What is a TURN server?

A Traversal Using Relays around NAT (TURN) server allows for reliable WebRTC connections in highly restrictive networks.

Learning Objectives

After reading this article you will be able to:

  • Describe what a TURN server does
  • Understand the advantage of using a TURN server
  • Contrast TURN vs. STUN servers

Copy article link

What is a TURN server?

A Traversal Using Relays around NAT (TURN) server is a type of web server that enables WebRTC connections between computing devices when firewalls or the usage of private IP addresses break real-time communications connections, such as video or audio calls. As the acronym indicates, TURN service circumvents network address translation (NAT) to ensure the connection between clients does not break in the middle of a session.

Simply put, TURN servers help ensure that video and audio calls work well even when the network is not configured to support them.

TURN servers become necessary when one of the devices in a WebRTC connection uses a private IP address. Devices that have private IP addresses use NAT to connect to other devices. NAT repackages packets and sends them to the private IP address, but it does not work well with many protocols, including WebRTC.

Imagine Alice wants to drive to Bob's house, but there is a roadblock set up across the highway between them. Instead of taking the highway and hitting the roadblock, Alice takes side streets until she reaches Bob's house via an alternate route. A TURN server provides an alternate route for WebRTC connections when NAT might otherwise be an impassable roadblock.

TURN vs. STUN server

A STUN (Session Traversal Utilities for NAT) server is another type of server that supports WebRTC connections. It allows two devices to discover each other's public IP addresses and initiate a direct connection. However, STUN servers often cannot bypass stringent security measures. In such cases, a TURN server can be used instead.

What is WebRTC?

Web Real-Time Communications (WebRTC) is an open-source technology that allows for establishing direct peer-to-peer (P2P) real-time communication via APIs. It allows client devices to stream files to each other instead of relying on a central server (as opposed to protocols like HLS or HDS, which presume a client-server model). WebRTC has also come to be used for a number of communications protocols, such as voice over Internet protocol (VoIP), which supports Internet-based telephone and video calls.

What is network address translation (NAT)?

NAT (network address translation) is a technique for mapping private IP addresses to public IP addresses — or, most commonly, mapping multiple private IP addresses to one public IP address. (IP addresses are essential for setting up connections between devices.)

NAT is like using a forwarding address within a postal system. Correspondents can send mail without knowing the recipient's true mailing address, since the forwarding address will send it on to that address. Similarly, NAT matches a public IP address to a private IP address and forwards packets to the correct places.

One of the most popular applications of NAT is assigning IP addresses within local area networks (LANs), such as home WiFi networks. There are not enough IPv4 addresses to go around, so routers assign dynamic, private IP addresses to network-connected devices. These IP addresses are likely used by other devices on the Internet as well, so to avoid confusion the router uses NAT to change them to one public-facing IP address that is not duplicated anywhere else. (The ISP may dynamically assign those public-facing IP addresses also.)

NAT is additionally used as a security measure to keep IP addresses private. A device can avoid revealing its true IP address outside the network — or even within the network — and use NAT to broadcast a public IP address and connect to other devices.

The problem is that some application-layer protocols do not work well with NAT, just as one's forwarding address may not be able to forward every type of mail (large packages, for instance).

What is the advantage of using a TURN server?

A TURN server helps ensure connectivity even in highly restricted network environments that use NAT and firewalls to conceal IP addresses. It allows real-time communications to work when normal connections are not possible and STUN servers cannot support them. TURN servers improve reliability for Internet-based phone services or chat services.

Does Cloudflare Calls include TURN service?

Cloudflare Calls is a service that allows developers to build real-time audio, video, and data applications. Cloudflare Calls does include a global TURN server, making it easier to build real-time applications that are fast and reliable. To learn more about Cloudflare's TURN service, see the developer docs.