Coturn fails on TURN (allocation timeout)

My coturn server always fails on turn. I've tried much variants of config, but nothing works(

Server is not NATted, and have only public IP.

Using next config:

domain=sip.domain.ru
realm=sip.domain.ru
server-name=sip.domain.ru

#listening-ip=0.0.0.0
#external-ip=0.0.0.0

external-ip=213.232.207.000
external-ip=sip.domain.ru
listening-port=3478

min-port=10000
max-port=20000

fingerprint

log-file=/var/log/coturn/turnserver.log
verbose
user=DavidMaze:Password
lt-cred-mech
#allow-loopback-peers

web-admin
web-admin-ip=213.232.207.000
web-admin-port=8090

cert=/usr/share/coturn/server.crt
pkey=/usr/share/coturn/server.key
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"

While calling, there is waiting for 60s, then in logs:

0: log file opened: /var/log/coturn/turnserver_2023-01-13.log
0: pid file created: /run/turnserver/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
0: Wait for relay ports initialization...
0:   relay 213.232.207.000 initialization...
0:   relay 213.232.207.000 initialization done
0:   relay ::1 initialization...
0:   relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: turn server id=3 created
0: turn server id=2 created
0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: turn server id=5 created
0: turn server id=4 created
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/SCTP listener opened on : 213.232.207.000:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/SCTP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/SCTP listener opened on : ::1:3478
0: turn server id=6 created
0: turn server id=7 created
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv6. TLS/SCTP listener opened on : ::1:5349
0: IO method (general relay thread): epoll (with changelist)
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: turn server id=9 created
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: turn server id=11 created
0: IO method (general relay thread): epoll (with changelist)
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: turn server id=14 created
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: turn server id=13 created
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: turn server id=10 created
0: turn server id=15 created
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: turn server id=8 created
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: turn server id=12 created
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. DTLS/UDP listener opened on: 213.232.207.000:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. DTLS/UDP listener opened on: 213.232.207.000:5349
0: IPv6. DTLS/UDP listener opened on: ::1:3478
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: Total General servers: 16
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IPv4. TLS/SCTP listener opened on : 213.232.207.000:8090
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:8090
0: IPv4. web-admin listener opened on : 213.232.207.000:8090
0: SQLite DB connection success: /var/lib/turn/turndb
5: handle_udp_packet: New UDP endpoint: local addr 213.232.207.000:3478, remote addr 188.162.5.118:34297
5: session 010000000000000001: realm <sip.domain.ru> user <>: incoming packet BINDING processed, success
5: session 010000000000000001: realm <sip.domain.ru> user <>: incoming packet message processed, error 401: Unauthorized
5: IPv4. Local relay addr: 213.232.207.000:11050
5: session 010000000000000001: new, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=600
5: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet ALLOCATE processed, success
6: session 010000000000000001: peer 213.232.207.000 lifetime updated: 300
6: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet CREATE_PERMISSION processed, success
7: handle_udp_packet: New UDP endpoint: local addr 213.232.207.000:3478, remote addr 87.103.193.000:56186
7: session 006000000000000001: realm <sip.domain.ru> user <>: incoming packet BINDING processed, success
7: session 006000000000000001: realm <sip.domain.ru> user <>: incoming packet message processed, error 401: Unauthorized
7: IPv4. Local relay addr: 213.232.207.000:16236
7: session 006000000000000001: new, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=600
7: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet ALLOCATE processed, success
7: session 006000000000000001: peer 213.232.207.000 lifetime updated: 300
7: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet CREATE_PERMISSION processed, success
15: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
17: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
26: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
27: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
36: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
38: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
46: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
47: handle_udp_packet: New UDP endpoint: local addr 213.232.207.000:3478, remote addr 188.162.5.118:23038
47: session 008000000000000001: realm <sip.domain.ru> user <>: incoming packet BINDING processed, success
48: session 008000000000000001: realm <sip.domain.ru> user <>: incoming packet message processed, error 401: Unauthorized
48: IPv4. Local relay addr: 213.232.207.000:16208
48: session 008000000000000001: new, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=600
48: session 008000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet ALLOCATE processed, success
48: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
48: session 008000000000000001: peer 213.232.207.000 lifetime updated: 300
48: session 008000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet CREATE_PERMISSION processed, success
50: session 010000000000000001: refreshed, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=0
50: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet REFRESH processed, success
50: session 008000000000000001: refreshed, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=0
50: session 008000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet REFRESH processed, success
50: session 006000000000000001: refreshed, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=0
50: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet REFRESH processed, success
51: session 008000000000000001: usage: realm=<sip.domain.ru>, username=<DavidMaze>, rp=5, rb=364, sp=5, sb=508
51: session 008000000000000001: closed (2nd stage), user <DavidMaze> realm <sip.domain.ru> origin <>, local 213.232.207.000:3478, remote 188.162.5.118:23038, reason: allocation timeout
51: session 008000000000000001: delete: realm=<sip.domain.ru>, username=<DavidMaze>
51: session 008000000000000001: peer 213.232.207.000 deleted
51: session 010000000000000001: usage: realm=<sip.domain.ru>, username=<DavidMaze>, rp=10, rb=592, sp=10, sb=1032
51: session 010000000000000001: closed (2nd stage), user <DavidMaze> realm <sip.domain.ru> origin <>, local 213.232.207.000:3478, remote 188.162.5.118:34297, reason: allocation timeout
51: session 010000000000000001: delete: realm=<sip.domain.ru>, username=<DavidMaze>
51: session 010000000000000001: peer 213.232.207.000 deleted
51: session 006000000000000001: usage: realm=<sip.domain.ru>, username=<DavidMaze>, rp=58, rb=7500, sp=9, sb=892
51: session 006000000000000001: closed (2nd stage), user <DavidMaze> realm <sip.domain.ru> origin <>, local 213.232.207.000:3478, remote 87.103.193.000:56186, reason: allocation timeout
51: session 006000000000000001: delete: realm=<sip.domain.ru>, username=<DavidMaze>
51: session 006000000000000001: peer 213.232.207.000 deleted

Also, 2 days ago i was having 403: forbidden IP. But it was fixed by commenting listening-ip

Fixed issue. For others:

1. At first, check issue on different browsers. I've detected, that call works on Mozilla Firefox, while don't work on Chromium-based browsers;
2. You can enable extra-verbose mode by -V flag (uppercase) or --Verbose. This can help, but logs are very annoying and no need to see them in 95% times;
3. While testing TURN-server via very popular tool WebRTC sample - Trickle ICE, you can see authentication failed? with relay in next line. This might not be problem, check this with other working TURN-server (example)
4. Check client's firewall for blocking ports of STUN/TURN servers, for port ranges of TURN. That was my case, client's firewall was blocking 24000-64000 ports.