Comments (14)
Or is your admin user not in the list of groups that are allowed to use talk? #11550
from spreed.
Did you check #11550?
from spreed.
Lol... thats it!
I'm the admin user but I changed the permissions a few weeks ago... I remove the Talk permission from the admin. I have never thought that the Turnserver check needs the talk permission.
You made my day! Thank you so much!
Best regards
Rainer
from spreed.
...mondays 🙈
from spreed.
Can you check the browser console if it says any error?
Otherwise the mostlikely issue is that the secret is not matching
from spreed.
Hey,
the secret is 100% correct. In 27 it is the same secret and I didn't changed it. Addionally I have a second Nextcloud 27 instance which uses the same Coturn server an there is no problem!
Here you can find the console window - it seems to be something with the certificate expiration:
Addionally I got with nmap the certificate and it doesn't seems to be expired - so why don't Talk accept it?
The result of nmap (I changed my domain to 'mydomain'):
pi@cloud:~ $ nmap -v -p 443 --script ssl-cert coturn.mydomain.de
Starting Nmap 7.93 ( https://nmap.org ) at 2024-05-08 21:20 CEST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Initiating Ping Scan at 21:20
Scanning coturn.mydomain.de (20.113.158.244) [2 ports]
Completed Ping Scan at 21:20, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:20
Completed Parallel DNS resolution of 1 host. at 21:20, 0.03s elapsed
Initiating Connect Scan at 21:20
Scanning coturn.mydomain.de (20.113.158.244) [1 port]
Discovered open port 443/tcp on 20.113.158.244
Completed Connect Scan at 21:20, 0.01s elapsed (1 total ports)
NSE: Script scanning 20.113.158.244.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.03s elapsed
Nmap scan report for coturn.mydomain.de (20.113.158.244)
Host is up (0.015s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-cert: Subject: commonName=coturn.mydomain.de
| Subject Alternative Name: DNS:coturn.mydomain.de
| Issuer: commonName=R3/organizationName=Let's Encrypt/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-03-20T21:24:03
| Not valid after: 2024-06-18T21:24:02
| MD5: 24cf3c73e472bcd4580b678f8a438785
| SHA-1: 07cdd5b76a24677a64c0fc5d164dac36078da719
| -----BEGIN CERTIFICATE-----
| MIIE5jCCA86gAwIBAgISBLQR3QILIVLgMMcmlsQI1AkTMA0GCSqGSIb3DQEBCwUA
| MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
| EwJSMzAeFw0yNDAzMjAyMTI0MDNaFw0yNDA2MTgyMTI0MDJaMBgxFjAUBgNVBAMT
| DWNvdHVybi5yd2guZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP
| vmeHNZOf9Dhw8MfUu8rz6xL/fDGupj651flx6OfkpOb+NzzE6w1M06MKQPkr4NBc
| w9lQn72MPHO4t8PG+gaEoyWgcUTUrov6H47Cj361v9V4XOHUAUJjzMYbQqUM/DHs
| jQriZezF4b5yHGRimHn7gZwtbuGpJWlNmTOF9lFTZhah/L2DPkZPdSpwdovfpezO
| RcuUunVxRP1Fw5ck2AQTZ/NS3Dlo2xRKX2PcK4eHvQPWs2i8mxon3Y2M4qmtnUWu
| EtWsT2GC/4BUY7VHUHGB6O0AnCla8DHecys+NftI8ydf1aQ5yiT9IKzUgjG4TOwi
| jaQVq8/bg5VrKxWs0zRFAgMBAAGjggIOMIICCjAOBgNVHQ8BAf8EBAMCBaAwHQYD
| VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
| BBYEFEqst+Eh0oBQmskGt+tE0G06tCy7MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
| QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
| Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
| MBgGA1UdEQQRMA+CDWNvdHVybi5yd2guZGUwEwYDVR0gBAwwCjAIBgZngQwBAgEw
| ggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBIsONr2qZHNA/lagL6nTDrHFIBy1bd
| LIHZu7+rOdiEcwAAAY5d9t1BAAAEAwBGMEQCIA+PxdlMaLgNm6avnX6Bt1hA2s6E
| kGAPL58uiujWnB5VAiA3QpVClY02owdyDjVgmULcfo1LVOuV7INGDzyddq8O9AB2
| ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjl323UEAAAQDAEcw
| RQIgZzyDID3CBMZcgfKsHm43JX9HhJu24yKAvVphiTpmQakCIQD5XCSOtltmr/G3
| GN4CovDNWLZ28GhEYZqaHD7xMlpRHjANBgkqhkiG9w0BAQsFAAOCAQEAORUiywRI
| mh8WzdTrZ9+62B0qlMNzDoiKfbu09d5LfXfel0SsFML9j6hCeQfWbeHhZCExeLef
| 8F9iQurh922DI9MDIlI079c+wNSZOfL2THdnAwtFtdjqrJAQr6Lb8h/xePhOzRJr
| dNzPqf4+rcm7QshWlQNVXSevzABBEoAxiWDhbccdedqfQrNQ6CwqK6HaSMh79uZl
| iFHsr9+Jh8MQFc8gwDjnyOsr6Mq1gBl2nZH65pBLJ23QvumVAnRhLXV8L2UReGnl
| gVfScX/yiaXp50NmQwoWmBTq+LMBavWIGcUwZjxTeJm74Ls1gyxbsJDF448hNr98
| AVXRQ5XYhasyYg==
|_-----END CERTIFICATE-----
NSE: Script Post-scanning.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds
from spreed.
Please check your nextcloud.log. The failure might be expected if the nextcloud server itself is unable to connect to your coturn. But you should see an error in the log.
from spreed.
Some additional infos can be found at #11327
from spreed.
Hey,
loglevel is already set 0 which means 'debug'. I have a tail -f /var/log/nextcloud/nextcloud.log running and I'm sure that I'm the only user which uses the Nextcloud instance. When I press the "Check"-button I don't get any protocol entries written in the log.
As I meantioned in the comment it looks like the Coturn server can be contacted but cause seems to be that the certificate doesn't be accepted.
Best regards
Rainer
from spreed.
I just noticed that you get a 403 on the request, that must happen before it hits the controller, otherwise an exception should be logged like
anything special about your user? Full admin rights ?
from spreed.
For the sake of trying, can you retest when you remove the „:443“ part?
from spreed.
Hey... yes I got a 403 here:
I tried it by removing the "443" and the same result.
I checked the coturn logs during the test and I got some TLS errors:
17831: : session 000000000000000161: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : session 000000000000000163: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : session 001000000000000154: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : session 000000000000000166: realm <coturn.mydomain.de> user <>: incoming packet message processed, error 401: Unauthorized
17831: : IPv4. Local relay addr: 10.0.0.4:42072
17831: : session 000000000000000161: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 000000000000000161: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : IPv4. Local relay addr: 10.0.0.4:58386
17831: : session 000000000000000163: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 000000000000000163: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : IPv4. Local relay addr: 10.0.0.4:41107
17831: : session 001000000000000154: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 001000000000000154: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : IPv4. Local relay addr: 10.0.0.4:61846
17831: : session 000000000000000166: new, realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, lifetime=600, cipher=ECDHE-RSA-AES128-GCM-SHA256, method=TLSv1.2
17831: : session 000000000000000166: realm <coturn.mydomain.de> user <1715198726:turn-test-user>: incoming packet ALLOCATE processed, success
17831: : session 000000000000000162: TLS/TCP socket disconnected: 91.248.xxx.xx:51214
17831: : session 000000000000000162: usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000162: peer usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000162: closed (2nd stage), user <> realm <coturn.mydomain.de> origin <>, local 10.0.0.4:443, remote 91.248.xxx.xx:51214, reason: TLS/TCP socket buffer operation error (callback)
17831: : session 000000000000000164: TLS/TCP socket disconnected: 91.248.xxx.xx:51213
17831: : session 000000000000000164: usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000164: peer usage: realm=<coturn.mydomain.de>, username=<>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000164: closed (2nd stage), user <> realm <coturn.mydomain.de> origin <>, local 10.0.0.4:443, remote 91.248.xxx.xx:51213, reason: TLS/TCP socket buffer operation error (callback)
17831: : session 000000000000000166: TLS/TCP socket disconnected: 91.248.xxx.xx:51216
17831: : session 000000000000000166: usage: realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, rp=2, rb=152, sp=2, sb=228
17831: : session 000000000000000166: peer usage: realm=<coturn.mydomain.de>, username=<1715198726:turn-test-user>, rp=0, rb=0, sp=0, sb=0
17831: : session 000000000000000166: closed (2nd stage), user <1715198726:turn-test-user> realm <coturn.mydomain.de> origin <>, local 10.0.0.4:443, remote 91.248.xxx.xx:51216, reason: **TLS/TCP socket buffer operation error (callback)**
Are there any changes which belongs to the communication with TLS? I don't changed anything on the Coturn Server an with 27 it works.
Best regards
Rainer
from spreed.
Maybe the TURN server check should always be allowed for admins, similar to #8330 and #10961
from spreed.
Yeah, that's why there is #11550 as a good-first-issue
from spreed.
Related Issues (20)
- 🚀 Release todo 18.0.10 and 19.0.5
- `FederationSupported` attribute missing from `setSessionState`
- GitHub references are not rendered anymore HOT 2
- Two check marks although read-status not shared HOT 3
- Error on banning call still removes participant
- 🚀 Release todo 19.0.6
- After updating Nextcloud Talk - browser conversation stuck on "Joining Conversation" HOT 3
- 🚀 Release todo 19.0.7
- Start/leave call needs some padding on the right HOT 5
- chore: Renaming actor and banned actor
- Giphy search HOT 2
- ` onMounted is called when there is no active component instance to be associated with. Lifecycle injection APIs can only be used during execution of setup().`
- Build no longer works HOT 2
- "XYZ is typing..." overlays last message and message menus
- Switching to a chat from the root page has a UI glitch if sidebar was open before HOT 3
- Original message in replies not visible (ellipsis) HOT 9
- signaling: Improve error handling when joining a room
- Adapt new guest name handling HOT 2
- Multiple note-to-self rooms in web after creation/deletion in iOS HOT 1
- Ease participating as a internal user when joining public conversations
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spreed.