View Source Changelog
All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
1.12.0 - 2023-09-28
- The new
blacklist_peersoptions may be used to specify blocklists for TURN clients and TURN peers separately. The old
blacklistoption that affected both clients and peers has been deprecated. The same applies to the
whitelistoption, which has been deprecated in favor of the new
whitelist_peersoptions. By default, the
blacklist_peersoption is set to a list of networks recommended to be blocked. The other three lists are empty by default.
- Binary release: Update OpenSSL from 3.1.2 to 3.1.3.
- Binary release: Update zlib from 1.2.13 to 1.3.
- Binary release: Use new (GCC-13.2-based) version of build toolchain.
- Don't fail to ping the systemd watchdog under certain conditions.
- Drop support for container image for architecture
s390x. If you need it, please contact us.
1.11.1 - 2023-08-06
- Don't fail to build with
1.11.0 - 2023-08-06
- Allow for specifying static
eturnal.ymlconfiguration file. They can be used instead of (or in addition to) a shared
- Allow for overriding the
build.configsettings using environment variables (of the same name, but upper-case).
- Docker: Container images can now be pulled from Docker Hub as well. The name
docker.io/eturnal/eturnal:latest. When pulling with
docker.iomay be omitted.
- Provide a homebrew Formula for macOS.
- The environment variable
ETURNAL_ETC_PREFIXhas been deprecated in favor of
ETURNAL_ETC_DIR. If the former was used with previous releases,
ETURNAL_ETC_DIRshould now be set to
mod_stats_prometheus: Fine tune bucket sizes for TURN sessions, e.g., drop the 1 KiB bucket, as the 4 KiB bucket size should be sufficient to identify "inactive" sessions. Also, slightly alter the other bucket sizes.
- Binary release: Update Erlang/OTP from 25.0.3 to 26.0.2.
- Binary release: Update Rebar3 from 3.19.0 to 3.22.1.
- Binary release: Update OpenSSL from 1.1.1q to 3.1.2.
- Binary release: Update zlib from 1.2.12 to 1.2.13.
- Binary release: Build Erlang/OTP without Termcap support.
- Docker: Always use the same Erlang/OTP version as the binary release.
- Windows: Update Erlang/OTP to 26.x.
- Fix a small memory leak (about 200 bytes per TURN session).
- Include the
ssllibrary with non-distro builds, as it's required for enabling TLS for the
- Docker: Include libcap libraries into the image to enable binding to
privileged ports (<1024) directly.
Hint: Depending on the container runtime in use, if the
CAP_NET_BIND_SERVICEmay be included again to make the container work (see examples).
1.10.1 - 2022-08-02
- Improve TCP/TLS performance if no traffic shaper is configured using the
mod_stats_prometheus: Add a counter for STUN/TURN protocol errors, bucketed by transport and error condition.
code_loadingoption to specify whether code is loaded statically during eturnal startup or dynamically on demand. The latter may be desirable for (distribution) builds that use separately packaged Erlang dependencies, as it avoids hard-coding dependency versions at build time.
- Docker: Include STUN lookup at container start for an IPv6 address as well.
- Docker: Allow to define a different external STUN service for IP address
lookups by adding the container-image-specific environment variable
STUN_SERVICE, defaulting to:
STUN_SERVICE="stun.conversations.im 3478". This same variable may also be used to disable the STUN lookup by defining
build.config: Rename the
- Binary release: Reduce code size by omitting an unused transitive dependency (which had slipped back into the previous release).
build.config: Remove the
- Fix dynamic loading of
mod_stats_prometheusdependencies (for distribution builds).
- Docker: Keep list of installed packages, so that image scanners like Trivy can check the image for vulnerabilities.
1.10.0 - 2022-07-27
mod_stats_prometheus, a module for exporting metrics to Prometheus.
- Include an example configuration for logrotate.
- Include an example OpenRC init (and configuration) file.
- If an EPMD process was spawned during eturnal startup, stop it on shutdown, unless it's used by other Erlang nodes.
- Avoid permission issues in the case where
eturnalctlwas invoked by root from a directory the user running eturnal isn't permitted to change into.
- Make sure
eturnalctl daemonwon't hang on the very first startup when using Erlang/OTP 23 or newer.
1.9.1 - 2022-07-17
- Allow for adding the special keywords
blacklist. The former expands to the addresses blocked by default, the latter includes the former and additionally expands to a number of networks recommended to be blocked.
- Fall back to reading the relay port range boundaries from environment
- Docker: Adjust image
ENTRYPOINTto provide a way to autodetect (in most cases) the Docker host's IPv4 address during container startup within isolated network environments, without explicitly defining the IPv4 address (with an
ENVvariable or a configuration file).
- If an EPMD process is spawned during eturnal startup, let it listen on
localhostonly (#9). (Note that our Linux packages and container images are configured to not start an EPMD process.)
- Omit the code location from log messages, except when debug logging is enabled.
- Apply other minor logging improvements.
- Docker: Reduce image size. IMPORTANT: A custom
eturnal.ymlconfiguration file should be mounted to the default path
/etc/eturnal.ymlor to a custom path defined with
ETURNAL_ETC_PREFIX, as mounting it to
/opt/eturnal/etc/eturnal.ymlwill prevent the container to start up successfully.
- Binary release: Update Erlang/OTP from 25.0.2 to 25.0.3.
- Windows: Update to LibYAML 0.2.5.
- Windows: Update to OpenSSL 3.0.5.
1.9.0 - 2022-07-07
- Publish Docker images and provide configuration examples for Docker/Kubernetes (many thanks to Saarko) (#20).
- Fall back to reading the relay IP addresses from environment variables when
relay_ipv6_addressaren't specified (#24).
- Binary release: Update Erlang/OTP from 24.3.4 to 25.0.2.
- Binary release: Update Rebar3 from 3.18.0 to 3.19.0.
- Binary release: Update OpenSSL from 1.1.1m to 1.1.1q.
- Binary release: Update minimum glibc version from 2.17 to 2.19.
- Binary release: Reduce code size by omitting an unused transitive dependency.
- Avoid crashes in the case where no
secretis configured in the
- Don't log misleading complaints about
- Gracefully handle errors while receiving UDP data (#23).
- Restart listeners on failure.
- Reduce log level for network issues that may occur during normal operation.
- Windows: Support custom installation path (#22).
1.8.3 - 2022-05-12
- Specifying an
listenentries is no longer mandatory. The default value is now
- Make sure eturnal's
log_diris used for the additional log files created by
- Keep TURN session IDs unique across eturnal restarts.
- Binary release: Update Erlang/OTP from 24.2.2 to 24.3.4.
- Binary release: Update OpenSSL from 1.1.1m to 1.1.1o.
- Binary release: Update zlib from 1.2.11 to 1.2.12.
- Binary release: Use new (GCC-11.2-based) version of build toolchain.
- Binary release: Provide self-extracting installer for non-DEB/RPM systems.
- Windows: Don't fail to start up after reboot.
1.8.2 - 2022-03-02
- Use a (pseudo)random
- Improve autodetection of relay IP addresses used by default if the
relay_ipv6_addroptions aren't specified.
- Binary release: Update Erlang/OTP from 24.2 to 24.2.2.
- Don't crash without explicit
listenconfiguration. This bug was introduced with version 1.7.0.
- Don't crash if the configuration file is empty (i.e., has no
- Don't crash if TURN is enabled without a public IPv6 relay address being available.
1.8.1 - 2022-01-10
- Don't fail to handle the
$userargument of the
1.8.0 - 2022-01-10
- Allow for configuring TLS connection properties using the new
- Allow for specifying a
whitelistof IP addresses/subnets which will be accepted even if they would otherwise be rejected due to being matched by a
- Don't close active TURN sessions when ephemeral credentials expire, by
default. The new
strict_expiryoption allows for enabling the previous behavior.
eturnalctl disconnect $usercommand for closing any TURN session(s) of the specified
- Let the
eturnalctl sessionscommand accept an optional
$userargument to list only the TURN session(s) of the specified
- Support running eturnal without the
Erlang Port Mapper Daemon (EPMD) by specifying the environment variable
ERL_DIST_PORT(requires at least Erlang/OTP 23.1 and Rebar3 3.18.0).
- Binary release: Run eturnal without EPMD (as described above).
- Don't log bogus error messages if no eturnal modules are enabled when using Erlang/OTP version 21.0, 21.1, or 21.2.
- Binary release: Don't let Erlang/OTP link against libnsl.so.1, which is no longer shipped by default on RedHat-based distributions, and isn't actually needed (#19).
1.7.0 - 2021-12-15
- Introduce the
proxy_protocolfor enabling HAproxy protocol (version 1 and 2) support (#18).
- Binary release: Update Erlang/OTP from 24.1.7 to 24.2.
- Binary release: Update OpenSSL from 1.1.1l to 1.1.1m.
- Binary release: Link
cryptoNIFs statically into BEAM.
- Binary release: Reduce size by a few MiB by omitting a test suite file.
- Binary release: Don't forget to strip ERTS binaries.
- Don't crash when multiple
secrets are configured on Erlang/OTP 23 or later.
1.6.0 - 2021-12-04
eturnalctl passwordcommands for generating ephemeral TURN credentials.
- Support the
transport: autofor accepting unencrypted TCP and TLS connections on the same port (thanks to Annika Hannig). Requires Erlang/OTP 23 or later.
- Binary release: Update Erlang/OTP from 24.1.4 to 24.1.7.
1.5.0 - 2021-11-02
- Allow for specifying a list of shared secrets in order to facilitate key rollover (#16).
- Improve UDP receive performance.
- Reduce risk of UDP packet loss.
- Binary release: Update Erlang/OTP from 24.1.2 to 24.1.4.
- Handle the case where a
tls_key_fileis specified (by assuming the
tls_crt_fileincludes both the certificate and the key).
- Don't forget to check for new PEM files on reload if the configuration wasn't modified (#17).
1.4.6 - 2021-10-11
- Don't abort (but log an appropriate warning) if TURN is enabled without a shared secret.
- Drop the runtime dependency on the
opensslcommand for generating self-signed certificates.
- Binary release: Update Erlang/OTP from 23.2 to 24.1.2.
- Binary release: Update OpenSSL from 1.1.1i to 1.1.1l.
- Drop the
1.4.5 - 2021-01-28
- Don't include timestamp when logging to the systemd journal.
eturnalctl sessionscope with non-latin characters in user names.
- Binary release: Let
eturnalctl remote_consoleactually connect to the running eturnal instance.
1.4.4 - 2021-01-21
- Reject Teredo and 6to4 peers unconditionally.
- Reject 0.0.0.0/8 and ::/128 peers unconditionally.
- Never request certificates from TLS clients.
1.4.3 - 2020-12-16
- Binary release: Update Erlang/OTP from 22.2 to 23.2.
- Binary release: Update OpenSSL from 1.1.1g to 1.1.1i.
- Don't log stack traces if clients attempt authentication while TURN is disabled.
1.4.2 - 2020-11-04
- Make sure the
eturnal.ymlfile isn't installed world-readable, as it might contain the shared TURN secret (#10).
1.4.1 - 2020-09-09
- Fix systemd watchdog interval recalculation during configuration reloads.
1.4.0 - 2020-09-06
mod_log_stunfor logging STUN requests. Without this module, they will now only show up in the debug log output.
- Add list of TURN permissions to the
- Always log reason for TCP/TLS connection termination (at info level).
- Omit Erlang process ID from log messages (now that a session ID is logged).
- Make the
eturnalctl sessionscommand work with recent versions of the
1.3.0 - 2020-08-26
eturnalctl infocommand, which prints some details regarding the running eturnal instance.
- Add the TURN session duration to the
- Document the module API for developers.
- Refactor the module API to avoid bottlenecks.
1.2.1 - 2020-08-16
- Strip the BEAM files shipped with the binary release. Due to a bug in the build tooling, this didn't happen for the previous release.
1.2.0 - 2020-08-16
- Add experimental support for modules and include a
mod_examplewith the source code. The APIs aren't documented yet and may change in the future.
mod_stats_influx, a module for logging STUN/TURN events/statistics to InfluxDB (contributed by Marc Schink).
1.1.0 - 2020-07-22
eturnalctl sessioncommand, which lists some details about the currently active TURN sessions.
- Append session ID, transport, username, and client IP addresses/ports to STUN/TURN log messages.
- Append relay/peer IP addresses/ports to TURN log messages.
- Log amount of relayed traffic per TURN session.
- Log plain STUN (Binding) responses.
- Log more info level messages during TURN sessions.
- Log error responses sent to STUN/TURN clients.
- Make configuration reloads performed after changing the
listenconfiguration more robust against timing issues.
- Let eturnalctl commands that query the running node fail gracefully if eturnal isn't running.
1.0.0 - 2020-07-13
- Allow for setting the
log_diroption to the special value
stdout, which tells eturnal to print log messages to the standard output rather than logging to a file.
- Publish DEB and RPM packages, and adjust the documentation accordingly.
- Allow for binding to privileged ports (if started via systemd).
- Disable TURN support in the example configuration file.
- If the distribution provides an
epmd.service, make sure eturnal uses it rather than starting its own EPMD instance.
- Don't bind EPMD to 127.0.0.1 by default.
- Only signal readiness to systemd if eturnal's startup actually was successful.
0.8.0 - 2020-07-08
- Support systemd's
- Support systemd's service watchdog feature.
max_allocationsoption from the documentation and from the example configuration. The
stunapplication currently ignores this option, and it's not all that useful with ephemeral TURN credentials anyway.
- Don't ignore the
log_leveloption when the configuration is reloaded.
0.7.0 - 2020-07-07
- Ship documentation and license with binary release archive.
- Add reference documentation which can be built by calling
rebar3 edocwithin the source directory.
- Allow for starting up eturnal without release boot file by calling a command
erl -conf file '"/etc/eturnal.yml"' -s eturnal(assuming the BEAM files are in the code path).
- Refuse TURN relaying from/to loopback addresses by default.
0.6.0 - 2020-07-02
- Include an example init script for non-systemd platforms.
- Log more (and improved) info and debug level messages.
- Allow for starting up eturnal without configured secret if TURN is disabled.
0.5.0 - 2020-06-30
eturnalctl versionprint the version string of the running release.
- Add an initial version of a test suite.
- Allow non-root users to run the eturnalctl script if they have eturnal's Erlang cookie.
- Make the release directory freely relocatable.
0.4.0 - 2020-06-28
- Fix TURN authentication on Erlang/OTP versions older than 22.1.
0.3.0 - 2020-06-28
- Change systemd service type in order to support systemd versions older than 240.
- Make sure the eturnalctl script can be invoked by the superuser.
- Fix compatibility with Erlang/OTP 21.0, 21.1, and 21.2.
0.2.0 - 2020-06-25
- Add Erlang process ID to log messages.
0.1.0 - 2020-06-24
- Allow for configuring the same (port, transport) combination on different IP addresses.
- Fix parameter expansion in eturnalctl script which prevented eturnal from starting up.
- In the README section that describes building from source, don't forget to mention that rebar3 needs to be made executable.
0.0.1 - 2020-06-23
- Initial (pre-)release of the eturnal STUN/TURN server.