I have installed ejabberd_stun with the following configuration:
port: 3478
transport: udp
use_turn: true
auth_type: user
auth_realm: "X.X.X.X"
turn_ip: "same as above(my public ejabberd ip)"
module: ejabberd_stun
Things are working as expected in development (local) but when we move to production voice call doesn't seems to work .
It seems NAT is not working.
Do I have to configure anything specific to production environments? If not then what could be the possible reason & how to proceed to debug it further? Any help would be appreciated.
Your auth_realm should be set to the domain you want the TURN instance to serve. If your server has multiple domains that need to be served, you need to set up additional TURN instances on different ports (one for each domain). You also need to set up STUN/TURN SRV records - https://wiki.xmpp.org/web/SRV_Records#STUN_SRV_records.
Additionally, TURN authentication will not work with SCRAM password storage or LDAP Auth, because ejabberd needs to send your user password to the TURN server for authentication. For LDAP auth, the workaround is to use an external auth script (https://www.ejabberd.im/files/contributions/check_pass_ldap_perl.pl.txt) and enable extauth_cache.