package: rtc.debian.org severity: important Currently, the TURN server only uses UDP.
For clients behind firewalls that block UDP, we need to enable the TLS transport. https://tools.ietf.org/html/rfc5766#section-2.1 https://tools.ietf.org/html/rfc7065 Need to verify browser support and potentially look at ways to warn users if they are using an older browser version that only supports TURN over UDP https://bugzilla.mozilla.org/show_bug.cgi?id=949703 https://code.google.com/p/webrtc/issues/detail?id=2865 Steps required: a) create a DNS name (maybe turn.debian.org or turn-server.debian.org) and also create the SRV and NAPTR records in DNS b) open TCP port 5349 in the firewall c) create a TLS certificate d) update vogler.debian.org:/etc/reTurn/reTurnServer.config TlsTurnPort = 5349 TlsServerCertificateFilename = /etc/ssl/ssl.crt/turn.debian.org.crt TlsServerPrivateKeyFilename = /etc/ssl/private/turn.debian.org.key TlsTempDhFilename = /etc/reTurn/dh2048.pem e) update the config.js file in rtc.debian.org Git repository to include the URI for TURN over TLS For best results, this should be done over port 443 instead of 5349. Then more HTTP proxies will be willing to relay these calls.
