# Coturn TURN SERVER configuration file # Only IPv4, IPv6 can confuse some software listening-ip=111.222.111.222 # Listening port for TURN (UDP and TCP): listening-port=3480 # Listening port for TURN TLS (UDP and TCP): tls-listening-port=5351 # Lower and upper bounds of the UDP relay endpoints: # (default values are 49152 and 65535) # min-port=40000 max-port=49999 use-auth-secret static-auth-secret= realm=turn.example.com # Per-user allocation quota. # default value is 0 (no quota, unlimited number of sessions per user). # This option can also be set through the database, for a particular realm. user-quota=12 # Total allocation quota. # default value is 0 (no quota). # This option can also be set through the database, for a particular realm. total-quota=1200 # Uncomment if no TCP relay endpoints are allowed. # By default TCP relay endpoints are enabled (like in RFC 6062). # no-tcp-relay # Certificate file. # Use an absolute path or path relative to the # configuration file. # Use PEM file format. cert=/etc/coturn/ssl/fullchain.pem # Private key file. # Use an absolute path or path relative to the # configuration file. # Use PEM file format. pkey=/etc/coturn/ssl/privkey.pem # Option to redirect all log output into system log (syslog). # syslog # Option to allow or ban specific ip addresses or ranges of ip addresses. # If an ip address is specified as both allowed and denied, then the ip address is # considered to be allowed. This is useful when you wish to ban a range of ip # addresses, except for a few specific ips within that range. # # This can be used when you do not want users of the turn server to be able to access # machines reachable by the turn server, but would otherwise be unreachable from the # internet (e.g. when the turn server is sitting behind a NAT) # denied-peer-ip=0.0.0.0-255.255.255.255 denied-peer-ip=127.0.0.0-0.255.255.255 denied-peer-ip=10.0.0.0-10.255.255.255 denied-peer-ip=172.16.0.0-172.31.255.255 denied-peer-ip=192.168.0.0-192.168.255.255 denied-peer-ip=100.64.0.0-100.127.255.255 denied-peer-ip=192.0.0.0-192.0.0.255 denied-peer-ip=169.254.0.0-169.254.255.255 denied-peer-ip=192.88.99.0-192.88.99.255 denied-peer-ip=198.18.0.0-198.19.255.255 denied-peer-ip=192.0.2.0-192.0.2.255 denied-peer-ip=198.51.100.0-198.51.100.255 denied-peer-ip=203.0.113.0-203.0.113.255 # TURN server allocates address family according TURN client requested address family. # If address family not requested explicitly by the client, then it falls back to this default. # The standard RFC explicitly define that this default must be IPv4, # so use other option values with care! # Possible values: "ipv4" or "ipv6" or "keep" # "keep" sets the allocation default address family according to # the TURN client allocation request connection address family. allocation-default-address-family="ipv4" # Turn OFF the CLI support. # By default it is always ON. # See also options cli-ip and cli-port. # no-cli # Do not allow an TLS/DTLS version of protocol # no-tlsv1 no-tlsv1_1 # Disable RFC5780 (NAT behavior discovery). # # Strongly encouraged to use this option to decrease gain factor in STUN # binding responses. # no-rfc5780 # Disable handling old STUN Binding requests and disable MAPPED-ADDRESS # attribute in binding response (use only the XOR-MAPPED-ADDRESS). # # Strongly encouraged to use this option to decrease gain factor in STUN # binding responses. # no-stun-backward-compatibility # Only send RESPONSE-ORIGIN attribute in binding response if RFC5780 is enabled. # # Strongly encouraged to use this option to decrease gain factor in STUN # binding responses. # response-origin-only-with-rfc5780