Like many users of the brilliant Nextcloud Free and Open Source groupware system, we have been intrigued by the possibilities of its video conferencing system, Nextcloud Talk. Its use, in a corporate context, or a home context where all users are on the same network, is trivial - install the app on the server, then let users either use the web application or a phone app for full and easy videoconferencing. Indeed, often it is possible to use the system when one or more participants are not on the same network, because the app has a built-in capability of using a STUN (Session Traversal Utilities for NAT) which is used to determine the real internet-facing IP address of a user who is, almost certainly, behind a network address translation router.
But there are time when the scenario is further complicated by network traversal demands. Under these circumstances, it seems a full TURN (Traversal Using Relay NAT) server is required. There are quite a few how-to's regarding setting this up, and the official one, it seems, actually works. But when we tried it, on numerous occasions, all we got on our phones was a never ending calling noise. What was odd was that using the system for keyboard chat worked perfectly. Online searches showed that many, many others have had this problem, while many also easily get it all to work. I was on the verge of giving up on this, when I stumbled across a post that seems to have resolved the problem. I could find nothing in the logs to help - in fact, nothing in the logs at all, suggesting that the system was not working in any way.
Like many who would be interested in a Free and Open Source solution like Nextcloud, we tend to use the F-Droid app repository for our mobile phone apps, ensuring that the majority, if not all, we run on them remains free and under our control, rather than being a conduit for corporate privacy invasion. Obviously, we chose to install Nextcloud Talk from F-Droid. However, it seems that the version in F-Droid has been compiled without the push notification code the mainstream version provides. It seems the code does not comply with F-Droid expectations of freedom, so they have a version without this crucial aspect.
We installed the app from Google's Play Store and since then, Nextcloud talk works fine. It takes a few rings before the receiving party gets notified, but that's not a problem. It is apparently possible to install the Andoid .apk straight from the github repository, but obviously updates will then have to be done manually too.
The key settings in /etc/turnserver.conf (we run on Raspbian/Debian Buster) are:
listening-port=<yourChosenPortNumber> fingerprint use-auth-secret static-auth-secret=<yourChosen/GeneratedSecret> realm=your.domain.org total-quota=100 bps-capacity=0 stale-nonce no-multicast-peers
Make sure port 3487 is open on the server (we did the tls port too - 5349) and - so easy to forget - make sure your router port-forwards these to the server, assuming your server is in a NATed network. Note that Talk apparently only uses the non-tls port for reasons explained in the post above) Edit: we ran some tests, and only got good results when the tls port 5349 was also open.
Finally, configure the app as the administrator on your Nextcloud system. I used the FQDN of the server, as this points to the public IP address when outside the network, and the private IP address when inside the network (thanks for the flexibility, dnsmasq) and the non-tls port 3748. I also added this as a STUN server in addition to the default nextcloud.com option.
I hope this helps.
Edit: I've now found that openturn can be run only on the tls port 5349. This should make things a bit better from an admin point of view.