coturn: Use wildcard listening address to fix startup issues

Fixes: #2069. Without a listening port, coturn will try to enumerate the non-local IP addresses and try to listen on them. If coturn is started before network is fully setup, it finds no usable IP addresses and fails. Furthermore, if IPs are added to the system, it does not automatically listen on them. A better approach as advised by systemd NetworkTarget documentation is to listen on a wildcard address. This does not require network to be online and works well for IP addresses being added/removed from the system. coturn is itself unable to make changes to its default listening behavior for backward compatibility. Tests: - Freshly install coturn. Observe that listening-ip is properly set in the configuration file. coturn is listening on 3478, 3479, 5349, 5350. coturn is listening on ::1 and * addresses instead of individual IP addresses. - Install coturn without the patch. Apply the patch and restart FreedomBox. coturn setup will run. listening-ips get added to the configuration file. The static-auth-secret is not changed from earlier. coturn will be restarted. coturn is listening on 3478, 3479, 5349, 5350. coturn is listening on ::1 and * addresses instead of individual IP addresses. - Install coturn without the patch. Disable coturn. Apply the patch and restart FreedomBox. coturn setup will run. coturn will not be enabled. coturn will be running after setup. - Functional tests pass. - All ports able to connect using netcat (nc command) with IPv4 (-4 option) and IPv6 (-6 option). Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-06-17 11:10:23 +00:00 · 2022-01-24 19:54:58 -08:00 · 2022-01-24 19:54:58 -08:00 · 78d78d84a7
commit 78d78d84a7
parent fc4a9183bd
2 changed files with 11 additions and 4 deletions
--- a/actions/coturn
+++ b/actions/coturn
@ -46,11 +46,9 @@ def subcommand_setup(_):
        shutil.chown(CONFIG_FILE, group='turnserver')

    action_utils.service_daemon_reload()
-    action_utils.service_try_restart('coturn')

    aug = augeas_load()

-    # XXX: Should we set listen, relay IP address to :: or dynamically
    # XXX: Should we set external-ip
    aug.set(_key_path('min-port'), '49152')
    aug.set(_key_path('max-port'), '50175')
@ -66,9 +64,16 @@ def subcommand_setup(_):
    aug.set(_key_path('no-tlsv1'), 'true')
    aug.set(_key_path('no-tlsv1_1'), 'true')
    aug.set(_key_path('no-cli'), 'true')
+    aug.set(_key_path('listening-ip[1]'), '::')
+    # Keep ::1 because at least two IP addresses of same class are needed for
+    # enabling alternate port (port + 1). This is in turn needed for NAT
+    # Behavior Discovery (RFC 5780).
+    aug.set(_key_path('listening-ip[2]'), '::1')

    aug.save()

+    action_utils.service_try_restart('coturn')
+

 def subcommand_get_config(_):
    """Return the current configuration in JSON format."""
--- a/plinth/modules/coturn/init.py
+++ b/plinth/modules/coturn/init.py
@ -47,7 +47,7 @@ class CoturnApp(app_module.App):

    app_id = 'coturn'

-    _version = 1
+    _version = 2

    def __init__(self):
        """Create components for the app."""
@ -112,7 +112,9 @@ def setup(helper, old_version=None):
    """Install and configure the module."""
    app.setup(old_version)
    helper.call('post', actions.superuser_run, 'coturn', ['setup'])
-    helper.call('post', app.enable)
+    if old_version == 0:
+        helper.call('post', app.enable)
+
    app.get_component('letsencrypt-coturn').setup_certificates()
    notify_configuration_change()