Configure TURN Settings for WebRTC

When you configure TURN settings, Polycom recommends that you assign TURN services to the network interface assigned to external signaling. The external IP address (private) of this interface must be mapped to the public IP address on your firewall.

The number of dynamic ports you specify for TURN media relay doesn’t necessarily map to the number of calls that can be supported. The number of ports required to support all WebRTC calls varies depending on whether the conference uses mesh mode or bridge mode. The allowable port range is designed to accommodate a large number of licensed calls.

Polycom recommends that you use the default port range listed in the TURN Settings since the number of allocations can vary for calls, but you can choose any port range within the allowable range. The port range you configure must be configured on your firewall.

CAUTION: When you enable the TURN server for the first time, you must add at least one TURN user in order for the TURN server to allow requests. If you disable the TURN server, all TURN users are saved and will be available if you later re-enable the TURN server.

Procedure

  1. If you haven’t already done so, go to Admin > Server > Network Settings > Services and assign a Private (LAN) and Public (WAN) interface to TURN Services.
    It’s recommended that you assign TURN services to only a single NIC.
  2. Go to Service Config > TURN Settings.
  3. Select Enable TURN server.
  4. Complete the fields as described in the following table.
    TURN server configuration
    Field Description
    Public IP Address The public (WAN) IP address of the network interface assigned to TURN services. Automatically populated with the value from Network Settings.
    Public NAT Address

    The NAT address of the network interface assigned to TURN services, mapped on the external firewall.

    The value displays only if you entered an IPv4 NAT address for the network interface assigned to TURN Services in Network Interface Settings.

    Transport

    The transport protocol used for communication between the WebRTC client and the TURN server.

    Default: UDP

    TURN port

    The listening port the RealPresence DMA system uses to receive TURN allocation requests from private or public clients. The system uses this port only to establish a TURN session.

    Default UDP port: 3478

    Relay port range

    The dynamic port range used to relay media directly between WebRTC clients in a mesh call or between WebRTC clients and an MCU in a bridge call. Each allocation requires one port, so if your port range is small, only a small number of allocations can be supported at one time.

    Relay port range: 60002 - 65535

    Default authentication realm The realm is typically a domain name and is part of the required authentication credentials for a TURN user. If a WebRTC client provides only a username and password when requesting TURN services, the TURN server automatically assigns the default authentication realm.
    Note that not all fields are editable from the TURN Settings page.
  5. Add TURN users if desired, then click Update to save the settings.