Wednesday, July 5, 2023

How to configure Eturnal TURN server with TLSv1.3 support on Debian 12

 eturnal is a turn server and an alternative to coturn. It can be installed on Debian using the instructions provided here

To use a static username and password, a script must be used to generate one that works with the defined secret code in the config file. 

The following python code can be used for such conversion:

import hmac

import hashlib

import base64

username = "1735686000"          # For credentials valid until 2025-01-01.

secret = "1pIFIj70BPsgBI92j5ux"  # As specified in your configuration file.

sha = hmac.new(secret.encode('utf-8'), username.encode('utf-8'), hashlib.sha1)

password = base64.b64encode(sha.digest()).decode('utf-8')

print(username)

print(password)


The following options can be used to disable older versions of tls to force tlsv1.3:

  ## TLS certificate/key files (must be readable by 'eturnal' user!):
  tls_crt_file: /opt/fullchain.pem
  tls_key_file: /opt/privkey.pem
  tls_options:
    - no_tlsv1
    - no_tlsv1_1
    - no_tlsv1_2

It is recommended to also uncomment the - recommended item in the blacklist section to blacklist local network ip addresses from turn and speed up connection.
at

2 comments:

  1. Holger WeißSeptember 9, 2023 at 12:45 AM

    This comment has been removed by the author.

    ReplyDelete
  2. Holger WeißSeptember 9, 2023 at 12:46 AM

    For what it's worth, since eturnal 1.11.1 you could also specify static credentials in there eturnal.yml file:

    https://eturnal.net/documentation/#credentials

    ReplyDelete

Subscribe to: Post Comments (Atom)

How to export Apple Health / Google Fit training activity to TCX format

  I own a Xiaomi Smart Band 7, and recently, my Mi Fitness app stopped syncing running activities to Strava. Mi Fitness supports syncing dat...