Issues with STUN/TURN on brand new installation (self-hosted) #1225

Open
opened 2025-11-20 05:26:19 -05:00 by saavagebueno · 7 comments
Owner

Originally created by @d-givens on GitHub (Sep 9, 2024).

Describe the problem

Not able to route traffic among peers. After doing netbird status -d I see on all clients:
Relays:
[stun:netbird.mydomain.com:3478] is Unavailable, reason: stun request: context deadline exceeded
[turn:netbird.mydomain.com:3478?transport=udp] is Unavailable, reason: allocate: all retransmissions failed for xxxxx

On the netbird host, the Coturn Log is below:
WARN[0000] /root/netbird/infrastructure_files/artifacts/docker-compose.yml: the attribute version is obsolete,
it will be ignored, please remove it to avoid potential confusion
coturn-1 | 0: (1): INFO: System cpu num is 2
coturn-1 | 0: (1): INFO: log file opened: /var/tmp/turn_1_2024-09-09.log
coturn-1 | 0: (1): INFO: System enable num is 2
coturn-1 | 0: (1): INFO: Coturn Version Coturn-4.6.2 'Gorst'
coturn-1 | 0: (1): INFO: Coturn Version Coturn-4.6.2 'Gorst'
coturn-1 | 0: (1): INFO: Max number of open files/sockets allowed for this process: 1048576
coturn-1 | 0: (1): INFO: Due to the open files/sockets limitation, max supported number of TURN Sessions possible is: 524000 (approximately)
coturn-1 | 0: (1): INFO:
coturn-1 |
coturn-1 | ==== Show him the instruments, Practical Frost: ====
coturn-1 |
coturn-1 | 0: (1): INFO: OpenSSL compile-time version: OpenSSL 3.0.14 4 Jun 2024 (0x300000e0)
coturn-1 | 0: (1): INFO: TLS 1.3 supported
coturn-1 | 0: (1): INFO: DTLS 1.2 supported
coturn-1 | 0: (1): INFO: TURN/STUN ALPN supported
coturn-1 | 0: (1): INFO: Third-party authorization (oAuth) supported
coturn-1 | 0: (1): INFO: GCM (AEAD) supported
coturn-1 | 0: (1): INFO: SQLite supported, default database location is /var/lib/coturn/turndb
coturn-1 | 0: (1): INFO: Redis supported
coturn-1 | 0: (1): INFO: PostgreSQL supported
coturn-1 | 0: (1): INFO: MySQL supported
coturn-1 | 0: (1): INFO: MongoDB supported
coturn-1 | 0: (1): INFO: Default Net Engine version: 3 (UDP thread per CPU core)
coturn-1 | 0: (1): INFO: Domain name:
coturn-1 | 0: (1): INFO: Default realm: wiretrustee.com
coturn-1 | 0: (1): WARNING: cannot find certificate file: /etc/coturn/certs/cert.pem (1)
coturn-1 | 0: (1): WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
coturn-1 | 0: (1): WARNING: cannot find private key file: /etc/coturn/private/privkey.pem (1)
coturn-1 | 0: (1): WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
coturn-1 | 0: (1): INFO: Certificate file found: /etc/coturn/certs/cert.pem
coturn-1 | 0: (1): INFO: Private key file found: /etc/coturn/private/privkey.pem
coturn-1 | 0: (1): WARNING: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
coturn-1 | 0: (1): INFO: ===========Discovering listener addresses: =========
coturn-1 | 0: (1): INFO: Listener address to use: 127.0.0.1
coturn-1 | 0: (1): INFO: Listener address to use: PUBLICIP
coturn-1 | 0: (1): INFO: Listener address to use: 172.17.0.1
coturn-1 | 0: (1): INFO: Listener address to use: 172.18.0.1
coturn-1 | 0: (1): INFO: Listener address to use: ::1
coturn-1 | 0: (1): INFO: =====================================================
coturn-1 | 0: (1): INFO: Total: 3 'real' addresses discovered
coturn-1 | 0: (1): INFO: =====================================================
coturn-1 | 0: (1): WARNING: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
coturn-1 | 0: (1): INFO: ===========Discovering relay addresses: =============
coturn-1 | 0: (1): INFO: Relay address to use: PUBLICIP
coturn-1 | 0: (1): INFO: Relay address to use: 172.17.0.1
coturn-1 | 0: (1): INFO: Relay address to use: 172.18.0.1
coturn-1 | 0: (1): INFO: Relay address to use: ::1
coturn-1 | 0: (1): INFO: =====================================================
coturn-1 | 0: (1): INFO: Total: 4 relay addresses discovered
coturn-1 | 0: (1): INFO: =====================================================
coturn-1 | 0: (1): INFO: pid file created: /var/tmp/turnserver.pid
coturn-1 | 0: (1): INFO: IO method: epoll (with changelist)
coturn-1 | 0: (1): WARNING: STUN CHANGE_REQUEST not supported: only one IP address is provided
coturn-1 | 0: (1): INFO: Wait for relay ports initialization...
coturn-1 | 0: (1): INFO: relay PUBLICIP initialization...
coturn-1 | 0: (1): INFO: relay PUBLICIP initialization done
coturn-1 | 0: (1): INFO: relay 172.17.0.1 initialization...
coturn-1 | 0: (1): INFO: relay 172.17.0.1 initialization done
coturn-1 | 0: (1): INFO: relay 172.18.0.1 initialization...
coturn-1 | 0: (1): INFO: relay 172.18.0.1 initialization done
coturn-1 | 0: (1): INFO: relay ::1 initialization...
coturn-1 | 0: (1): INFO: relay ::1 initialization done
coturn-1 | 0: (1): INFO: Relay ports initialization done
coturn-1 | 0: (1): INFO: Total General servers: 2
coturn-1 | 3: (9): DEBUG: turn server id=0 created
coturn-1 | 3: (10): DEBUG: turn server id=1 created
coturn-1 | 3: (1): INFO: Total auth threads: 3
coturn-1 | 3: (1): INFO: prometheus collector disabled, not started

Expected behavior

No STUN/TURN errors and peer to peer routing would work

Are you using NetBird Cloud?

Self-hosted

NetBird version

netbird version - Latest

Not sure how to troubleshoot from here. Authentication with Microsoft is working correctly.

Originally created by @d-givens on GitHub (Sep 9, 2024). **Describe the problem** Not able to route traffic among peers. After doing netbird status -d I see on all clients: Relays: [stun:netbird.mydomain.com:3478] is Unavailable, reason: stun request: context deadline exceeded [turn:netbird.mydomain.com:3478?transport=udp] is Unavailable, reason: allocate: all retransmissions failed for xxxxx On the netbird host, the Coturn Log is below: WARN[0000] /root/netbird/infrastructure_files/artifacts/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion coturn-1 | 0: (1): INFO: System cpu num is 2 coturn-1 | 0: (1): INFO: log file opened: /var/tmp/turn_1_2024-09-09.log coturn-1 | 0: (1): INFO: System enable num is 2 coturn-1 | 0: (1): INFO: Coturn Version Coturn-4.6.2 'Gorst' coturn-1 | 0: (1): INFO: Coturn Version Coturn-4.6.2 'Gorst' coturn-1 | 0: (1): INFO: Max number of open files/sockets allowed for this process: 1048576 coturn-1 | 0: (1): INFO: Due to the open files/sockets limitation, max supported number of TURN Sessions possible is: 524000 (approximately) coturn-1 | 0: (1): INFO: coturn-1 | coturn-1 | ==== Show him the instruments, Practical Frost: ==== coturn-1 | coturn-1 | 0: (1): INFO: OpenSSL compile-time version: OpenSSL 3.0.14 4 Jun 2024 (0x300000e0) coturn-1 | 0: (1): INFO: TLS 1.3 supported coturn-1 | 0: (1): INFO: DTLS 1.2 supported coturn-1 | 0: (1): INFO: TURN/STUN ALPN supported coturn-1 | 0: (1): INFO: Third-party authorization (oAuth) supported coturn-1 | 0: (1): INFO: GCM (AEAD) supported coturn-1 | 0: (1): INFO: SQLite supported, default database location is /var/lib/coturn/turndb coturn-1 | 0: (1): INFO: Redis supported coturn-1 | 0: (1): INFO: PostgreSQL supported coturn-1 | 0: (1): INFO: MySQL supported coturn-1 | 0: (1): INFO: MongoDB supported coturn-1 | 0: (1): INFO: Default Net Engine version: 3 (UDP thread per CPU core) coturn-1 | 0: (1): INFO: Domain name: coturn-1 | 0: (1): INFO: Default realm: wiretrustee.com coturn-1 | 0: (1): WARNING: cannot find certificate file: /etc/coturn/certs/cert.pem (1) coturn-1 | 0: (1): WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly coturn-1 | 0: (1): WARNING: cannot find private key file: /etc/coturn/private/privkey.pem (1) coturn-1 | 0: (1): WARNING: cannot start TLS and DTLS listeners because private key file is not set properly coturn-1 | 0: (1): INFO: Certificate file found: /etc/coturn/certs/cert.pem coturn-1 | 0: (1): INFO: Private key file found: /etc/coturn/private/privkey.pem coturn-1 | 0: (1): WARNING: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED coturn-1 | 0: (1): INFO: ===========Discovering listener addresses: ========= coturn-1 | 0: (1): INFO: Listener address to use: 127.0.0.1 coturn-1 | 0: (1): INFO: Listener address to use: PUBLICIP coturn-1 | 0: (1): INFO: Listener address to use: 172.17.0.1 coturn-1 | 0: (1): INFO: Listener address to use: 172.18.0.1 coturn-1 | 0: (1): INFO: Listener address to use: ::1 coturn-1 | 0: (1): INFO: ===================================================== coturn-1 | 0: (1): INFO: Total: 3 'real' addresses discovered coturn-1 | 0: (1): INFO: ===================================================== coturn-1 | 0: (1): WARNING: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED coturn-1 | 0: (1): INFO: ===========Discovering relay addresses: ============= coturn-1 | 0: (1): INFO: Relay address to use: PUBLICIP coturn-1 | 0: (1): INFO: Relay address to use: 172.17.0.1 coturn-1 | 0: (1): INFO: Relay address to use: 172.18.0.1 coturn-1 | 0: (1): INFO: Relay address to use: ::1 coturn-1 | 0: (1): INFO: ===================================================== coturn-1 | 0: (1): INFO: Total: 4 relay addresses discovered coturn-1 | 0: (1): INFO: ===================================================== coturn-1 | 0: (1): INFO: pid file created: /var/tmp/turnserver.pid coturn-1 | 0: (1): INFO: IO method: epoll (with changelist) coturn-1 | 0: (1): WARNING: STUN CHANGE_REQUEST not supported: only one IP address is provided coturn-1 | 0: (1): INFO: Wait for relay ports initialization... coturn-1 | 0: (1): INFO: relay PUBLICIP initialization... coturn-1 | 0: (1): INFO: relay PUBLICIP initialization done coturn-1 | 0: (1): INFO: relay 172.17.0.1 initialization... coturn-1 | 0: (1): INFO: relay 172.17.0.1 initialization done coturn-1 | 0: (1): INFO: relay 172.18.0.1 initialization... coturn-1 | 0: (1): INFO: relay 172.18.0.1 initialization done coturn-1 | 0: (1): INFO: relay ::1 initialization... coturn-1 | 0: (1): INFO: relay ::1 initialization done coturn-1 | 0: (1): INFO: Relay ports initialization done coturn-1 | 0: (1): INFO: Total General servers: 2 coturn-1 | 3: (9): DEBUG: turn server id=0 created coturn-1 | 3: (10): DEBUG: turn server id=1 created coturn-1 | 3: (1): INFO: Total auth threads: 3 coturn-1 | 3: (1): INFO: prometheus collector disabled, not started **Expected behavior** No STUN/TURN errors and peer to peer routing would work **Are you using NetBird Cloud?** Self-hosted **NetBird version** `netbird version` - Latest Not sure how to troubleshoot from here. Authentication with Microsoft is working correctly.
saavagebueno added the triage-needed label 2025-11-20 05:26:19 -05:00
Author
Owner

@Marcus1Pierce commented on GitHub (Sep 10, 2024):

Try this https://docs.netbird.io/selfhosted/troubleshooting to test your coturn server

@Marcus1Pierce commented on GitHub (Sep 10, 2024): Try this https://docs.netbird.io/selfhosted/troubleshooting to test your coturn server
Author
Owner

@ragman1976 commented on GitHub (Sep 28, 2024):

Hi,

exactly same error message in the coturn container log here.
Coturn Server test shows:

Screenshot 2024-09-28 221807

@ragman1976 commented on GitHub (Sep 28, 2024): Hi, exactly same error message in the coturn container log here. Coturn Server test shows: ![Screenshot 2024-09-28 221807](https://github.com/user-attachments/assets/2230ac0d-985a-42e6-977e-4fa87f3257fe)
Author
Owner

@InsertDisc commented on GitHub (Oct 16, 2024):

Same exact issue. Been running for months no issue, now this.

@InsertDisc commented on GitHub (Oct 16, 2024): Same exact issue. Been running for months no issue, now this.
Author
Owner

@salvatorebic commented on GitHub (Nov 27, 2024):

I'm facing the same issue, are there been any update on how to solve it?

@salvatorebic commented on GitHub (Nov 27, 2024): I'm facing the same issue, are there been any update on how to solve it?
Author
Owner

@adampaynetech commented on GitHub (Dec 29, 2024):

I am also now having this issue, is there any known fix?

@adampaynetech commented on GitHub (Dec 29, 2024): I am also now having this issue, is there any known fix?
Author
Owner

@mbaybarsk commented on GitHub (Feb 20, 2025):

Same issue here.

@mbaybarsk commented on GitHub (Feb 20, 2025): Same issue here.
Author
Owner

@LibreTechnica commented on GitHub (May 11, 2025):

I found I had a similar issue when I was researching a ping error: ping: sendmsg: Required key not available like in https://github.com/netbirdio/netbird/issues/254. When I ran netburd status -d, I saw that my stun and turn servers were unavailable, which would explain the "Required key not available" (reference: https://frc3512.github.io/vpn/)

I had originally setup my Netbird server a year ago and it didn't have the relays as part of the docker-compose file. So when I updated my install, I hadn't realized I needed some more ports open. I opened udp/3478 for Coturn by running sudo ufw allow 3478/udp and all peers were visible to each other finally and pings worked all ways.

@LibreTechnica commented on GitHub (May 11, 2025): I found I had a similar issue when I was researching a ping error: `ping: sendmsg: Required key not available` like in https://github.com/netbirdio/netbird/issues/254. When I ran `netburd status -d`, I saw that my stun and turn servers were unavailable, which would explain the "Required key not available" (reference: https://frc3512.github.io/vpn/) I had originally setup my Netbird server a year ago and it didn't have the relays as part of the docker-compose file. So when I updated my install, I hadn't realized I needed some more ports open. I opened udp/3478 for Coturn by running `sudo ufw allow 3478/udp` and all peers were visible to each other finally and pings worked all ways.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#1225