Failed to start coTURN STUN/TURN Server after a reboot
I've installed freedombox in a virtual machine. Version is : Debian GNU/Linux 10 (buster), FreedomBox 21.4. It is configured with automated daily update.
I suspect the service starts too early. The hardware running the VM is x86-64 "Supermicro A1SAi-2750F" with 4 VCPU and 4 GB RAM.
I just restarted the VM and coturn is not running.
$ sudo systemctl status coturn
[sudo] Mot de passe de XXXXXXX :
● coturn.service - coTURN STUN/TURN Server
Loaded: loaded (/lib/systemd/system/coturn.service; enabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/coturn.service.d
└─freedombox.conf
Active: failed (Result: exit-code) since Sat 2021-03-20 16:05:57 CET; 1min 11s ago
Docs: man:coturn(1)
man:turnadmin(1)
man:turnserver(1)
Process: 782 ExecStart=/usr/bin/turnserver -c /etc/coturn/freedombox.conf --pidfile=/dev/null --log-file=- (code=exited, status=255
Main PID: 782 (code=exited, status=255/EXCEPTION)
mars 20 16:05:57 freedombox systemd[1]: coturn.service: Service RestartSec=100ms expired, scheduling restart.
mars 20 16:05:57 freedombox systemd[1]: coturn.service: Scheduled restart job, restart counter is at 5.
mars 20 16:05:57 freedombox systemd[1]: Stopped coTURN STUN/TURN Server.
mars 20 16:05:57 freedombox systemd[1]: coturn.service: Start request repeated too quickly.
mars 20 16:05:57 freedombox systemd[1]: coturn.service: Failed with result 'exit-code'.
mars 20 16:05:57 freedombox systemd[1]: Failed to start coTURN STUN/TURN Server.$ sudo journalctl -u coturn
-- Logs begin at Sat 2021-03-20 16:05:37 CET, end at Sat 2021-03-20 16:17:35 CET. --
mars 20 16:05:49 freedombox systemd[1]: Started coTURN STUN/TURN Server.
mars 20 16:05:51 freedombox turnserver[517]: 0:
mars 20 16:05:51 freedombox turnserver[517]: RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
mars 20 16:05:51 freedombox turnserver[517]: Version Coturn-4.5.1.1 'dan Eider'
mars 20 16:05:51 freedombox turnserver[517]: 0:
mars 20 16:05:51 freedombox turnserver[517]: Max number of open files/sockets allowed for this process: 524288
mars 20 16:05:51 freedombox turnserver[517]: 0:
mars 20 16:05:51 freedombox turnserver[517]: Due to the open files/sockets limitation,
mars 20 16:05:51 freedombox turnserver[517]: max supported number of TURN Sessions possible is: 262000 (approximately)
mars 20 16:05:51 freedombox turnserver[517]: 0:
mars 20 16:05:51 freedombox turnserver[517]: ==== Show him the instruments, Practical Frost: ====
mars 20 16:05:51 freedombox turnserver[517]: 0: TLS supported
mars 20 16:05:51 freedombox turnserver[517]: 0: DTLS supported
mars 20 16:05:51 freedombox turnserver[517]: 0: DTLS 1.2 supported
mars 20 16:05:51 freedombox turnserver[517]: 0: TURN/STUN ALPN supported
mars 20 16:05:51 freedombox turnserver[517]: 0: Third-party authorization (oAuth) supported
mars 20 16:05:51 freedombox turnserver[517]: 0: GCM (AEAD) supported
mars 20 16:05:51 freedombox turnserver[517]: 0: OpenSSL compile-time version: OpenSSL 1.1.1d 10 Sep 2019 (0x1010104f)
mars 20 16:05:51 freedombox turnserver[517]: 0:
mars 20 16:05:51 freedombox turnserver[517]: 0: SQLite supported, default database location is /var/lib/turn/turndb
mars 20 16:05:51 freedombox turnserver[517]: 0: Redis supported
mars 20 16:05:51 freedombox turnserver[517]: 0: PostgreSQL supported
mars 20 16:05:51 freedombox turnserver[517]: 0: MySQL supported
mars 20 16:05:51 freedombox turnserver[517]: 0: MongoDB is not supported
mars 20 16:05:51 freedombox turnserver[517]: 0:
mars 20 16:05:51 freedombox turnserver[517]: 0: Default Net Engine version: 3 (UDP thread per CPU core)
mars 20 16:05:51 freedombox turnserver[517]: =====================================================
mars 20 16:05:51 freedombox turnserver[517]: 0: Domain name:
mars 20 16:05:51 freedombox turnserver[517]: 0: Default realm: XXX.XX
mars 20 16:05:51 freedombox turnserver[517]: 0:
mars 20 16:05:51 freedombox turnserver[517]: CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a
mars 20 16:05:51 freedombox turnserver[517]: 0: ERROR:
mars 20 16:05:51 freedombox turnserver[517]: CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a
mars 20 16:05:51 freedombox turnserver[517]: 0: SSL23: Certificate file found: /etc/coturn/certs/cert.pem
mars 20 16:05:51 freedombox turnserver[517]: 0: SSL23: Private key file found: /etc/coturn/certs/pkey.pem
mars 20 16:05:51 freedombox turnserver[517]: 0: set_ctx: ERROR: cannot set DH
mars 20 16:05:51 freedombox turnserver[517]: 0: ERROR: set_ctx: ERROR: cannot set DH
mars 20 16:05:51 freedombox turnserver[517]: 0: TLS1.2: Certificate file found: /etc/coturn/certs/cert.pem
mars 20 16:05:51 freedombox turnserver[517]: 0: TLS1.2: Private key file found: /etc/coturn/certs/pkey.pem
mars 20 16:05:51 freedombox turnserver[517]: 0: TLS cipher suite: DEFAULT
mars 20 16:05:51 freedombox turnserver[517]: 0: DTLS: Certificate file found: /etc/coturn/certs/cert.pem
mars 20 16:05:51 freedombox turnserver[517]: 0: DTLS: Private key file found: /etc/coturn/certs/pkey.pem
mars 20 16:05:51 freedombox turnserver[517]: 0: DTLS1.2: Certificate file found: /etc/coturn/certs/cert.pem
mars 20 16:05:51 freedombox turnserver[517]: 0: DTLS1.2: Private key file found: /etc/coturn/certs/pkey.pem
mars 20 16:05:51 freedombox turnserver[517]: 0: DTLS cipher suite: DEFAULT
mars 20 16:05:51 freedombox turnserver[517]: 0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
mars 20 16:05:51 freedombox turnserver[517]: 0: ===========Discovering listener addresses: =========
mars 20 16:05:51 freedombox turnserver[517]: 0: Listener address to use: 127.0.0.1
mars 20 16:05:51 freedombox turnserver[517]: 0: Listener address to use: ::1
mars 20 16:05:51 freedombox turnserver[517]: 0: main: Cannot configure any meaningful IP listener address
mars 20 16:05:51 freedombox turnserver[517]: Usage: turnserver [options]
mars 20 16:05:51 freedombox turnserver[517]: Options:
mars 20 16:05:51 freedombox turnserver[517]: -d, --listening-device <device-name> Listener interface device (N
mars 20 16:05:51 freedombox turnserver[517]: -p, --listening-port <port> TURN listener port (Default:
mars 20 16:05:51 freedombox turnserver[517]: Note: actually, TLS & DTLS sessions can
mars 20 16:05:51 freedombox turnserver[517]: if allowed by configuration.
mars 20 16:05:51 freedombox turnserver[517]: --tls-listening-port <port> TURN listener port for TLS &
mars 20 16:05:51 freedombox turnserver[517]: (Default: 5349).
mars 20 16:05:51 freedombox turnserver[517]: Note: actually, "plain" TCP & UDP sessio
mars 20 16:05:51 freedombox turnserver[517]: if allowed by configuration. The TURN se
mars 20 16:05:51 freedombox turnserver[517]: "automatically" recognizes the type of t
mars 20 16:05:51 freedombox turnserver[517]: endpoints (the "plain" one and the "tls"
mars 20 16:05:51 freedombox turnserver[517]: functionality; but we keep both endpoint
mars 20 16:05:51 freedombox turnserver[517]: For secure TCP connections, we currently
mars 20 16:05:51 freedombox turnserver[517]: TLS versions 1.0, 1.1 and 1.2. For secur
mars 20 16:05:51 freedombox turnserver[517]: DTLS version 1.
mars 20 16:05:51 freedombox turnserver[517]: --alt-listening-port<port> <port> Alternative listening port for
mars 20 16:05:51 freedombox turnserver[517]: or in old RFC 3489 sense, default is "li
mars 20 16:05:51 freedombox turnserver[517]: --alt-tls-listening-port <port> Alternative listening port for TL
mars 20 16:05:51 freedombox turnserver[517]: the default is "TLS/DTLS port plus one"
mars 20 16:05:51 freedombox turnserver[517]: -L, --listening-ip <ip> Listener IP address of relay serv
mars 20 16:05:51 freedombox turnserver[517]: --aux-server <ip:port> Auxiliary STUN/TURN server listeni
mars 20 16:05:51 freedombox turnserver[517]: Auxiliary servers do not have alternativ
mars 20 16:05:51 freedombox turnserver[517]: they do not support RFC 5780 functionali
mars 20 16:05:51 freedombox turnserver[517]: Valid formats are 1.2.3.4:5555 for IPv4
mars 20 16:05:51 freedombox turnserver[517]: --udp-self-balance (recommended for older Linuxes only)
mars 20 16:05:51 freedombox turnserver[517]: over auxiliary servers (if configured).
mars 20 16:05:51 freedombox turnserver[517]: The load balancing is using the ALTERNAT
mars 20 16:05:51 freedombox turnserver[517]: The TURN client must support 300 ALTERNA
mars 20 16:05:51 freedombox turnserver[517]: -i, --relay-device <device-name> Relay interface device for relay
mars 20 16:05:51 freedombox turnserver[517]: -E, --relay-ip <ip> Relay address (the local IP a
mars 20 16:05:51 freedombox turnserver[517]: packets to the peer).
mars 20 16:05:51 freedombox turnserver[517]: Multiple relay addresses may be used.
mars 20 16:05:51 freedombox turnserver[517]: The same IP(s) can be used as both liste
mars 20 16:05:51 freedombox turnserver[517]: If no relay IP(s) specified, then the tu
mars 20 16:05:51 freedombox turnserver[517]: policy: it will decide itself which rela
mars 20 16:05:51 freedombox turnserver[517]: will always be using the client socket I
mars 20 16:05:51 freedombox turnserver[517]: of the TURN session (if the requested re
mars 20 16:05:51 freedombox turnserver[517]: as the family of the client socket).
mars 20 16:05:51 freedombox turnserver[517]: -X, --external-ip <public-ip[/private-ip]> TURN Server public/private address m
mars 20 16:05:51 freedombox turnserver[517]: In that situation, if a -X is used in fo
mars 20 16:05:51 freedombox turnserver[517]: as relay IP address of all allocations.
mars 20 16:05:51 freedombox turnserver[517]: when one single relay address is be used
mars 20 16:05:51 freedombox turnserver[517]: functionality is required.
mars 20 16:05:51 freedombox turnserver[517]: That single relay address must be mapped
mars 20 16:05:51 freedombox turnserver[517]: For that 'external' IP, NAT must forward
mars 20 16:05:51 freedombox turnserver[517]: must be always mapped to the same 'exter
mars 20 16:05:51 freedombox turnserver[517]: In more complex case when more than one
mars 20 16:05:51 freedombox turnserver[517]: that option must be used several times i
mars 20 16:05:51 freedombox turnserver[517]: have form "-X public-ip/private-ip", to
mars 20 16:05:51 freedombox turnserver[517]: --allow-loopback-peers Allow peers on the loopback addre
lines 1-102Then, I can login to FreedomBox, start coturn manualy, and it works fine.
Edited by Yannick Defais