diff --git a/actions/coturn b/actions/coturn
index e50f2af14..38a2e1719 100755
--- a/actions/coturn
+++ b/actions/coturn
@@ -46,11 +46,9 @@ def subcommand_setup(_):
         shutil.chown(CONFIG_FILE, group='turnserver')
 
     action_utils.service_daemon_reload()
-    action_utils.service_try_restart('coturn')
 
     aug = augeas_load()
 
-    # XXX: Should we set listen, relay IP address to :: or dynamically
     # XXX: Should we set external-ip
     aug.set(_key_path('min-port'), '49152')
     aug.set(_key_path('max-port'), '50175')
@@ -66,9 +64,16 @@ def subcommand_setup(_):
     aug.set(_key_path('no-tlsv1'), 'true')
     aug.set(_key_path('no-tlsv1_1'), 'true')
     aug.set(_key_path('no-cli'), 'true')
+    aug.set(_key_path('listening-ip[1]'), '::')
+    # Keep ::1 because at least two IP addresses of same class are needed for
+    # enabling alternate port (port + 1). This is in turn needed for NAT
+    # Behavior Discovery (RFC 5780).
+    aug.set(_key_path('listening-ip[2]'), '::1')
 
     aug.save()
 
+    action_utils.service_try_restart('coturn')
+
 
 def subcommand_get_config(_):
     """Return the current configuration in JSON format."""
diff --git a/plinth/modules/coturn/__init__.py b/plinth/modules/coturn/__init__.py
index 390e8e274..7ccb8afe3 100644
--- a/plinth/modules/coturn/__init__.py
+++ b/plinth/modules/coturn/__init__.py
@@ -47,7 +47,7 @@ class CoturnApp(app_module.App):
 
     app_id = 'coturn'
 
-    _version = 1
+    _version = 2
 
     def __init__(self):
         """Create components for the app."""
@@ -112,7 +112,9 @@ def setup(helper, old_version=None):
     """Install and configure the module."""
     app.setup(old_version)
     helper.call('post', actions.superuser_run, 'coturn', ['setup'])
-    helper.call('post', app.enable)
+    if old_version == 0:
+        helper.call('post', app.enable)
+
     app.get_component('letsencrypt-coturn').setup_certificates()
     notify_configuration_change()