Hey guys…I have one fundamental question. Little confused on this every time I think about the usecase - the ports used by coTurn and KMS as below
**40000 - 57000: used by KMS
**57001 - 65535: used by TURN
My understanding:
If 2 users reachable on same network then KMS ports are used and coTurn is not used
If 2 users not reachable (1 within enterprise network and another customer internet facing) then coTurn is used and coTurn relays data to KMS
Scenario(myServer):
I have my single server (with CoTurn+KMS+Openvidu) internet facing. Customers can access this server and within enterprise also can access this server.
My Question:
In that case is it safe to assume i won’t need coTurn for data relay? KMS will directly handle both connections using its port range right?
I would need coTurn only if my KMS is in a different server which is not internet facing. Is that correct?
I am jus looking to deploy this in prod and my scenarios is - video calls within enterprise + video calls from outside enterprise (customer) with an enterprise user. what wud be the best server deployment strategy?
I can comment on the technical aspects of using Coturn.
First of all a clarification that Coturn is a server that provides both STUN (port forwarding and IP address discovery) and TURN (media relay) protocols.
You are right that is the clients (users connecting from their browsers) won’t need to use TURN if they are able to contact KMS directly. If you can say with 100% confidence that the corporate firewall / restrictive NAT will allow clients sending data to KMS, and KMS sending data to clients, then yes, you can assume TURN is not used.
STUN, on the other hand, will still be used by everyone: KMS needs to discover its own public IP, otherwise it would tell clients about its internal network in the AWS subnet; and clients would tell KMS about their internal LAN address, and they would not be able to connect. So STUN is still required in all cases.
Yes, that’s correct. KMS would tell clients about its private address, but clients wouldn’t be able to reach that address, so they would resort to using the TURN relay, i.e. sending RTP packets to Coturn, so Coturn can relay them to KMS.
However this situation can also happen with some corporate firewalls in the other direction, not allowing KMS to send RTP packets to the clients, thus forcing KMS to send packets to Coturn so Coturn can relay them to the clients. That’s why OpenVidu comes with Coturn enabled by default for the TURN protocol, besides STUN.
Just one more question…assuming my turn/kms/openvidu are in same server can I use domain url (load balancer that points to only this server - but not actually load balancing) in my configurations?
Because based on configuration I see that turn server takes only IP address (public/static). My org doesn’t allow static ip exposed. so what is my other way around?
No, I have my current setup up and running fine. While testing I just noticed that the turn server is accessed from client (peer) using an IP address and not thru a domain name. My question is how can I use a domain (url) name instead of IP - assuming my domain load balancer will point to only one server that has kms/coTurn/openvidu running