These notes are to be understood as a supplement to our online help and our best practice documents 'STUN/TURN Topologies' and 'Setting up the UCServer for ProCall Mobile Apps'.
- You can download the best practice documents at the end of the article
- You can find the online help at: http://help.estos.com/help/en-US/procall/7/erestunservice/dokumentation/htm/IDD_FUNCTIONALITY.htm
The STUN/TURN server is required to enable audio/video connections across network and firewall boundaries and connects the services:
- STUN (Session Traversal Utilities for NAT), see
- TURN (Traversal Using Relays around NAT), see
In addition, the publication of the UCServer for signaling is also required.
The following topologies must be distinguished in principle:
- For pure internal use of audio/video no additional STUN/TURN service is needed.
- For internal and external use (mobile app, etc.), the STUN/TURN service must be made available on the internet.
The following options are available for connecting internal and external audio/video clients:
- UCConnect Cloud Service, see https://support.estos.de/en/ucconnect/best-practice-dienste-ueber-ucconnect-aktivieren-und-einrichten
- Provision of the STUN/TURN server on the internet
STUN/TURN server in the DMZ
CAUTION: The provision of the STUN/TURN service in a DMZ contradicts the basic STUN/TURN functionality and has considerable dependencies on the firewall and DNS configuration, therefore this constellation is generally not recommended. The functionality of the STUN/TURN service cannot be guaranteed by estos in this constellation and is the responsibility of the system engineer..
In addition to the notes in the Best Practice document, we draw attention to the following additional aspects:
- The firewall must have a loopback route through which all data packets of the STUN/TURN server are transported inwards via the external IP interface.