Software & Stacks

coturn (open-source STUN/TURN server)

coturn is the standard open-source STUN/TURN server. It is the relay-of-last-resort that lets WebRTC and SIP-over-NAT clients reach each other when direct connectivity fails. If you run any browser-based softphone or AI voice agent, coturn (or an equivalent) is in your stack — usually invisibly.

STUN vs TURN, briefly

See ICE / STUN / TURN for the details.

Why coturn

Minimal config

# /etc/turnserver.conf
listening-port=3478
tls-listening-port=5349
listening-ip=0.0.0.0
external-ip=<public-ip>
realm=turn.example.com
cert=/etc/letsencrypt/live/turn.example.com/fullchain.pem
pkey=/etc/letsencrypt/live/turn.example.com/privkey.pem
use-auth-secret
static-auth-secret=<long-random-string>
min-port=49152
max-port=65535
no-stdout-log
log-file=/var/log/turnserver.log

Short-term credentials (RFC 8489)

Don't issue long-lived TURN passwords. Mint short-lived (15 minute) HMAC-signed tokens at your backend:

# Server-side token mint
import hmac, hashlib, base64, time
username = f"{int(time.time()) + 900}:user"     # expires in 15min
secret = "<static-auth-secret from turnserver.conf>"
credential = base64.b64encode(
    hmac.new(secret.encode(), username.encode(), hashlib.sha1).digest()
).decode()
# Send {username, credential} to the browser

DIDHub TURN

DIDHub provides authenticated TURN at turn.didhub.io:443 for every customer with a SIP trunk — no separate coturn deployment needed. Credentials are minted via the dashboard or API with a 15-minute TTL.

Related terms

ICE / STUN / TURN

WebRTC (Web Real-Time Communications)

NAT Traversal in SIP/VoIP

rtpengine (media proxy / relay)

Ready to get a number?

Pick a DID in 130+ countries from $1.99/month. Activates instantly on most numbers.

Browse numbers Talk to sales