Skip to main content

Open Relay: Free WebRTC TURN Server


Metered Video

Enterprise grade WebRTC video calling and live streaming APIs.

Dead Simple Chat

In-App Chat for Website, App, Virtual Event or Live Stream,

What is a TURN Server?โ€‹


WebRTC TURN Server is required to relay the traffic between the peers when direct connection cannot be established among them.

WebRTC protocol establishes a direct connection between the peers, but the sometimes a direct connection cannot be established for this a TURN Server is required to relay the traffic between the peers.

As peers cannot directly connect to each other the TURN Server acts as an intermediary among the peers and forwards the traffic from one peer to another.

All the traffic (video/audio + data) that passes through the TURN server is already end-to-end encrypted by the peers and the TURN Server cannot decode/read the encrypted packet, it just relays the packet to other peers.

turn server

Overviewโ€‹


Open Relay is a free TURN server provided by Metered Video that you can use in your WebRTC applications. The Open Relay TURN server is highly available, reliable and offers both STUN and TURN Capabilities.

The Open Relay runs on port 80 and 443 to bypass corporate firewalls, many corporate/enterprise firewall only allow port 80 or 443, it also supports turns + SSL for maximum compatibility.

  • โœ… Runs on port 80 and 443
  • โœ… Tested to bypass most firewall rules
  • โœ… Enterprise grade reliability (99.999% uptime)
  • โœ… Support TURNS + SSL to allow connections through deep packet inspection firewalls.
  • โœ… Support STUN
  • โœ… Supports both TCP and UDP
  • โœ… Dynamic routing to the nearest server
  • โœ… Production Ready

โœจ How to useโ€‹


You can use the Open Relay TURN Server in your Javascript Code.

Here is a sample Javascript Code with recommended configuration to allow through most firewalls:

var myPeerConnection = new RTCPeerConnection({
iceServers: [
{
urls: "stun:openrelay.metered.ca:80",
},
{
urls: "turn:openrelay.metered.ca:80",
username: "openrelayproject",
credential: "openrelayproject",
},
{
urls: "turn:openrelay.metered.ca:443",
username: "openrelayproject",
credential: "openrelayproject",
},
{
urls: "turn:openrelay.metered.ca:443?transport=tcp",
username: "openrelayproject",
credential: "openrelayproject",
},
],
});
  • "stun:openrelay.metered.ca:80" Open Relay operates in both TURN and STUN mode, so we added a STUN URL to check if it is possible to route connections without the TURN server.

  • "turn:openrelay.metered.ca:80" adding url to connect to TURN server on port 80

  • "turn:openrelay.metered.ca:443" if the firewall rule is very strict and allows access to only port 443, then adding url to connect to TURN server on port 443

  • "turn:openrelay.metered.ca:443?transport=tcp" adding the query parameter to ?transport=tcp to connect via TCP if UDP connections are blocked by the firewall.

๐Ÿ”– TURN and STUN URLsโ€‹

Here is the list of turn and stun URLs that you can use to connect to the Open Relay TURN/STUN servers.

URLDescription
stun:openrelay.metered.ca:80STUN Server URL
turn:openrelay.metered.ca:80TURN Server URL port 80
turn:openrelay.metered.ca:443TURN Server URL port 443
turn:openrelay.metered.ca:80?transport=tcpTURN Server URL port 80 TCP mode
turn:openrelay.metered.ca:443?transport=tcpTURN Server URL port 443 TCP mode
turns:openrelay.metered.ca:443TURNS Server URL (SSL Certificate)
turn:staticauth.openrelay.metered.ca:80TURN Server URL port 80 (uses static auth)
turn:staticauth.openrelay.metered.ca:443TURN Server URL port 443 (uses static auth)
turn:staticauth.openrelay.metered.ca:80?transport=tcpTURN Server URL port 80 TCP mode (uses static auth)
turn:staticauth.openrelay.metered.ca:443?transport=tcpTURN Server URL port 443 TCP mode (uses static auth)
turns:staticauth.openrelay.metered.ca:443TURNS Server URL (SSL Certificate) (uses static auth)

๐Ÿ”“ Credentialsโ€‹

You can connect to the Open Relay TURN server using the following credentials, credentials are only needed for turn server connection:

username: openrelayproject
credential/password: openrelayproject

๐Ÿ” Static Authโ€‹

Services like Nextcloud Talk or Matrix+Synapse+Riot uses static auth instead of username and password authentication for the TURN Server. To use the TURN Server with those services use the static auth url which is staticauth.openrelay.metered.ca

secret: openrelayprojectsecret

๐Ÿ—ธ STUN Server Usageโ€‹

To use just the STUN server, you can only add the stun url

var myPeerConnection = new RTCPeerConnection({
iceServers: [
{
urls: "stun:openrelay.metered.ca:80",
},
],
});

๐Ÿ—ธ TURN Server Usage with UDPโ€‹

The TURN server runs on port 80 and 443. It is recommended to add URL to connect on both ports for maximum compatibility.

var myPeerConnection = new RTCPeerConnection({
iceServers: [
{
urls: "turn:openrelay.metered.ca:80",
username: "openrelayproject",
credential: "openrelayproject",
},
{
urls: "turn:openrelay.metered.ca:443",
username: "openrelayproject",
credential: "openrelayproject",
},
],
});

๐Ÿ—ธ TURN Server Usage with TCPโ€‹

Adding the query parameter ?transport=tcp allows the TURN server to connect over TCP. Some corporate firewalls block UDP connections, this allows the TURN server to connect over TCP.

var myPeerConnection = new RTCPeerConnection({
iceServers: [
{
urls: "turn:openrelay.metered.ca:443?transport=tcp",
username: "openrelayproject",
credential: "openrelayproject",
},
],
});

TURN Server for Nextcloud Talkโ€‹


Open Relay Project also works with Nextcloud talk, follow the instructions below to learn how to configure Nextcloud talk to work with Open Relay.

Nextcloud talk require the auth-secret-authentication so we have to use the Open Relay Project's TURN Server with auth-secret-authentication. Use the turn server url staticauth.openrelay.metered.ca with Nextcloud talk and turn secret: openrelayprojectsecret.

  • Go to Nextcloud-> Settings -> Talk and under TURN Servers press the + button
  • Then select turn:only
  • Under turnserver:port enter staticauth.openrelay.metered.ca:80
  • Under secret enter openrelayprojectsecret

Add another entry for port 443

  • Select turn:only
  • Under turnserver:port enter staticauth.openrelay.metered.ca:443
  • Under secret enter openrelayprojectsecret

Nextcloud Talk TURN Server Setting

๐Ÿงฐ Testing the TURN Serverโ€‹


You can test the TURN Server using:

  • Trickle ICE
  • ICE Test
  • Using JavaScript

Trickle ICEโ€‹

Go to the Trickle ICE website at https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ and enter the TURN Server credentials.

caution

Don't forget to turn: or stun: prefix and add port to the url. e.g: turn:openrelay.metered.ca:80, turn:openrelay.metered.ca:443, stun:openrelay.metered.ca:80 (don't forget to add turn: or stun: and :80 or :443 ).

ICE Testโ€‹

Go to ICE Test website at https://icetest.info/ and enter the turn server URL and credentials to test.

๐Ÿ›ก๏ธSecurityโ€‹


All the WebRTC traffic is end-to-end encrypted using DTLS-SRTP and the TURN server just relays the traffic. The TURN server only parse the UDP layer of WebRTC packet for routing purposes, and do not (and cannot) touch the DTLS encryption.

All the application layer data, include video and datachannel is encrypted using DTLS+SRTP and the TURN server cannot decrypt that data and it only relays the encrypted data among the peers.

You can read more about it here: https://webrtc-security.github.io/

To read more about the TURN proposed standard refer to RFC 5766

โ„น๏ธ Contactโ€‹


If you have any questions, comments or suggestions you can email us at contact[at]openrelayproject.org

๐Ÿš€ Powered by Metered Videoโ€‹


Metered Video provides enterprise grade WebRTC video calling apis that you can use to create video conferencing applications that can scale upto thousands of simultaneous online users, with live streaming and recording capabilities.


Terms and Conditionsโ€‹

By using Open Relay Project Website or TURN server, you agree to our terms and conditions.