From 9f2764c0aeffb06addd479cdb2f7986646e7bd62 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sat, 21 Mar 2020 12:57:11 +0100 Subject: [PATCH] Add support for NCs Talk app with own stun/turn server. --- conf/main_ipv4.conf.sample | 12 ++++++++++++ conf/main_ipv6.conf.sample | 12 ++++++++++++ conf/post_decalrations.conf | 14 ++++++++++++++ ip6t-firewall-server | 29 +++++++++++++++++++++++++++++ ipt-firewall-server | 29 +++++++++++++++++++++++++++++ 5 files changed, 96 insertions(+) diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index d2687ea..6c0d67a 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -386,6 +386,18 @@ jitsi_tcp_ports="$standard_http_ports" jitsi_udp_port_range="10000:20000" +# - TURN Server (Stun Server) (for Nextcloud 'talk' app) +# - +nc_turn_server_ips="" +forward_nc_turn_server_ips="" + +# - Ports used by local TURN Server (Stun Server) +# - +# - comma separated list +# - +nc_turn_ports="3478:3479,5349:5350" + + # - TFTP Server # - # - NOT YET IMPLEMENTED diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index a4488b1..b64e825 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -405,6 +405,18 @@ jitsi_tcp_ports="$standard_http_ports" jitsi_udp_port_range="10000:20000" +# - TURN Server (Stun Server) (for Nextcloud 'talk' app) +# - +nc_turn_server_ips="" +forward_nc_turn_server_ips="" + +# - Ports used by local TURN Server (Stun Server) +# - +# - comma separated list +# - +nc_turn_ports="3478:3479,5349:5350" + + # - TFTP Server # - # - NOT YET IMPLEMENTED diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf index 545ebcd..626e081 100644 --- a/conf/post_decalrations.conf +++ b/conf/post_decalrations.conf @@ -315,6 +315,20 @@ for _ip in $forward_jitsi_server_ips ; do forward_jitsi_server_ip_arr+=("$_ip") done +# --- +# - IP Addresses TURN Server (Stun Server) (for Nextcloud 'talk' app) +# --- +# local +declare -a nc_turn_server_ip_arr +for _ip in $nc_turn_server_ips ; do + nc_turn_server_ip_arr+=("$_ip") +done +# DMZ +declare -a forward_nc_turn_server_ip_arr +for _ip in $forward_nc_turn_server_ips ; do + forward_nc_turn_server_ip_arr+=("$_ip") +done + # --- # - IP Addresses Telephone Systems # --- diff --git a/ip6t-firewall-server b/ip6t-firewall-server index c97193e..6f7c6a2 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -1769,6 +1769,35 @@ else fi +# --- +# - TURN Service (for NC Talk App) +# --- + +echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp" + +if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] ; then + + if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${nc_turn_server_ip_arr[@]} ; do + $ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ip6t -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + done + fi + + if [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then + for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do + $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + done + fi + + + echo_done +else + echo_skipped +fi + + # --- # - Jitsi Video Conferencing Service # --- diff --git a/ipt-firewall-server b/ipt-firewall-server index 5964f44..351fd6d 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -2015,6 +2015,35 @@ else fi +# --- +# - TURN Service (for NC Talk App) +# --- + +echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp" + +if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] ; then + + if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then + for _ip in ${nc_turn_server_ip_arr[@]} ; do + $ipt -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ipt -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + done + fi + + if [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then + for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do + $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + $ipt -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT + done + fi + + + echo_done +else + echo_skipped +fi + + # --- # - Jitsi Video Conferencing Service # ---