ejabberd configuration error prevents turn credentials from being offered to clients which makes call completion fail when stun is not sufficient. Fix suggested.
Certain users on my ejabberd server could not complete calls to one and other. The callee's client would ring, but when they answered, a connection was attempted but not completed.
adb logcat debugging output on the phone showed messages such as "skipping turn/tcp without username and password". There was a like line for udp.
https://docs.ejabberd.im/admin/configuration/modules/#mod-stun-disco at Available Options->services->restricted says "This option determines whether temporary credentials for accessing the service are offered. The default is false for STUN/STUNS services and true for TURN/TURNS services." However, freedombox configures mod_stun_disco with turn set to false in /etc/ejabberd/ejabberd.yml:
mod_stun_disco:
credentials_lifetime: 1000d
secret: hahaIwon'ttellyou
services:
- host: <fqdn of turn server>
port: 3478
type: stun
transport: tcp
restricted: false
- host: <fqdn of turn server>
port: 3478
type: stun
transport: udp
restricted: false
- host: <fqdn of turn server>
port: 3478
type: turn
transport: tcp
restricted: false
- host: <fqdn of turn server>
port: 3478
type: turn
transport: udp
restricted: falseChanging "restricted:" to "true" in the last two host sections of mod_stun_disco fixed the problem:
- host: <fqdn of turn server>
port: 3478
type: turn
transport: tcp
restricted: true
- host: <fqdn of turn server>
port: 3478
type: turn
transport: udp
restricted: trueEdit: In the ejabberd chat it was suggested that the "restricted" directive could simply be dropped since, for stun it defaults to false and for turn it defaults to true and "just exists to cope with unusual setups".