Timeout of the connections, expressed in milliseconds.
Default: 5000
@@ -1657,17 +1690,52 @@ listen:
captcha: true
...
-
-
-
ejabberd is able to act as a stand-alone STUN server
-(RFC 5389). Currently only Binding usage
-is supported. In that role ejabberd helps clients with ICE (RFC 5245) or Jingle ICE (XEP-0176) support to discover their external addresses and ports.
You should configure ejabberd_stun listening module as described in 3.1.4 section.
-If certfile option is defined, ejabberd multiplexes TCP and
-TLS over TCP connections on the same port. Obviously, certfile option
-is defined for tcp only. Note however that TCP or TLS over TCP
-support is not required for Binding usage and is reserved for
-TURN
-functionality. Feel free to configure udp transport only.
Example configuration:
+
+
+
ejabberd is able to act as a stand-alone STUN/TURN server
+(RFC 5389/RFC 5766). In that role ejabberd helps clients with ICE (RFC 5245) or Jingle ICE (XEP-0176) support to discover their external addresses and ports and to relay media traffic when it is impossible to establish direct
+peer-to-peer connection.
You should configure ejabberd_stun listening module as described in 3.1.4 section.
+The specific configurable options are:
+
-
+tls: true|false
-
+If enabled, certfile option must be set, otherwise ejabberd
+will not be able to accept TLS connections. Obviously, this option
+makes sense for tcp transport only. The default is false.
+
- certfile: Path
-
+Path to the certificate file. Only makes sense when tls is set.
+
- use_turn: true|false
-
+Enables/disables TURN (media relay) functionality. The default is false.
+
- turn_ip: String
-
+The IPv4 address advertised by your TURN server. The address should not be NAT’ed
+or firewalled. There is not default, so you should set this option explicitly.
+Implies use_turn.
+
- turn_min_port: Integer
-
+Together with turn_max_port forms port range to allocate from.
+The default is 49152. Implies use_turn.
+
- turn_max_port: Integer
-
+Together with turn_min_port forms port range to allocate from.
+The default is 65535. Implies use_turn.
+
- turn_max_allocations: Integer|unlimited
-
+Maximum number of TURN allocations available from the particular IP address.
+The default value is 10. Implies use_turn.
+
- turn_max_permissions: Integer|unlimited
-
+Maximum number of TURN permissions available from the particular IP address.
+The default value is 10. Implies use_turn.
+
- auth_type: user|anonymous
-
+Which authentication type to use for TURN allocation requests. When type user
+is set, ejabberd authentication backend is used. For anonymous type
+no authentication is performed (not recommended for public services).
+The default is user. Implies use_turn.
+
- auth_realm: String
-
+When auth_type is set to user and you have several virtual
+hosts configured you should set this option explicitly to the virtual host
+you want to serve on this particular listening port. Implies use_turn.
+
- shaper: Atom
-
+For tcp transports defines shaper to use. The default is none.
+
- server_name: String
-
+Defines software version to return with every response. The default is the
+STUN library version.
+
Example configuration with disabled TURN functionality (STUN only):
listen:
...
-
@@ -1682,13 +1750,30 @@ functionality. Feel free to configure udpExample configuration with TURN functionality. Note that STUN is always
+enabled if TURN is enabled. Here, only UDP section is shown:
+
listen:
+ ...
+ -
+ port: 3478
+ transport: udp
+ use_turn: true
+ turn_ip: 10.20.30.1
+ module: ejabberd_stun
+ ...
You also need to configure DNS SRV records properly so clients can easily discover a
-STUN server serving your XMPP domain. Refer to section
+STUN/TURN server serving your XMPP domain. Refer to section
DNS Discovery of a Server
-of RFC 5389 for details.
Example DNS SRV configuration:
+of RFC 5389 and section
+Creating an Allocation
+of RFC 5766 for details.
Example DNS SRV configuration for STUN only:
_stun._udp IN SRV 0 0 3478 stun.example.com.
_stun._tcp IN SRV 0 0 3478 stun.example.com.
_stuns._tcp IN SRV 0 0 5349 stun.example.com.
+
And you should also add these in the case if TURN is enabled:
+
_turn._udp IN SRV 0 0 3478 turn.example.com.
+_turn._tcp IN SRV 0 0 3478 turn.example.com.
+_turns._tcp IN SRV 0 0 5349 turn.example.com.
3.1.11 SIP