Configure Your Own TURN/STUN Server

Traversal Using Relays around NAT (TURN) is a protocol that assists in traversal of network address translators (NAT) or firewalls for multimedia applications. It may be used with the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). It is most useful for clients on networks masqueraded by symmetric NAT devices. TURN does not aid in running servers on well known ports in the private network through a NAT; it supports the connection of a user behind a NAT to only a single peer, as in telephony, for example.

Herein we will cover using CoTURN, a free open-source server which provides an option for those wanting control over their own TURN/STUN server.

Red5 Pro WebRTC uses STUN over UDP as our default implementation.

Step-by-step Install on an Ubuntu Linux Server

(process based on this doc)

Recommended running on Ubuntu 18.04 or newer.

1 - Update the apt-get libraries

sudo apt-get update

2 - install coturn

sudo apt-get install coturn

3 - Configure the server

Make a backup of the original configuration file ( sudo cp /etc/turnserver.conf /etc/turnserver.conf.backup) then edit the /etc/turnserver.conf file. Add or modify the following lines:

  • listening-ip= set this to listen on all IP-addresses.
  • external-ip= set this to the public IP of the server
  • realm= set to your domain (e.g., realm=company.com)
  • uncomment no-loopback-peers (note: newer versions disable this by default)
  • uncomment listening-port=3478

If you want logging enabled, then modify the lines (by default logs are sent to /var/log/turnserver.log):

# Enable verbose logging

4 - Start the server

f you want Coturn to autostart whenever you turn on your server, you have to modify the /etc/default/coturn file. Find the following line and uncomment it to run Coturn as an automatic system service daemon TURNSERVER_ENABLED=1 Once you’re done, save and exit the file.

You should now be able to start the coturn service using the following command.

systemctl start coturn

Click links for additional details on the turnserver and its configuration options.


Open a browser to Trickle ICE and add the server in the ICE servers box, remove the google entry and then click Gather candidates; if everything is working you'll see output like this:

Time    Component    Type    Foundation    Protocol    Address        Port    Priority
0.001 1          host    89435858      udp       35948   126 | 32542 | 255
0.037 1            srflx   976374523     udp  35948   100 | 32542 | 255
0.101 1            host    1272402466    tcp 9   9         0 | 32542 | 255
0.101 Done

Using your TURN/STUN Server with Red5 Pro

No modifications are required in Red5 Pro server since it has an internal harvester for ICE connectivity. Utilization of your TURN/STUN server, will require modification of the html-sdk or your own javascript to include the URI for your TURN/STUN server. The URI will be stun:<turn server's IP address>:3478.

If you are using the default, live, webapp, you will want to modify the following files in webapps/live/script/:

  • r5pro-publisher-failover.js
  • r5pro-subscriber-failover.js
  • r5pro-viewer-failover.js

change the line var iceServers = window.r5proIce; to var iceServers = [{ urls: "stun:stun.yourstunserver.domain.com:3478" }]

If you are using the webrtcexamples, you can set the stun server address directly on the index.html page.

For further details about configuring the html-sdk see the Configure & Publish section at the link.

Lastly, in previous releases the {red5pro}/conf/red5pro-webrtc.xml could be modified, but if you don't modify the front-end/SDK settings then those will overrule the server-side configuration.


If you want to try testing with a specific TURN/STUN server that is not the default Google, you can find a list of STUN servers here: STUN + TURN servers list. For example, http://numb.viagenie.ca allows you to create a free account and use their TURN server.