What is the difference between a TURN server and a STUN server?

A STUN server helps clients discover their public IP address for direct peer-to-peer connections, while a TURN server relays media traffic when direct connections fail, especially behind strict NAT or firewalls.

Why is a TURN server necessary for WebRTC?

A TURN server is necessary for WebRTC to ensure reliable connectivity when direct peer-to-peer connections are blocked by NAT or firewall restrictions.

How do I configure a TURN server in my WebRTC application?

You typically specify the TURN server URL, username, and credentials in the ICE servers configuration when initializing your WebRTC peer connection.

Are TURN servers secure?

TURN servers can be secure if properly configured, supporting encrypted transport (TLS) and requiring authentication to prevent unauthorized access.

What are the bandwidth implications of using a TURN server?

All media traffic relayed through a TURN server consumes server bandwidth, which can increase operational costs and introduce additional latency compared to direct connections.

Can I use a public TURN server for production applications?

Public TURN servers are not recommended for production due to security, reliability, and bandwidth concerns. It's best to deploy your own or use a reputable hosted service.

Which open-source TURN server implementations are recommended?

Popular open-source TURN server options include coturn, PJNATH, and OfficeSIP TURN Server.

What is a TURN Server? Complete Guide for WebRTC & NAT Traversal (2025)

A deep dive into TURN servers: protocol, use cases, architecture, practical deployment, and their essential role in WebRTC and real-time communication.

What is a TURN Server?

A TURN server, or Traversal Using Relays around NAT server, is a crucial component in modern real-time communications like WebRTC and VoIP. It enables peer-to-peer connections to function reliably across firewalls and NAT devices by relaying network traffic when direct connections are impossible. Understanding what a TURN server is and how it works is essential for developers building robust, scalable, and secure communication applications in 2025.

Understanding the TURN Server Protocol

A TURN server is a specialized relay server that acts as an intermediary between clients that cannot establish a direct peer-to-peer (P2P) connection due to Network Address Translation (NAT) or restrictive firewalls. The TURN protocol, defined in

RFC 5766

, is integral to the Interactive Connectivity Establishment (ICE) framework used by WebRTC and other real-time communication technologies.

TURN stands for Traversal Using Relays around NAT. Unlike STUN (Session Traversal Utilities for NAT), which helps peers discover their public IP addresses for direct communication, TURN goes a step further by relaying media streams between parties when NAT traversal fails—such as in the presence of symmetric NATs or strict firewall rules.

Relayed media through a TURN server ensures robust connectivity at the expense of higher bandwidth usage and potential latency. However, it is often the only way to guarantee a connection when all other NAT traversal methods are blocked. For developers working with

webrtc android

or similar platforms, understanding TURN is especially important to ensure seamless connectivity across devices and networks.

High-level TURN server architecture: Both clients relay media through the TURN server when direct P2P is impossible.

Why Do We Need TURN Servers?

The internet's reliance on NAT (Network Address Translation) and firewalls provides essential security and address management but creates significant obstacles for real-time peer-to-peer communication. NAT devices mask internal IP addresses, while firewalls block unsolicited connections, making direct paths between clients unpredictable or impossible.

STUN servers can often assist with NAT traversal by revealing each client's public-facing IP and port. However, in complex scenarios—such as symmetric NATs or highly restrictive firewalls—STUN falls short. Here, TURN servers step in, acting as reliable relays to facilitate connectivity regardless of network topology.

TURN servers are particularly vital for:

Traversing symmetric NATs that remap ports unpredictably
Circumventing enterprise firewalls blocking UDP traffic
Ensuring failover when direct peer-to-peer communication is not feasible

For cross-platform development, such as with

flutter webrtc

, TURN servers play a key role in maintaining consistent performance across diverse environments.

Without TURN, applications may suffer from failed calls, dropped connections, or inability to establish any session at all—a critical issue for WebRTC, VoIP, and similar technologies in 2025.

How Does a TURN Server Work?

TURN servers operate within the ICE (Interactive Connectivity Establishment) protocol to provide endpoint connectivity across challenging network configurations. Here’s how the process typically unfolds:

ICE Candidate Gathering: When a call is initiated, clients gather ICE candidates—network interfaces where they can receive traffic. This includes host (local), server-reflexive (STUN), and relayed (TURN) addresses.
TURN Allocation: If direct (host or server-reflexive) candidates fail, the client requests an allocation from the TURN server, which assigns a relayed public IP and port.
Relayed Communication: Media and data are sent to the TURN server, which then forwards them to the peer, acting as a media relay.
Session Management: TURN maintains allocation lifetimes and permissions, securing and managing relayed sessions.

The ICE protocol orchestrates the decision-making, always preferring direct routes (host or STUN) and falling back to TURN only when necessary.

For those building browser-based solutions, integrating a

javascript video and audio calling sdk

can streamline the process of handling ICE and TURN server configurations.

ICE protocol flow with TURN fallback for NAT traversal and relayed media.

Example Code: Configuring a TURN Server in WebRTC

1const configuration = {
2  iceServers: [
3    { urls: ["stun:stun.example.com"] },
4    {
5      urls: ["turn:turn.example.com:3478"],
6      username: "user",
7      credential: "pass"
8    }
9  ]
10};
11const pc = new RTCPeerConnection(configuration);
12

Basic TURN server configuration for a WebRTC peer connection.

TURN vs STUN vs VPN: Key Differences

While TURN, STUN, and VPNs all help traverse network boundaries, their roles and use cases differ significantly.

Feature	STUN	TURN	VPN
NAT Traversal	Yes	Yes (with relay)	Not intended for NAT
Media Relay	No	Yes	Yes (all traffic)
Bandwidth Cost	Low	High	High
Application	WebRTC, VoIP	WebRTC, VoIP	Secure network access
Protocols	UDP	UDP, TCP, TLS	Various (IPSec, etc.)
Security	Basic	Auth/encrypted	Encrypted tunnel

STUN: Discovers public IP, best-effort NAT traversal; no relaying.
TURN: Relays all traffic when P2P fails, reliable but bandwidth-intensive.
VPN: Routes all device traffic; not application-specific.

If you’re building video communication features, leveraging a

Video Calling API

can help abstract away many of these complexities, letting you focus on the user experience.

TURN Server Protocol Details

TURN supports multiple transport protocols—UDP, TCP, and TLS—making it versatile in traversing both open and restrictive networks. Session allocations are time-limited (typically 10 minutes) and must be refreshed to maintain relayed connections.

TURN security features include:

Mandatory authentication (long-term and short-term credentials)
Optional TLS encryption for signaling and media
Permission and bandwidth controls

This ensures that only authorized clients can relay traffic, and that traffic between client and server can be encrypted, mitigating risks of eavesdropping or abuse.

For mobile app developers, using a

react native video and audio calling sdk

can simplify integrating TURN and other signaling protocols into cross-platform applications.

Practical Implementation: Setting Up a TURN Server

There are multiple ways to deploy a TURN server in 2025:

Open Source: Projects like
coturn
offer robust, RFC 5766-compliant TURN servers.
Hosted Services: Providers offer TURN as a managed service, reducing operational overhead.
Self-Hosting: Gives full control over security, bandwidth, and cost, but requires ongoing maintenance.

Deployment scenario: For a global WebRTC application, you might deploy regional TURN servers via cloud providers to minimize latency and control bandwidth costs.

For those building with

flutter webrtc

, setting up TURN servers ensures reliable connectivity for users across platforms and devices.

Bandwidth is a major consideration: every byte relayed incurs server and network cost, especially for media-heavy apps. Choose server locations, bandwidth capacity, and scale carefully.

If you’re looking to add calling features to your app, exploring a

phone call api

can provide insights into the best options for integrating audio communication.

Example Code: Deploying an Open Source TURN Server (coturn)

1# /etc/turnserver.conf sample for coturn
2listening-port=3478
3fingerprint
4lt-cred-mech
5user="user:password"
6realm=example.com
7total-quota=100
8bps-capacity=0
9

Sample coturn TURN server configuration file.

For rapid deployment, you can also

embed video calling sdk

solutions, which often handle TURN server integration out of the box.

Best Practices and Common Pitfalls

Security: Always require authentication and use TLS where possible.
Bandwidth: Monitor usage and scale server capacity accordingly; TURN can consume significant resources.
Deployment: Use geographically distributed servers for global apps to reduce latency.
Troubleshooting: Test connectivity across various network types (symmetric NAT, firewalled, etc.) and monitor logs for failed allocations or permission issues.

Conclusion: The Future of TURN Servers

As real-time communication applications like WebRTC and VoIP expand in 2025, TURN servers remain vital for reliable connectivity across restrictive networks. Understanding what a TURN server is—and how to implement, secure, and optimize it—will be essential for developers building the next generation of interactive, global applications.

Ready to enhance your app’s communication capabilities?

Try it for free

and experience seamless integration of TURN servers and real-time video calling features.

Get 10,000 Free Minutes Every Months

No credit card required to start.

Want to level-up your learning? Subscribe now

Subscribe to our newsletter for more tech based insights

FAQ

Free 10,000 minutes for video calls

RELEVANT BLOGS