turnserver.conf(5) TurnServer configuration file

SYNOPSIS

/usr/local/etc/turnserver.conf

DESCRIPTION

This is the TurnServer configuration file.
Here are the configuration options supported.

OPTIONS

The file contains the following definitions:

listen_address = { IPv4 address, ... }
The public IPv4 address of any relayed address (if not set, no relay for IPv4). You can set more than one address, example: listen_address = { "172.16.2.1", "173.17.2.1" }

The main advantage to have multiple public IPv4 addresses is to do load sharing.

listen_addressv6 = { IPv6 address, ...}
The public IPv6 address of any relayed address (if not set, no relay for IPv6). You can set more than one address, example: listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }

The main advantage to have multiple public IPv6 addresses is to do load sharing.

udp_port = number
The UDP port of the server to listen for incoming connections.

tcp_port = number
The TCP port of the server to listen for incoming connections.

tls_port = number
The TLS port of the server to listen for incoming connections.

tls = boolean
Enable or not TLS over TCP connections.

dtls = boolean
Enable or not TLS over UDP connections. It is an experimental feature of TurnServer and it is not defined by TURN standard.

max_port = number
Maximum allocation port number.

min_port = number
Minimum allocation port number.

turn_tcp = boolean
Enable or not TURN-TCP extension. This extension is documented in RFC6062.

tcp_buffer_userspace = boolean
Enable or not userspace buffering for TURN-TCP extension. If false server will use OS buffering.

tcp_buffer_size = number
TURN-TCP internal buffer size. It is used to bufferize data coming from TCP peer when client does not have sent ConnectionBind.

daemon = boolean
Run the program as daemon.

unpriv_user = string
If the program is run as root or setuid root, the program will drop its privileges to the unpriv_user privileges.

To use this feature, create a special user with the adduser command: adduser --system --group turnserver

realm = string
Realm value (i.e. domain.org).

nonce_key = string
Key used to hash nonce.

max_relay_per_username = number
Maximum number of allocation per username.

allocation_lifetime = number
Lifetime of an allocation in second.

bandwidth_per_allocation = number
Bandwidth limit for an allocation in KBytes/s. 0 value means disable bandwidth quota.

restricted_bandwidth = number
Bandwidth limit for restricted userse in KBytes/s. 0 value means disable bandwidth limitation. 

denied_address {
 address = IPv4 | IPv6 address
 mask = bitmask number
 port = number (1 - 65535)
}




Defines an entry for the denied access list. This can appear multiple time.
Format is defined as follow:



address
is a string representing an IPv4 or IPv6 address.



mask
is a number representing the bitmask (i.e. 24 is similar as 255.255.255.0, ...).



port
is a number representing the network port. The 0 value means all ports.


It is strongly recommended to restrict addresses 127.0.0.1 and ::1 if there are
private services running on the TURN server.



ca_file = string


The pathname of the Certification Authority certificate (required when
tls=true).



cert_file = string


The pathname of the server certificate (required when tls=true).



private_key_file = string


The pathname of the server private key (required when tls=true).



account_method = [file | db | ldap ...]


The method to retrieve account data.
Note that only the "file" method is implemented.



account_file = string


The pathname of the account file (required when account_method=file).



mod_tmpuser = boolean


Enable or not mod_tmpuser which consist of a socket that listen on localhost
and external program can create or delete temporary user.










EXAMPLE




listen_address = { "172.16.0.1" }


listen_addressv6 = { "2001:db8::1" }


udp_port = 3478


tcp_port = 3478


tls_port = 5349


tls = true


dtls = false


max_port = 65535


min_port = 49152


turn_tcp = false


tcp_buffer_userspace = true


tcp_buffer_size = 32768


daemon = false


unpriv_user = turnserver


realm = "domain.org"


nonce_key = "hieKedq"


max_relay_per_username = 10


allocation_lifetime = 1800


bandwidth_per_allocation = 150


restricted_bandwidth = 10


denied_address {

  address = "172.1.0.3"

  mask = 24

  port = 0


}


denied_address {

  address = "127.0.0.1"

  mask = 8

  port = 0


}


denied_address {

  address = "::1"

  mask = 128

  port = 0


}


ca_file = "/etc/ca.crt"


cert_file = "/etc/server.crt"


private_key_file = "/etc/server.key"


account_method = "file"


account_file = "/etc/turnusers.txt








AUTHOR




Sebastien Vincent <[email protected]>






      

    



  









  

  


    

      
SEE ALSO

      
    


        

          
LAST SEARCHED