Hello Level1Techs community!
Im coming here because ive been having a very hard time trying to get a TURN/STUN server to run behind pfsense with haproxy for almost 2 weeks now, almost pulling my hair out.
Unfortunately i haven’t been able to find any answer to this anywhere else or anyone that configured a TURN server using coturn, behind haproxy on pfsense, so im hereby very kindly asking for help from the combined brainpower of the Level1Techs Community
I will explain my setup so its better understood as its a bit complex.
I have 18 VMs running on Proxmox:
- PFSense (which all vms are connected and run their connections trough)
- Many wordpress and other servers, nextcloud, [email protected], Matrix Synapse (which ive been having problems too but i will make a separate post for that) and a few other things.
Digital diagram is as follows:
Internet <–> Pfsense (WAN)| HAProxy |Frontend <-> Backend <-> Server (Ubuntu 18.04 with COTURN)
As you can see above, i have ports open on WAN for the Webservers, nextcloud, Matrix, TURN etc
Below you can see that i have a frontend for the TURN server listening on port 3478 and 5349
Below is the backend that the frontends connect to
Below is the ports the turnserver vm is listening to
Running Ubuntu 18.04, with Coturn
Listening to default ports set in the backend of haproxy as shown on the image
192.168.2.4 as listening ip
min/max ports default
realm set to my turn.mydomain.com
external-ip= (The VM pub ip adress)
everything else default
Proxmox has no firewall active on the vm.
UFW ports 80, 443, 3478 and 5349 open
Any attempt to connect and send traffic trough port 3478 fails, not even gonna mention the ssl port
(The same coturn configuration for port 3478 on a Linode (using L1Techs affiliate ) is running perfectly fine and connectable on nextcloud, calls work perfectly well routing trough it )
i even tried putting nginx in front of the turn server, haproxy backend using 80 / 443, nginx listening to ports 80 / 443 with proxypass etc on it sending them to 127.0.0.1:3478 an coturn listening on 127.0.0.1 ports 3478 / 5349, but no luck there either…
As visible on the wan firewall rules screenshot, traffic reaches the firewall, but its not reaching the server at the other side of haproxy so i think my haproxy Frontend <-> Backend <-> Server pipe is messed somewhere in between but cant pinpoint where
What am i missing and messing up?
All the help or advice will be immensely appreciated