How To Install and Configure a TURN server for Zimbra Connect

Working with Zimbra Talk? This is your Forum, drop here your questions with the Installation, Configuration, etc.
Post Reply
User avatar
rleiker
Advanced member
Advanced member
Posts: 149
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

How To Install and Configure a TURN server for Zimbra Connect

Post by rleiker »

If you happen to be working on a installing or configuring Zimbra Connect, and you have found in your testing any of the following:
  • Callers are unable to connect
  • Callers cannot see each other's video/screen shares
  • Callers cannot hear each other's audio
  • Chat messages are not being received
This indicates you may need to setup a TURN server. One option for a TURN server is the reTURN project from https://www.resiprocate.org/Main_Page . A TURN server acts as an intermediary relay allowing callers to connect to each other, when they cannot make a direct connection using the WebRTC protocol.

Zextras has a write-up for installing reTURN on their Wiki, but some of the information appears to be outdated: Here is a summary of what I did to get reTURN server working successfully with Zimbra Connect on CentOS 7. These steps should be easily adaptable to Ubuntu by swapping the "yum" commands for the equivalent "apt" commands.

1.) Install CentOS with the minimal install options, and set the host name, ip address, DNS, gateway options.

2.) Upon first boot, run "yum upgrade" then reboot.

3.) Run "yum install epel-release". This installs the repo where the reTURN server can be installed.

4.) Run "yum install resiprocate-turn-server"

5.) In the /etc/reTurn/reTurnServer.config file, make these changes:

Required Settings
TurnAddress = your server's public IP address (1.2.3.4)
TurnPort = 3478
AuthenticationRealm = any valid domain name (example.com)
UserDatabaseHashedPasswords = true
AllocationPortRangeMin = 49152
AllocationPortRangeMax = 65535

Optional Settings
TlsTurnPort = 443
TlsServerCertificateFilename = server.pem

All other settings not mentioned above can be left at their defaults.

6.) If you set the optional settings noted above, you will need to either setup Let's Encrypt or purchase an SSL certificate. In server.pem, you'll need to include the private key, domain certificate, and CA certificate, in that order, concatenated together in a single file.

7.) You'll need to create a single user account for Zimbra Connect to authenticate with the reTURN server. For example, if you want to create a user name of "zimbra", a password of "long-password" and you set the AuthenticationRealm value in step 5 above to "example.com", run this command:

echo -n zimbra:example.com:long-password | md5sum

This will create an MD5 hash that looks like:
403f476b81442de0bf2df8424bad31b3 -

Next, open the /etc/reTurn/users.txt file, comment out the test user sample and add a new line:

zimbra:403f476b81442de0bf2df8424bad31b3:example.com:authorized

The syntax is: login:password:realm:state.

8.) On your reTURN server you will need to open these firewall ports:
  • Required
    • TCP 3478, UDP 3478
    • UDP 49152 - 65535
  • Optional
    • TCP 443
The optional TCP 443 port is only needed if you set the TlsTurnPort and TlsServerCertificateFilename options in step 5 above.

9.) Start the TURN service: "systemctl restart resiprocate-turn-server", then check the /var/log/messages and /var/log/reTurn/reTurnServer.log log files. If all is working well, you should see log entries similar to:

Mar 19 16:36:47 turn reTurnServer: INFO | 20200319-163647.815 | | RETURN | 140267831281792 | ReTurnConfig.cxx:293 | Processed 1 user(s) from 23 line(s) in /etc/reTurn/users.txt

You can also run "netstat -npl | grep -i turn" to confirm that reTURN is listening to the expected ports:

tcp 0 0 1.2.3.4:3478 0.0.0.0:* LISTEN 1102/reTurnServer
tcp 0 0 1.2.3.4 :443 0.0.0.0:* LISTEN 1102/reTurnServer
tcp6 0 0 :::3478 :::* LISTEN 1102/reTurnServer
tcp6 0 0 :::443 :::* LISTEN 1102/reTurnServer
udp 0 0 1.2.3.4 :3478 0.0.0.0:* 1102/reTurnServer
udp6 0 0 :::3478 :::* 1102/reTurnServer

10.) Finally, from your Zimbra server, where the mailboxd service is installed, as the Zimbra user, run:

zxsuite connect iceServer add turn:1.2.3.4:3478?transport=udp credential long-password username zimbra

Where:
  • "1.2.3.4:3478?transport=udp" is the public IP address, port number, and transport for your reTURN server
  • "long-password" is the password that you setup in step 7
  • "zimbra" is the user name that you setup in step 7
For more information on this command, refer to: https://zimbra.github.io/adminguide/lat ... urn_server . If you need to remove the reTURN server from Zimbra, run:

zxsuite connect iceServer remove turn:1.2.3.4:3478?transport=udp credential long-password username zimbra

To see a list of registered TURN servers in Zimbra, use: "zxsuite connect iceServer get"

Tips
After the installation of a TURN server and configuration of the TURN server in Zimbra, if callers are still having trouble connecting, or chat messages are not being received, you can use this site to test your reTURN server: https://webrtc.github.io/samples/src/co ... ickle-ice/ . If problems continue, next check the WebRTC capabilities of the clients using:
SteveK
Posts: 7
Joined: Wed Apr 08, 2020 5:09 pm

Re: How To Install and Configure a TURN server for Zimbra Connect

Post by SteveK »

Excellent writeup.. thanks for doing it as it was the only instructions out there that actually worked. You have any success with Zimbra Talk/Connect? It needs a lot of work but if they can get it going it'll be terribly handy.
User avatar
rleiker
Advanced member
Advanced member
Posts: 149
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

Re: How To Install and Configure a TURN server for Zimbra Connect

Post by rleiker »

SteveK wrote:Excellent writeup.. thanks for doing it as it was the only instructions out there that actually worked. You have any success with Zimbra Talk/Connect? It needs a lot of work but if they can get it going it'll be terribly handy.
You are welcome Steve. When I was first trying to get a TURN server working with Zimbra Connect, I too found a lot of inaccurate or out of date information else where on the Internet, and at the time, there was no guidance in the official Zimbra Wiki on the topic either.

As a Zimbra Business Service Provider, we are successfully providing Zimbra Connect as an add-on service for our customers. We just started marketing this to our customers about two weeks ago from today, and it has been selling steadily so far. I agree with you that Zimbra Connect is still rough around the edges. I am currently pursuing a request with Zimbra Support (and indirectly with the Zextras development team) to fix the bugs summarized in this post: viewtopic.php?f=9&t=67855&sid=3001e6c1a ... 28#p296592 . Once they fix these bugs, I feel that Zimbra Connect will be much more appealing to the market place.
SteveK
Posts: 7
Joined: Wed Apr 08, 2020 5:09 pm

Re: How To Install and Configure a TURN server for Zimbra Connect

Post by SteveK »

Thanks. If you could mention one thing that is really missing. Desktop audio from the person sharing their desktop. We are trying to do online training with new employees and we can't share the desktop audio, while Zoom does indeed to this.
User avatar
rleiker
Advanced member
Advanced member
Posts: 149
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

Re: How To Install and Configure a TURN server for Zimbra Connect

Post by rleiker »

SteveK wrote:Thanks. If you could mention one thing that is really missing. Desktop audio from the person sharing their desktop. We are trying to do online training with new employees and we can't share the desktop audio, while Zoom does indeed to this.
Steve, I'm not sure if Zimbra Connect can share desktop audio, from a screen share during a video call. I've never tested that scenario before, but I would take an educated guess that it does not yet support that capability. You may want to consider opening a support case with Zimbra Support for additional assistance with the question.
SteveK
Posts: 7
Joined: Wed Apr 08, 2020 5:09 pm

Re: How To Install and Configure a TURN server for Zimbra Connect

Post by SteveK »

Zoom can do it. Sharing the desktop is handy but for training purposes or presentations without audio what is the point?
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: How To Install and Configure a TURN server for Zimbra Connect

Post by zimico »

Dear Randy,
It is great if you can share howto install letsencrypt and/or commercial SSL cert on Sturn server.
Many thanks and best regards,
Minh.
Post Reply