Giter Club home page Giter Club logo

Comments (14)

nickvergessen avatar nickvergessen commented on July 22, 2024 3

Or is your admin user not in the list of groups that are allowed to use talk? #11550

from spreed.

pmarini-nc avatar pmarini-nc commented on July 22, 2024 1

Did you check #11550?

from spreed.

Speed7811 avatar Speed7811 commented on July 22, 2024 1

Lol... thats it!

I'm the admin user but I changed the permissions a few weeks ago... I remove the Talk permission from the admin. I have never thought that the Turnserver check needs the talk permission.

You made my day! Thank you so much!

Best regards

Rainer

from spreed.

fancycode avatar fancycode commented on July 22, 2024 1

...mondays 🙈

from spreed.

nickvergessen avatar nickvergessen commented on July 22, 2024

Can you check the browser console if it says any error?
Otherwise the mostlikely issue is that the secret is not matching

from spreed.

Speed7811 avatar Speed7811 commented on July 22, 2024

Hey,

the secret is 100% correct. In 27 it is the same secret and I didn't changed it. Addionally I have a second Nextcloud 27 instance which uses the same Coturn server an there is no problem!

Here you can find the console window - it seems to be something with the certificate expiration:

Coturn_Console_Window

Addionally I got with nmap the certificate and it doesn't seems to be expired - so why don't Talk accept it?

The result of nmap (I changed my domain to 'mydomain'):

pi@cloud:~ $ nmap -v -p 443 --script ssl-cert coturn.mydomain.de
Starting Nmap 7.93 ( https://nmap.org ) at 2024-05-08 21:20 CEST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Initiating Ping Scan at 21:20
Scanning coturn.mydomain.de (20.113.158.244) [2 ports]
Completed Ping Scan at 21:20, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:20
Completed Parallel DNS resolution of 1 host. at 21:20, 0.03s elapsed
Initiating Connect Scan at 21:20
Scanning coturn.mydomain.de (20.113.158.244) [1 port]
Discovered open port 443/tcp on 20.113.158.244
Completed Connect Scan at 21:20, 0.01s elapsed (1 total ports)
NSE: Script scanning 20.113.158.244.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.03s elapsed
Nmap scan report for coturn.mydomain.de (20.113.158.244)
Host is up (0.015s latency).

PORT    STATE SERVICE
443/tcp open  https
| ssl-cert: Subject: commonName=coturn.mydomain.de
| Subject Alternative Name: DNS:coturn.mydomain.de
| Issuer: commonName=R3/organizationName=Let's Encrypt/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-03-20T21:24:03
| Not valid after:  2024-06-18T21:24:02
| MD5:   24cf3c73e472bcd4580b678f8a438785
| SHA-1: 07cdd5b76a24677a64c0fc5d164dac36078da719
| -----BEGIN CERTIFICATE-----
| MIIE5jCCA86gAwIBAgISBLQR3QILIVLgMMcmlsQI1AkTMA0GCSqGSIb3DQEBCwUA
| MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
| EwJSMzAeFw0yNDAzMjAyMTI0MDNaFw0yNDA2MTgyMTI0MDJaMBgxFjAUBgNVBAMT
| DWNvdHVybi5yd2guZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP
| vmeHNZOf9Dhw8MfUu8rz6xL/fDGupj651flx6OfkpOb+NzzE6w1M06MKQPkr4NBc
| w9lQn72MPHO4t8PG+gaEoyWgcUTUrov6H47Cj361v9V4XOHUAUJjzMYbQqUM/DHs
| jQriZezF4b5yHGRimHn7gZwtbuGpJWlNmTOF9lFTZhah/L2DPkZPdSpwdovfpezO
| RcuUunVxRP1Fw5ck2AQTZ/NS3Dlo2xRKX2PcK4eHvQPWs2i8mxon3Y2M4qmtnUWu
| EtWsT2GC/4BUY7VHUHGB6O0AnCla8DHecys+NftI8ydf1aQ5yiT9IKzUgjG4TOwi
| jaQVq8/bg5VrKxWs0zRFAgMBAAGjggIOMIICCjAOBgNVHQ8BAf8EBAMCBaAwHQYD
| VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
| BBYEFEqst+Eh0oBQmskGt+tE0G06tCy7MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
| QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
| Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
| MBgGA1UdEQQRMA+CDWNvdHVybi5yd2guZGUwEwYDVR0gBAwwCjAIBgZngQwBAgEw
| ggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBIsONr2qZHNA/lagL6nTDrHFIBy1bd
| LIHZu7+rOdiEcwAAAY5d9t1BAAAEAwBGMEQCIA+PxdlMaLgNm6avnX6Bt1hA2s6E
| kGAPL58uiujWnB5VAiA3QpVClY02owdyDjVgmULcfo1LVOuV7INGDzyddq8O9AB2
| ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjl323UEAAAQDAEcw
| RQIgZzyDID3CBMZcgfKsHm43JX9HhJu24yKAvVphiTpmQakCIQD5XCSOtltmr/G3
| GN4CovDNWLZ28GhEYZqaHD7xMlpRHjANBgkqhkiG9w0BAQsFAAOCAQEAORUiywRI
| mh8WzdTrZ9+62B0qlMNzDoiKfbu09d5LfXfel0SsFML9j6hCeQfWbeHhZCExeLef
| 8F9iQurh922DI9MDIlI079c+wNSZOfL2THdnAwtFtdjqrJAQr6Lb8h/xePhOzRJr
| dNzPqf4+rcm7QshWlQNVXSevzABBEoAxiWDhbccdedqfQrNQ6CwqK6HaSMh79uZl
| iFHsr9+Jh8MQFc8gwDjnyOsr6Mq1gBl2nZH65pBLJ23QvumVAnRhLXV8L2UReGnl
| gVfScX/yiaXp50NmQwoWmBTq+LMBavWIGcUwZjxTeJm74Ls1gyxbsJDF448hNr98
| AVXRQ5XYhasyYg==
|_-----END CERTIFICATE-----

NSE: Script Post-scanning.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds

from spreed.

SystemKeeper avatar SystemKeeper commented on July 22, 2024

Please check your nextcloud.log. The failure might be expected if the nextcloud server itself is unable to connect to your coturn. But you should see an error in the log.

from spreed.

SystemKeeper avatar SystemKeeper commented on July 22, 2024

Some additional infos can be found at #11327

from spreed.

Speed7811 avatar Speed7811 commented on July 22, 2024

Hey,

loglevel is already set 0 which means 'debug'. I have a tail -f /var/log/nextcloud/nextcloud.log running and I'm sure that I'm the only user which uses the Nextcloud instance. When I press the "Check"-button I don't get any protocol entries written in the log.

As I meantioned in the comment it looks like the Coturn server can be contacted but cause seems to be that the certificate doesn't be accepted.

Best regards

Rainer

from spreed.

SystemKeeper avatar SystemKeeper commented on July 22, 2024

I just noticed that you get a 403 on the request, that must happen before it hits the controller, otherwise an exception should be logged like

spreed/lib/Controller/CertificateController.php

Line 49 in 0d7b4f9

$this->logger->error('Failed get certificate expiration', [

anything special about your user? Full admin rights ?

from spreed.

SystemKeeper avatar SystemKeeper commented on July 22, 2024

For the sake of trying, can you retest when you remove the „:443“ part?

from spreed.

Speed7811 avatar Speed7811 commented on July 22, 2024

Hey... yes I got a 403 here:

Coturn_Console_Window_1

I tried it by removing the "443" and the same result.

I checked the coturn logs during the test and I got some TLS errors:

17831: : session 000000000000000161: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : session 000000000000000163: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : session 001000000000000154: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : session 000000000000000166: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : IPv4. Local relay addr: 10.0.0.4:42072
17831: : session 000000000000000161: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 000000000000000161: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : IPv4. Local relay addr: 10.0.0.4:58386
17831: : session 000000000000000163: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 000000000000000163: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : IPv4. Local relay addr: 10.0.0.4:41107
17831: : session 001000000000000154: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 001000000000000154: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : IPv4. Local relay addr: 10.0.0.4:61846
17831: : session 000000000000000166: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 000000000000000166: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : session 000000000000000162: TLS/TCP socket disconnected: 91.248.xxx.xx:51214
17831: : session 000000000000000162: usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000162: peer usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000162: closed (2nd stage), user <> realm <coturn.mydomain.de> origin <>, local 10.0.0.4:443, remote 91.248.xxx.xx:51214, reason: TLS/TCP socket buffer operation error (callback)
17831: : session 000000000000000164: TLS/TCP socket disconnected: 91.248.xxx.xx:51213
17831: : session 000000000000000164: usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000164: peer usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000164: closed (2nd stage), user <> realm <coturn.mydomain.de> origin <>, local 10.0.0.4:443, remote 91.248.xxx.xx:51213, reason: TLS/TCP socket buffer operation error (callback)
17831: : session 000000000000000166: TLS/TCP socket disconnected: 91.248.xxx.xx:51216
17831: : session 000000000000000166: usage: realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, rp=2, rb=152, sp=2, sb=228
17831: : session 000000000000000166: peer usage: realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000166: closed (2nd stage), user <1715198726:turn-test-user> realm <coturn.mydomain.de> origin <>, local 10.0.0.4:443, remote 91.248.xxx.xx:51216, reason: **TLS/TCP socket buffer operation error (callback)**

Are there any changes which belongs to the communication with TLS? I don't changed anything on the Coturn Server an with 27 it works.

Best regards

Rainer

from spreed.

fancycode avatar fancycode commented on July 22, 2024

Maybe the TURN server check should always be allowed for admins, similar to #8330 and #10961

from spreed.

nickvergessen avatar nickvergessen commented on July 22, 2024

Yeah, that's why there is #11550 as a good-first-issue

from spreed.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.