Scroll to navigation

turnserver.conf(5) File Formats Manual turnserver.conf(5)

NAME

turnserver.conf - TurnServer configuration file

SYNOPSIS

/usr/local/etc/turnserver.conf

DESCRIPTION

This is the TurnServer configuration file.
Here are the configuration options supported.

OPTIONS

The file contains the following definitions:

The public IPv4 address of any relayed address (if not set, no relay for IPv4). You can set more than one address, example: listen_address = { "172.16.2.1", "173.17.2.1" }

The main advantage to have multiple public IPv4 addresses is to do load sharing.

The public IPv6 address of any relayed address (if not set, no relay for IPv6). You can set more than one address, example: listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }

The main advantage to have multiple public IPv6 addresses is to do load sharing.

The UDP port of the server to listen for incoming connections.

The TCP port of the server to listen for incoming connections.

The TLS port of the server to listen for incoming connections.

Enable or not TLS over TCP connections.

Enable or not TLS over UDP connections. It is an experimental feature of TurnServer and it is not defined by TURN standard.

Maximum allocation port number.

Minimum allocation port number.

Enable or not TURN-TCP extension. This extension is documented in RFC6062.

Enable or not userspace buffering for TURN-TCP extension. If false server will use OS buffering.

TURN-TCP internal buffer size. It is used to bufferize data coming from TCP peer when client does not have sent ConnectionBind.

Run the program as daemon.

If the program is run as root or setuid root, the program will drop its privileges to the unpriv_user privileges.

To use this feature, create a special user with the adduser command: adduser --system --group turnserver

Realm value (i.e. domain.org).

Key used to hash nonce.

Maximum number of allocation per username.

Lifetime of an allocation in second.

Bandwidth limit for an allocation in KBytes/s. 0 value means disable bandwidth quota.

Bandwidth limit for restricted userse in KBytes/s. 0 value means disable bandwidth limitation.

denied_address {
 address = IPv4 | IPv6 address
 mask = bitmask number
 port = number (1 - 65535)
}

Defines an entry for the denied access list. This can appear multiple time. Format is defined as follow:
address is a string representing an IPv4 or IPv6 address.
mask is a number representing the bitmask (i.e. 24 is similar as 255.255.255.0, ...).
port is a number representing the network port. The 0 value means all ports.

It is strongly recommended to restrict addresses 127.0.0.1 and ::1 if there are private services running on the TURN server.

The pathname of the Certification Authority certificate (required when tls=true).

The pathname of the server certificate (required when tls=true).

The pathname of the server private key (required when tls=true).

The method to retrieve account data. Note that only the "file" method is implemented.

The pathname of the account file (required when account_method=file).

Enable or not mod_tmpuser which consist of a socket that listen on localhost and external program can create or delete temporary user.

EXAMPLE

listen_address = { "172.16.0.1" }

listen_addressv6 = { "2001:db8::1" }

udp_port = 3478

tcp_port = 3478

tls_port = 5349

tls = true

dtls = false

max_port = 65535

min_port = 49152

turn_tcp = false

tcp_buffer_userspace = true

tcp_buffer_size = 32768

daemon = false

unpriv_user = turnserver

realm = "domain.org"

nonce_key = "hieKedq"

max_relay_per_username = 10

allocation_lifetime = 1800

bandwidth_per_allocation = 150

restricted_bandwidth = 10

denied_address {
address = "172.1.0.3"
mask = 24
port = 0

}

denied_address {
address = "127.0.0.1"
mask = 8
port = 0

}

denied_address {
address = "::1"
mask = 128
port = 0

}

ca_file = "/etc/ca.crt"

cert_file = "/etc/server.crt"

private_key_file = "/etc/server.key"

account_method = "file"

account_file = "/etc/turnusers.txt

AUTHOR

Sebastien Vincent <sebastien.vincent@turnserver.org>

SEE ALSO

turnserver(1)

May 16, 2011 TurnServer Configuration