net/turnserver: Conceptual concern (may be noob, a feature request or even a bug)


- [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
- [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.


------------

Hi!
Thank you for this plugin and the effort.
The following may be my lack of understanding.

**My interpretation**
- It is my understanding that TURN servers can relay to any IPs they can route to.
- Running a TURN on the firewall thus gives them access to all subnets local to the router which includes private subnets.
- TURN servers are also expected to be reachable from the Internet.

**Concern**
Isn't this a hefty privilege escalation, bypassing the Firewall, secured only by the secret key?
Should the TURN be more locked down in terms of internal subnet access?
If so, what is the correct way to do this?
Should the plugin enforce blacklists for private IP ranges (like coturn does)?

Thank you
Best regards

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

net/turnserver: Conceptual concern (may be noob, a feature request or even a bug) #5195

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

net/turnserver: Conceptual concern (may be noob, a feature request or even a bug) #5195

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions