Version 0.0.5 of the PionTurn plugin has been released!
Close on the heels of the External Service Discovery plugin comes the release of the PionTurn plugin for Openfire. This plugin uses the Pion Turn Project (GitHub - pion/turn: Pion TURN, an API for building TURN clients and servers) to create a TURN/STUN server for Openfire.
This version upgrades Pion TURN to 2.1.4 and adds support for specifying a UDP port range.
This plugin is only useful when Openfire is in a network location that is not behind restrictive constructs like NAT (one of it’s main purposes is to help clients circumvent NATs in the first place). The STUN service itself needs to see the ‘public’ IP address of the client (and possibly vice versa). That works best if the server is itself in a public network segment. The TURN service is more elaborate: instead of just being used to report on the observed client IP/port, it will act as a proxy. That means that all data flows over the TURN server (which isn’t true for a STUN server). In any case: make your Openfire server have a public IPs, not something behind a NAT.
When your Openfire is behind a NAT, it probably makes less sense to run a STUN/TURN server embedded in Openfire. When this is the case, a valid alternative might be to position a stand-alone STUN/TURN server somewhere ‘public’ (not NATted), and tie that to Openfire using the external service discovery plugin for Openfire.
When you have clients from outside your network wanting to do STUN/TURN, then it’s likely that placing your Openfire server in a DMZ will make it easier for them to connect to it. Please note that there probably are drawbacks with regards to security policies etc.
The update should be visible in the Plugins section of your Openfire admin console within the next few days. You can also download it from the plugin’s archive page.
For other release announcements and news follow us on Mastodon or X