Provided by: turnserver_0.7.3-2_amd64 bug

NAME

       turnserver.conf - TurnServer configuration file

SYNOPSIS

       /usr/local/etc/turnserver.conf

DESCRIPTION

       This is the TurnServer configuration file.
       Here are the configuration options supported.

OPTIONS

       The file contains the following definitions:

       listen_address = { IPv4 address, ... }
              The  public  IPv4  address  of any relayed address (if not set, no relay for IPv4).
              You can set more than one address,  example:    listen_address  =  {  "172.16.2.1",
              "173.17.2.1" }

              The main advantage to have multiple public IPv4 addresses is to do load sharing.

       listen_addressv6 = { IPv6 address, ...}
              The  public  IPv6  address  of any relayed address (if not set, no relay for IPv6).
              You can set more than one address, example:  listen_addressv6 = {  "2001:db8:1::1",
              "2001:db8:2::1" }

              The main advantage to have multiple public IPv6 addresses is to do load sharing.

       udp_port = number
              The UDP port of the server to listen for incoming connections.

       tcp_port = number
              The TCP port of the server to listen for incoming connections.

       tls_port = number
              The TLS port of the server to listen for incoming connections.

       tls = boolean
              Enable or not TLS over TCP connections.

       dtls = boolean
              Enable or not TLS over UDP connections. It is an experimental feature of TurnServer
              and it is not defined by TURN standard.

       max_port = number
              Maximum allocation port number.

       min_port = number
              Minimum allocation port number.

       turn_tcp = boolean
              Enable or not TURN-TCP extension. This extension is documented in RFC6062.

       tcp_buffer_userspace = boolean
              Enable or not userspace buffering for TURN-TCP extension. If false server will  use
              OS buffering.

       tcp_buffer_size = number
              TURN-TCP  internal  buffer  size. It is used to bufferize data coming from TCP peer
              when client does not have sent ConnectionBind.

       daemon = boolean
              Run the program as daemon.

       unpriv_user = string
              If the program is run as root or setuid root, the program will drop its  privileges
              to the unpriv_user privileges.

              To  use  this  feature,  create  a  special  user with the adduser command: adduser
              --system --group turnserver

       realm = string
              Realm value (i.e. domain.org).

       nonce_key = string
              Key used to hash nonce.

       max_relay_per_username = number
              Maximum number of allocation per username.

       allocation_lifetime = number
              Lifetime of an allocation in second.

       bandwidth_per_allocation = number
              Bandwidth limit for an allocation in KBytes/s.  0  value  means  disable  bandwidth
              quota.

       restricted_bandwidth = number
              Bandwidth limit for restricted userse in KBytes/s.  0 value means disable bandwidth
              limitation.

       denied_address {
               address = IPv4 | IPv6 address
               mask = bitmask number
               port = number (1 - 65535)
              }

              Defines an entry for the denied access list. This can appear multiple time.  Format
              is defined as follow:
              address is a string representing an IPv4 or IPv6 address.
              mask  is  a  number  representing the bitmask (i.e. 24 is similar as 255.255.255.0,
              ...).
              port is a number representing the network port. The 0 value means all ports.

              It is strongly recommended to restrict addresses 127.0.0.1 and  ::1  if  there  are
              private services running on the TURN server.

       ca_file = string
              The pathname of the Certification Authority certificate (required when tls=true).

       cert_file = string
              The pathname of the server certificate (required when tls=true).

       private_key_file = string
              The pathname of the server private key (required when tls=true).

       account_method = [file | db | ldap ...]
              The  method  to  retrieve  account  data.   Note  that  only  the  "file" method is
              implemented.

       account_file = string
              The pathname of the account file (required when account_method=file).

       mod_tmpuser = boolean
              Enable or not mod_tmpuser which consist of a socket that listen  on  localhost  and
              external program can create or delete temporary user.

EXAMPLE

       listen_address = { "172.16.0.1" }

       listen_addressv6 = { "2001:db8::1" }

       udp_port = 3478

       tcp_port = 3478

       tls_port = 5349

       tls = true

       dtls = false

       max_port = 65535

       min_port = 49152

       turn_tcp = false

       tcp_buffer_userspace = true

       tcp_buffer_size = 32768

       daemon = false

       unpriv_user = turnserver

       realm = "domain.org"

       nonce_key = "hieKedq"

       max_relay_per_username = 10

       allocation_lifetime = 1800

       bandwidth_per_allocation = 150

       restricted_bandwidth = 10

       denied_address {
         address = "172.1.0.3"
         mask = 24
         port = 0

       }

       denied_address {
         address = "127.0.0.1"
         mask = 8
         port = 0

       }

       denied_address {
         address = "::1"
         mask = 128
         port = 0

       }

       ca_file = "/etc/ca.crt"

       cert_file = "/etc/server.crt"

       private_key_file = "/etc/server.key"

       account_method = "file"

       account_file = "/etc/turnusers.txt

AUTHOR

       Sebastien Vincent <sebastien.vincent@turnserver.org>

SEE ALSO

       turnserver(1)