TURN

2026-04-19 15:33:09 -07:00 · 2026-04-19 15:33:09 -07:00 · eb1e0b9556
commit eb1e0b9556
parent f732b95b60
3 changed files with 22 additions and 11 deletions
--- a/services/coturn.nix
+++ b/services/coturn.nix
@ -13,17 +13,11 @@
  };

  networking.firewall = {
-    allowedUDPPorts = [
-      3478
-      5349
-    ];
-    allowedTCPPorts = [
-      3478
-      5349
-    ];
+    allowedUDPPorts = [ 5349 ];
+    allowedTCPPorts = [ 5349 ];
    allowedUDPPortRanges = [
      {
-        from = 49152;
+        from = 50201;
        to = 65535;
      }
    ];
@ -47,10 +41,15 @@
    listening-port = 3478;
    tls-listening-port = 5349;

+    # Plain TURN disabled; only TURNS on 5349 is reachable.
+    no-udp = true;
+    no-tcp = true;
+
    lt-cred-mech = true;
    no-tcp-relay = true;

-    min-port = 49152;
+    # Stay above LiveKit's 50000-50200 UDP range (services/livekit.nix).
+    min-port = 50201;
    max-port = 65535;
  };