I seem to be having issues with using TLS or DTLS to connect to the TURN server, a "standard" un-encrypted connection works. I'm using turntutils_uclient with the following setup
turnutils_uclient -u test -w **** -S -y -k /home/***/.ssh/id_rsa ***.ddns.net
0: tls_connect: client session connected with cipher ECDHE-RSA-AES256-SHA, method=DTLSv1.0
0: tls_connect: client session connected with cipher ECDHE-RSA-AES256-SHA, method=DTLSv1.0
0: tls_connect: client session connected with cipher ECDHE-RSA-AES256-SHA, method=DTLSv1.0
0: tls_connect: client session connected with cipher ECDHE-RSA-AES256-SHA, method=DTLSv1.0
0: tls_connect: client session connected with cipher ECDHE-RSA-AES256-SHA, method=DTLSv1.0
1: Total connect time is 1
1: start_mclient: msz=4, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
2: start_mclient: msz=4, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
3: start_mclient: msz=4, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
4: start_mclient: msz=4, tot_send_msgs=5, tot_recv_msgs=5, tot_send_bytes ~ 500, tot_recv_bytes ~ 500
5: start_mclient: msz=4, tot_send_msgs=15, tot_recv_msgs=15, tot_send_bytes ~ 1500, tot_recv_bytes ~ 1500
6: start_mclient: msz=4, tot_send_msgs=15, tot_recv_msgs=15, tot_send_bytes ~ 1500, tot_recv_bytes ~ 1500
6: start_mclient: tot_send_msgs=20, tot_recv_msgs=20
6: start_mclient: tot_send_bytes ~ 2000, tot_recv_bytes ~ 2000
6: Total transmit time is 5
6: Total lost packets 0 (0.000000%), total send dropped 0 (0.000000%)
6: Average round trip delay 2.200000 ms; min = 1 ms, max = 3 ms
6: Average jitter 0.450000 ms; min = 0 ms, max = 1 ms
0: log file opened: /var/log/turn_11968_2015-09-29.log
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.1 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 4096
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 2000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 is not supported
0: TURN/STUN ALPN is not supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.1e-fips 11 Feb 2013
0:
0: SQLite supported, default database location is /var/db/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Config file found: /etc/turnserver/turnserver.conf
0: log file opened: /var/log/turn_2015-09-29.log
0: Config file found: /etc/turnserver/turnserver.conf
0: Domain name:
0: Default realm: **.ddns.net
0: Config file found: /usr/local/etc/turn_server_cert.pem
0: Config file found: /usr/local/etc/turn_server_pkey.pem
0: SSL23: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: SSL23: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS1.0: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.0: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS1.1: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.1: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: DTLS: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: DTLS cipher suite: DEFAULT
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: **.server.private.ip.***
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: **.server.private.ip.***
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0: relay **.server.private.ip.*** initialization...
0: relay **.server.private.ip.*** initialization done
0: relay ::1 initialization...
0: relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:3479
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3479
0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:5350
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
0: IPv4. TLS/SCTP listener opened on : **.server.private.ip.***:3478
0: IPv4. TLS/TCP listener opened on : **.server.private.ip.***:3478
0: IPv4. TLS/SCTP listener opened on : **.server.private.ip.***:3479
0: IPv4. TLS/TCP listener opened on : **.server.private.ip.***:3479
0: IPv4. TLS/SCTP listener opened on : **.server.private.ip.***:5349
0: IPv4. TLS/TCP listener opened on : **.server.private.ip.***:5349
0: IPv4. TLS/SCTP listener opened on : **.server.private.ip.***:5350
0: IPv4. TLS/TCP listener opened on : **.server.private.ip.***:5350
0: IPv6. TLS/SCTP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/SCTP listener opened on : ::1:3479
0: IPv6. TLS/TCP listener opened on : ::1:3479
0: IPv6. TLS/SCTP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/SCTP listener opened on : ::1:5350
0: IPv6. TLS/TCP listener opened on : ::1:5350
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3479
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
0: IPv4. TLS/TCP listener opened on : **.server.private.ip.***:3478
0: IPv4. TLS/TCP listener opened on : **.server.private.ip.***:3479
0: IPv4. TLS/TCP listener opened on : **.server.private.ip.***:5349
0: IPv4. TLS/TCP listener opened on : **.server.private.ip.***:5350
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3479
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5350
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3479
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5350
0: IPv4. DTLS/UDP listener opened on: **.server.private.ip.***:3478
0: IPv4. DTLS/UDP listener opened on: **.server.private.ip.***:3479
0: IPv4. DTLS/UDP listener opened on: **.server.private.ip.***:5349
0: IPv4. DTLS/UDP listener opened on: **.server.private.ip.***:5350
0: IPv6. DTLS/UDP listener opened on: ::1:3478
0: IPv6. DTLS/UDP listener opened on: ::1:3479
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: IPv6. DTLS/UDP listener opened on: ::1:5350
0: Total General servers: 2
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IPv4. CLI listener opened on : 127.0.0.1:5766
0: SQLite DB connection success: /var/db/turndb
7: IPv4. Accepted connection from: **.server.public.ip.***:37927
7: handle_udp_packet: New UDP endpoint: local addr **.server.private.ip.***:5349, remote addr **.server.public.ip.***:37927
7: session 001000000000000001: realm <**.ddns.net> user <>: incoming packet message processed, error 401: Unauthorized
7: IPv4. Local relay addr: **.server.private.ip.***:51840
7: IPv4. Local reserved relay addr: **.server.private.ip.***:51841
7: session 001000000000000001: new, realm=<**.ddns.net>, username=<test>, lifetime=777, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 001000000000000001: realm <**.ddns.net> user <test>: incoming packet ALLOCATE processed, success
7: session 001000000000000001: refreshed, realm=<**.ddns.net>, username=<test>, lifetime=777, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 001000000000000001: realm <**.ddns.net> user <test>: incoming packet REFRESH processed, success
7: IPv4. Accepted connection from: **.server.public.ip.***:60912
7: handle_udp_packet: New UDP endpoint: local addr **.server.private.ip.***:5349, remote addr **.server.public.ip.***:60912
7: IPv4. Accepted connection from: **.server.public.ip.***:42719
7: handle_udp_packet: New UDP endpoint: local addr **.server.private.ip.***:5349, remote addr **.server.public.ip.***:42719
7: IPv4. Accepted connection from: **.server.public.ip.***:57775
7: handle_udp_packet: New UDP endpoint: local addr **.server.private.ip.***:5349, remote addr **.server.public.ip.***:57775
7: IPv4. Accepted connection from: **.server.public.ip.***:57499
7: handle_udp_packet: New UDP endpoint: local addr **.server.private.ip.***:5349, remote addr **.server.public.ip.***:57499
7: session 001000000000000002: realm <**.ddns.net> user <>: incoming packet message processed, error 401: Unauthorized
7: IPv4. Local relay addr (RTCP): **.server.private.ip.***:51841
7: session 001000000000000002: new, realm=<**.ddns.net>, username=<test>, lifetime=777, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 001000000000000002: realm <**.ddns.net> user <test>: incoming packet ALLOCATE processed, success
7: session 001000000000000002: refreshed, realm=<**.ddns.net>, username=<test>, lifetime=777, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 001000000000000002: realm <**.ddns.net> user <test>: incoming packet REFRESH processed, success
7: session 001000000000000003: realm <**.ddns.net> user <>: incoming packet message processed, error 401: Unauthorized
7: IPv4. Local relay addr: **.server.private.ip.***:63474
7: IPv4. Local reserved relay addr: **.server.private.ip.***:63475
7: session 001000000000000003: new, realm=<**.ddns.net>, username=<test>, lifetime=777, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 001000000000000003: realm <**.ddns.net> user <test>: incoming packet ALLOCATE processed, success
7: session 001000000000000003: refreshed, realm=<**.ddns.net>, username=<test>, lifetime=777, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 001000000000000003: realm <**.ddns.net> user <test>: incoming packet REFRESH processed, success
7: session 000000000000000001: realm <**.ddns.net> user <>: incoming packet message processed, error 401: Unauthorized
7: IPv4. Local relay addr (RTCP): **.server.private.ip.***:63475
7: session 000000000000000001: new, realm=<**.ddns.net>, username=<test>, lifetime=777, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 000000000000000001: realm <**.ddns.net> user <test>: incoming packet ALLOCATE processed, success
7: session 000000000000000001: refreshed, realm=<**.ddns.net>, username=<test>, lifetime=777, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 000000000000000001: realm <**.ddns.net> user <test>: incoming packet REFRESH processed, success
7: session 000000000000000002: realm <**.ddns.net> user <>: incoming packet message processed, error 401: Unauthorized
7: IPv4. Local relay addr: **.server.private.ip.***:65270
7: IPv4. Local reserved relay addr: **.server.private.ip.***:65271
7: session 000000000000000002: new, realm=<**.ddns.net>, username=<test>, lifetime=777, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 000000000000000002: realm <**.ddns.net> user <test>: incoming packet ALLOCATE processed, success
7: session 000000000000000002: refreshed, realm=<**.ddns.net>, username=<test>, lifetime=777, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 000000000000000002: realm <**.ddns.net> user <test>: incoming packet REFRESH processed, success
7: session 001000000000000002: peer **.server.private.ip.***:63475 lifetime updated: 600
7: session 001000000000000002: realm <**.ddns.net> user <test>: incoming packet CHANNEL_BIND processed, success
7: session 001000000000000003: peer **.server.private.ip.***:65270 lifetime updated: 600
7: session 001000000000000003: realm <**.ddns.net> user <test>: incoming packet CHANNEL_BIND processed, success
7: session 000000000000000001: peer **.server.private.ip.***:51841 lifetime updated: 600
7: session 000000000000000001: realm <**.ddns.net> user <test>: incoming packet CHANNEL_BIND processed, success
7: session 000000000000000002: peer **.server.private.ip.***:63474 lifetime updated: 600
7: session 000000000000000002: realm <**.ddns.net> user <test>: incoming packet CHANNEL_BIND processed, success
7: session 001000000000000002: refreshed, realm=<**.ddns.net>, username=<test>, lifetime=600, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 001000000000000002: realm <**.ddns.net> user <test>: incoming packet REFRESH processed, success
7: session 001000000000000002: peer **.server.private.ip.***:63475 lifetime updated: 300
7: session 001000000000000002: realm <**.ddns.net> user <test>: incoming packet CREATE_PERMISSION processed, success
7: session 001000000000000002: peer **.server.private.ip.***:63475 lifetime updated: 600
7: session 001000000000000002: realm <**.ddns.net> user <test>: incoming packet CHANNEL_BIND processed, success
7: session 001000000000000003: refreshed, realm=<**.ddns.net>, username=<test>, lifetime=600, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 001000000000000003: realm <**.ddns.net> user <test>: incoming packet REFRESH processed, success
7: session 001000000000000003: peer **.server.private.ip.***:65270 lifetime updated: 300
7: session 001000000000000003: realm <**.ddns.net> user <test>: incoming packet CREATE_PERMISSION processed, success
7: session 001000000000000003: peer **.server.private.ip.***:65270 lifetime updated: 600
7: session 001000000000000003: realm <**.ddns.net> user <test>: incoming packet CHANNEL_BIND processed, success
7: session 000000000000000001: refreshed, realm=<**.ddns.net>, username=<test>, lifetime=600, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 000000000000000001: realm <**.ddns.net> user <test>: incoming packet REFRESH processed, success
7: session 000000000000000001: peer **.server.private.ip.***:51841 lifetime updated: 300
7: session 000000000000000001: realm <**.ddns.net> user <test>: incoming packet CREATE_PERMISSION processed, success
7: session 000000000000000001: peer **.server.private.ip.***:51841 lifetime updated: 600
7: session 000000000000000001: realm <**.ddns.net> user <test>: incoming packet CHANNEL_BIND processed, success
7: session 000000000000000002: refreshed, realm=<**.ddns.net>, username=<test>, lifetime=600, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
7: session 000000000000000002: realm <**.ddns.net> user <test>: incoming packet REFRESH processed, success
7: session 000000000000000002: peer **.server.private.ip.***:63474 lifetime updated: 300
7: session 000000000000000002: realm <**.ddns.net> user <test>: incoming packet CREATE_PERMISSION processed, success
7: session 000000000000000002: peer **.server.private.ip.***:63474 lifetime updated: 600
7: session 000000000000000002: realm <**.ddns.net> user <test>: incoming packet CHANNEL_BIND processed, success
13: session 001000000000000002: refreshed, realm=<**.ddns.net>, username=<test>, lifetime=0, cipher=ECDHE-RSA-AES256-SHA, method=DTLSv1.0
13: session 001000000000000002: realm <**.ddns.net> user <test>: incoming packet REFRESH processed, success
13: session 001000000000000002: closed (2nd stage), user <test> realm <**.ddns.net> origin <>, local **.server.private.ip.***:5349, remote **.server.public.ip.***:60912, reason: SSL read error
13: session 001000000000000002: SSL shutdown received, socket to be closed (local **.server.private.ip.***:5349, remote **.server.public.ip.***:60912)
13: session 001000000000000002: delete: realm=<**.ddns.net>, username=<test>
13: session 001000000000000002: peer **.server.private.ip.***:63475 deleted
Segmentation fault