should be a lead ?)
  2. It is still impossible to connect between people outside of the server wifi.

Another note : I never opened the ports 49153:49193 (not in the firewall, and not in my box), but it worked before and I changed nothing. ( turnserver_tls_port and turnserver_tls_alt_port are opened and redirected)

There is no /etc/cron.d/coturn_config_rotate file (that should be a lead ?)

If you have a dynamic IP you need to create this file as explained here : https://github.com/YunoHost-Apps/synapse_ynh#turnserver

It is still impossible to connect between people outside of the server wifi.

For that I think that you really need to setup cleanly your network (opening the port (turnserver_tls_port and 49153-49193) in the yunohost firewall and in your router.

If still not work we might need to investigate more by seeing the log in /var/log/matrix-synapse/turnserver.log and in /var/log/matrix-synapse/turnserver_DATE.log.

I have a semi dynamic IP (it changed once in 3 years) so I am not sure there is a problem there.

This is strange, the latest log is : turnserver_2018-08-03.log

turnserver.log was modified on the day I rebooted the server a few days ago, this is the content :

0: pid file created: /var/run/coturn-synapse/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
0: Wait for relay ports initialization...
0:   relay 192.168.0.102 initialization...
0:   relay 192.168.0.102 initialization done
0:   relay ::1 initialization...
0:   relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: Total General servers: 2
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/lib/turn/turndb

I forwarded the ports from the box, and opened them in the firewall, with the same symptoms (connection impossible from outside of the network)

So, I think you need to see the log after a call fail. Or in the same time than you are trying a call (with tail -f LOG_FILE_PATH).

The log in my previous post was from server start to today, with multiple call tests :pensive:

After a few month without investigation, I tried again today to make the video calls to work, without success :frowning:

The last modification of the coturn logs are on the day my server rebooted the last time (in june) with exactly the same messages as posted before (same logs as 2018-08-03).

I still have the same symptoms : it works when both persons are on the same network as the synapse/coturn server, and it does not work when one of them is from the Internet.

I have those ports redirected to the server by my modem :
5349 (turnserver_tls_port)
5350 (turnserver_alt_tls_port)
49153:49193 (coturn ports for call)

I manage to have the receiver to know I am calling, but I can not answer the call (same thing in both ways).

I didn’t try this time but last time I tried with a full-redirection to the server so I do not think that it is a port problem on the modem (but this is a really crappy Internet modem so it is still possible)

Are there any other logs I can try to look ?

Hi mamie,

I had the same issue.
My Yunohost was behind a VPN (is it the same for you ?).

I just solved it by editing the /etc/matrix-synapse/coturn.conf in order to add this line :

external-ip=XXX.XXX.XXX.XXX/YYY.YYY.YYY.YYY

Where

  • XXX.XXX.XXX.XXX is my public IP
  • YYY.YYY.YYY.YYY is the private ip of my yunohost on the VPN Subnet (Usually something like 10.8.0.x )

Restart the coturn-synapse service :
systemctl restart coturn-synapse.service

And it works.

Cheers!

1 Like

@Mamie
Est-ce que tu as pu tester ?

Non, je n’ai pas testé, et j’ai toujours le service qui fail, mais une visio entre deux personnes sur un réseau différent, ça fonctionne.

Je viens de regarder quand même le fichier coturn.conf, et c’est étrange :

\nexternal-ip=[ipv4 publique]\nexternal-ip=[ipv6 publique]
(avec les \n dans le texte)

Autre chose d’étrange : quand j’ai vu ton message, le service était down, mais je n’ai pas testé plus loin, et là, maintenant que j’ai un PC sous la main pour aller voir plus loin, ça me dit que le service est UP depuis 15 jours.

Va savoir…

Alors le “\n” semble être rajouté par erreur par le petit script qui est censé détecter ton IP publique et la rajouter dans ce fichier.
Cela semble être un petit bug quoi (j’ai eu la même chose chez moi).

Tu peux supprimer cette ligne et la remplacer par

external-ip=XXX.XXX.XXX.XXX/YYY.YYY.YYY.YYY

Where

XXX.XXX.XXX.XXX is my public IP
YYY.YYY.YYY.YYY is the private ip of my yunohost on the VPN Subnet (Usually something like 10.8.0.x )

Exemple :
external-ip=83.110.27.198/10.8.0.2
(c’est jutse un exemple hein)

Et après tu redémarres le service : systemctl restart coturn-synapse.service

Tiens moi au jus

I did see \n here too.
Reverting to previous external-ip did not solve the problem in my setup.

edit: I assumed this was after migrating to YH11, so my setup are YH 11.0.9.12 and Synapse 1.65.0~ynh1. My bad.