This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision |
| docker_notes:turnserver [2024-03-30 Sat wk13 11:49] – [turn server] baumkp | docker_notes:turnserver [2024-04-01 Mon wk14 10:52] (current) – [resources] baumkp |
|---|
| So a turn server is needed to allow end to end communication where public IP communication end points are obfuscated, such as where local IP address are behind NAT. To primary purpose of NAT is to increase the effective usability of IPv4 which has limited available public addresses by using a designated ranges of local IPv4 addresses that that do not have direct public addressability. The local addresses can only be publicly accessed via a local router that performs NAT, subject to firewall rules. It is claimed that the obfuscation of the local IP addresses provide additional security. This was not the primary purpose of NAT and is at best a secondary benefit. I believe that NAT provides minimal security benefits. The key security is the firewall setup which does not allow unsolicited access to the local area network address space. Interestingly IPv6 is not limited by address space available and hence does not require NAT for this reason. If NAT is not used with IPv6 LAN then the local address area is directly accessible from the public network, subject to the router and firewall setup. In this case a TURN server would not be required. NAT can still be used with IPv6 if wanted, in which case the TURN server would be required. | So a turn server is needed to allow end to end communication where public IP communication end points are obfuscated, such as where local IP address are behind NAT. To primary purpose of NAT is to increase the effective usability of IPv4 which has limited available public addresses by using a designated ranges of local IPv4 addresses that that do not have direct public addressability. The local addresses can only be publicly accessed via a local router that performs NAT, subject to firewall rules. It is claimed that the obfuscation of the local IP addresses provide additional security. This was not the primary purpose of NAT and is at best a secondary benefit. I believe that NAT provides minimal security benefits. The key security is the firewall setup which does not allow unsolicited access to the local area network address space. Interestingly IPv6 is not limited by address space available and hence does not require NAT for this reason. If NAT is not used with IPv6 LAN then the local address area is directly accessible from the public network, subject to the router and firewall setup. In this case a TURN server would not be required. NAT can still be used with IPv6 if wanted, in which case the TURN server would be required. |
| |
| | ====resources==== |
| | *Nextcloud HowTo: [[https://help.nextcloud.com/t/howto-setup-nextcloud-talk-with-turn-server/30794|Setup Nextcloud Talk with TURN server]] |
| | *[[https://hub.docker.com/r/coturn/coturn|Coturn TURN server Docker image]] |
| | *[[https://github.com/coturn|Github coturn]] |
| | *[[https://quay.io/repository/coturn/coturn|quay.io coturn]] |
| | *[[https://dev.to/alakkadshaw/what-is-a-turn-server-3ome|What is a TURN Server?]] |
| | *[[https://gabrieltanner.org/blog/turn-server/|How to set up and configure your own TURN server using Coturn]] |
| |
| <- docker_notes:docker-nextcloud|Back ^ docker_notes:index|Start page ^ docker_notes:docker-homepage|Next -> | |
| | <- docker_notes:docker-matrix|Back ^ docker_notes:index|Start page ^ docker_notes:docker-homepage|Next -> |