Configure turn server for WebRTC on Amazon EC2

As we all know, WebRTC is used for video communication.
In video communication, data packets are transferred from one place to another place, therefore a user is able to see other user’s streaming.

But sometimes, when there are some network securities like firewall, then data packet does not transfer and we do not get proper streaming of another user i.e. we get black screen as other user’s stream.

So for this solution, we use turn server.

The TURN Server is a VoIP media traffic NAT traversal server and gateway. It can be used as a general-purpose network traffic TURN server and gateway, too.

Here, I am going to explain you the steps of installing and configuring turn server on Amazon EC2.

First of all download these 2 packages :
libevent-2.0.21-stable.tar.gz (
turnserver- (

then run these commands :
1. To install libevent package
$ tar xvfz libevent-2.0.21-stable.tar.gz
$ cd libevent-2.0.21-stable
$ ./configure
$ make
$ sudo make install

2. To install turn server
$ tar xvfz turnserver-
$ cd turnserver-
$ ./configure
$ make
$ sudo make install

3. $ ldconfig
Idconfig command to create, update, and remove the necessary links and cache to the most recent shared libraries found in the directories specified on the command line, in the file /etc/, and in the trusted directories (/usr/lib, /lib64 and /lib).

4. In your Javascript code where the RTCPeerConnection is created, reference the TURN server as follows:
var pc_config = {“iceServers”: [{“url”: “”}, {“url”:”turn:my_username@’amazon ec2 PUBLIC ip address’ “, “credential”:”my_password”}]};
pc_new = new webkitRTCPeerConnection(pc_config);

5. Open the following ports:
TCP 443
TCP 3478-3479
TCP 32355-65535
UDP 3478-3479
UDP 32355-65535

6. then run this command from turnserver- folder to start the turn server
$ sudo turnserver –syslog -a -L ‘amazon ec2 PRIVATE ip address’ -X ‘amazon ec2 PUBLIC ip address’ -E ‘amazon ec2 PRIVATE ip address’ -f –min-port=32355 –max-port=65535 –user=’my_username’:’my_password’ -r realm –log-file=stdout -v

About Rishi Khandelwal

Sr. Software Engineer having more than 5 years industry experience. He has working experience in various technologies such as Scala, Java, Play, Akka, Lift Web, Spark, ElasticSearch, Backbone.js, html5, javascript, Less, Amazon EC2, WebRTC, SBT
This entry was posted in Scala. Bookmark the permalink.

43 Responses to Configure turn server for WebRTC on Amazon EC2

  1. Harry says:


    I am trying to do the same, however running into some problems. Firstly, what do you mean by the amazon ec2 PUBLIC/PRIVATE ip address ? I believe my amazon ec2 isnt behind any NAT per se given i can directly ssh into it. How do I go about knowing the private address ?

    Also, whats the use of the username/password/realm ?

    Thanks a ton

    • Hi Harry

      For Public/Private IP address: Just go to Amazon EC2 instance -> Select the instance and then you will get all the information of that instance below. Then you will get there Public IPs and Private IPs section.

      Username/password : As you will see that whatever the username and password we are giving in command , the same we are providing in JavaScript in step 4.. So to authenticate user, we provide these values.

  2. vijayaditya says:

    Iam trying to run the turnserver on AMAZON EC2 instance but it says ..
    UDP/DTLS listener opened on:
    but its not the public ip its private ip .
    Is it work even though it displays that message i did all you said above no errors and warnings

  3. vijayaditya says:

    am I don’t need to specify any port along with the ip address in JavaScipt code

  4. vijayaditya says:

    Thank u so much its working for me now Great Article

  5. hi, following the instructions everything seems to work. But the remote video appears as a black square.

    Looking at the logs on turn server, we can see this result:

    2291: handle_udp_packet: New UDP endpoint: local addr, remote addr
    2291: user : incoming packet BINDING processed, success
    2292: user : incoming packet BINDING processed, success
    2292: handle_udp_packet: New UDP endpoint: local addr, remote addr
    2292: user : incoming packet BINDING processed, success
    2292: user : incoming packet BINDING processed, success
    2292: user : incoming packet BINDING processed, success

    some ideas?

    thanks in advance

  6. Pingback: WebRTC | Incidencias

  7. sergio robledo says:

    hi, when running step number 6, does the IP’S username and password need to be between quotation marks? ‘xxx-xxx-xxx-xxx’

  8. marianomejia says:

    Can you give me samples how to use my Turn server. Also give me some test case how to check my turn server if its working correctly. Thanks in advance!

    • vijay says:

      sudo turnserver -syslog -a -L ‘xx.xx.xx.xx’ -X ‘yy.yy.yy.yy’ -E ‘xx.xx.xx.xx’ -f –min-port=32355 –max-port=65535 –user=’userName’:’password’ –realm –log-file=stdout -v –max-bps=20000 –no-stun

  9. vijay says:

    give as it is and replace xx.xx.xx.xx and yy.yy.yy.yy read documentation for better understanding and to test check calls between 2 countries or any secured network or restricted access location

    ….. Hope this helps

  10. vijay says:

    i need to mention that yy.yy.yy.yy is public ip address
    xx.xx.xx.xx is your private not local this is exist only when u r under NAT or AWS EC2

  11. fs says:

    Wheb you say username and password, do you mean we need to configure an account in the turbuserdb.conf file ? Or are we using the aws credentials ?

    • vijay says:

      sudo turnserver -syslog -a -L ‘xx.xx.xx.xx’ -X ‘yy.yy.yy.yy’ -E ‘xx.xx.xx.xx’ -f –min-port=32355 –max-port=65535 –user=’userName’:’password’ –realm –log-file=stdout -v –max-bps=20000 –no-stun

      the above command itself says USERNAME and PASSWORD

  12. Pingback: Configure turn server for webRTC with Firefox | Knoldus

  13. Pingback: Ceiba3D Studio | Configure TURN server for webRTC with Firefox

  14. clement360 says:

    Great Article, but what is the -r realm? is realm the value we should pass or do we make it up? does aws provide this value? the docs around it are confusing. do you have any examples?

    • When you will read “README.turnserver” file inside the turnserver package, then you will find the explanation for the same.
      It says :
      “Realm to be used for all users. Must be used with long-term credentials mechanism or with TURN REST API.”

      • clement360 says:

        ok Thank you, I got it to work! one remark, I believe that “–min-rt=32355” is misspelled and should be “–min-port=32355”. most people probably figure it out, but it is a pretty crucial step for the tutorial.

      • Ohh.. I didn’t notice this. Thanks for pointing out the mistake. I have corrected that.

  15. clement360 says:

    I asked before, but I am not sure the comment posted. anyways, What should the realm value be? where do I get this value, or should I literally just pass the word realm?


  16. Raj says:

    Can you explain each parameter in this line {“url”:”turn:my_username@’amazon ec2 PUBLIC ip address’ “, “credential”:”my_password”} ? I am struck and do not know how to move forward.

    • For my_username and my_password : These are the values which we are passing in step 6. These 2 should be same.
      amazon ec2 PUBLIC ip address : this is your amazon EC2’s public IP address

      • Raj says:

        Thank You Sir. Can you help me accessing RTC from two different networks? I am running a browser client app and an Android app where both the are connected in the same network. It works fine.
        When change browser and Android app to different networks they do not work. I do not know how use my Amazon Turn server to rectify this problem. Please help me.

  17. Irudaya Raj says:

    How do I open TCP ports (Step 5)?

  18. Irudaya Raj says:

    I am not getting any debugging lines in TURN server console.

  19. Irudaya Raj says:

    Sir, I am not getting any debug messages in my Amazon Linux console. Can you help me?

  20. Jitendra Swami says:

    This is a great article. It was a great help but I wanted to know what are the minimum configuration(ram,cpu) required to run the turn server?.. I want my turn server to handle 20 concurrent audio only webrtc calls.

  21. Irudaya Raj says:

    Do I need to do anything with /etc/turnserver.conf file before following your steps? I have been struggling to get your steps done. Please guide me.

  22. Sachin Mutthe says:


    Thank you very much for simplification of TURN server installation.

    I have started my TURN server on EC2. And my Node.js server for WebRTC is also on same instance. When I am trying to make call from Wifi, it’s getting connected but when I am trying from 4G or 3G network it’s showing black screen.

    I red some of your solutions and tried as well but non of them helped. Tell me one more thing how you made your EC2 instance as public as you mentioned here in this link ( Link:


  23. test-developer says:

    if we are using this turnserver guaded by above then we dont need to pay any cost. Means on our amazon instance we can install turnserver. Also there is any space matter if more user calling at the same time, means bandwidth issue etc

  24. test-developer says:

    CONFIGURATION ALERT Unknown argument: – ;;
    this error is coming when i run the above command

  25. says:

    Hi Rishi,
    We are using turnserver version, but your command of turnserver doesn’t work. there is error reads not known command ––max-port=65535, and our local can’t reach AWS EC2 container, could you please help? we are using port 80 instead of 3478.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s