prosodyctl: check turn: Add check for private IP returned from STUN.
--- a/util/prosodyctl/check.lua Sat Mar 05 20:34:24 2022 +0000
+++ b/util/prosodyctl/check.lua Sat Mar 05 20:34:58 2022 +0000
@@ -63,6 +63,7 @@
local function check_turn_service(turn_service, ping_service)
local stun = require "net.stun";
+ local ip = require "util.ip";
-- Create UDP socket for communication with the server
local sock = assert(require "socket".udp());
@@ -103,6 +104,9 @@
result.error = "STUN server did not return an address";
return result;
end
+ if ip.new_ip(result.external_ip.address).private then
+ table.insert(result.warnings, "STUN returned a private IP! Is the TURN server behind a NAT and misconfigured?");
+ end
-- Send a TURN "allocate" request. Expected to fail due to auth, but
-- necessary to obtain a valid realm/nonce from the server.