Fundamentals
These notes are to be understood as a supplement to our online help and our best practice documents 'STUN/TURN Topologies' and 'Setting up the UCServer for ProCall Mobile Apps'.
Explanation
The STUN/TURN server is required to enable audio/video connections across network and firewall boundaries and connects the services:
- STUN (Session Traversal Utilities for NAT), see
- TURN (Traversal Using Relays around NAT), see
In addition, the publication of the UCServer for signaling is also required.
Use cases
The following topologies must be distinguished in principle:
- For pure internal use of audio/video no additional STUN/TURN service is needed.
- For internal and external use (mobile app, etc.), the STUN/TURN service must be made available on the internet.
The following options are available for connecting internal and external audio/video clients:
STUN/TURN server in the DMZ
CAUTION: The provision of the STUN/TURN service in a DMZ contradicts the basic STUN/TURN functionality and has considerable dependencies on the firewall and DNS configuration, therefore this constellation is generally not recommended. The functionality of the STUN/TURN service cannot be guaranteed by estos in this constellation and is the responsibility of the system engineer..
In addition to the notes in the Best Practice document, we draw attention to the following additional aspects:
- The firewall must have a loopback route through which all data packets of the STUN/TURN server are transported inwards via the external IP interface.