new plugin: net/turnserver, closes #4473

based on devel/helloworld plugin

net/turnserver/Makefile

@@ -0,0 +1,7 @@
+PLUGIN_NAME=		turnserver
+PLUGIN_VERSION=		1.0
+PLUGIN_COMMENT=		The coturn STUN/TURN Server
+PLUGIN_DEPENDS=		turnserver
+PLUGIN_MAINTAINER=	[email protected]
+
+.include "../../Mk/plugins.mk"

net/turnserver/pkg-descr

@@ -0,0 +1,4 @@
+Coturn is a free open source implementation of TURN and STUN Server.
+The TURN Server is a VoIP media traffic NAT traversal server and gateway.
+
+WWW: https://github.com/coturn/coturn

net/turnserver/src/opnsense/mvc/app/controllers/OPNsense/Turnserver/Api/ServiceController.php

@@ -0,0 +1,42 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Frank Wall
+ *    Copyright (C) 2015 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Turnserver\Api;
+
+use OPNsense\Base\ApiMutableServiceControllerBase;
+
+class ServiceController extends ApiMutableServiceControllerBase
+{
+    protected static $internalServiceClass = '\OPNsense\Turnserver\Turnserver';
+    protected static $internalServiceTemplate = 'OPNsense/Turnserver';
+    protected static $internalServiceEnabled = 'settings.Enabled';
+    protected static $internalServiceName = 'turnserver';
+}

net/turnserver/src/opnsense/mvc/app/controllers/OPNsense/Turnserver/Api/SettingsController.php

@@ -0,0 +1,44 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Frank Wall
+ *    Copyright (C) 2015-2019 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Turnserver\Api;
+
+use OPNsense\Base\ApiMutableModelControllerBase;
+
+/**
+ * Class SettingsController Handles settings related API actions
+ * @package OPNsense\Turnserver
+ */
+class SettingsController extends ApiMutableModelControllerBase
+{
+    protected static $internalModelClass = 'OPNsense\Turnserver\Turnserver';
+    protected static $internalModelName = 'turnserver';
+}

net/turnserver/src/opnsense/mvc/app/controllers/OPNsense/Turnserver/IndexController.php

@@ -0,0 +1,47 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Frank Wall
+ *    Copyright (C) 2015 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Turnserver;
+
+/**
+ * Class IndexController
+ * @package OPNsense\Turnserver
+ */
+class IndexController extends \OPNsense\Base\IndexController
+{
+    public function indexAction()
+    {
+        // pick the template to serve
+        $this->view->pick('OPNsense/Turnserver/index');
+        // fetch form data
+        $this->view->settingsForm = $this->getForm("settings");
+    }
+}

net/turnserver/src/opnsense/mvc/app/controllers/OPNsense/Turnserver/forms/settings.xml

@@ -0,0 +1,127 @@
+<form>
+    <field>
+        <label>General Settings</label>
+        <type>header</type>
+    </field>
+    <field>
+        <id>turnserver.settings.Enabled</id>
+        <label>Enable Service</label>
+        <type>checkbox</type>
+        <help>Enable the Turnserver service</help>
+    </field>
+    <field>
+        <id>turnserver.settings.ListenIP</id>
+        <label>Listen IPs</label>
+        <style>tokenize</style>
+        <type>select_multiple</type>
+        <allownew>true</allownew>
+        <help><![CDATA[Listener IP address of relay server. Multiple listeners can be specified. Use 0.0.0.0 or :: to listen on all IPv4 or IPv6 addresses respectively.]]></help>
+    </field>
+    <field>
+        <id>turnserver.settings.ListenPort</id>
+        <label>Listen Port</label>
+        <type>text</type>
+        <help>TURN listener port for UDP and TCP (Default: 3478). NOTE: Do NOT set this to 80 or 443 when listening on all IPs, this may block access to the OPNsense WebUI.</help>
+    </field>
+    <field>
+        <id>turnserver.settings.MinPort</id>
+        <label>Min UDP Port</label>
+        <type>text</type>
+        <help>Lower bound of the UDP relay endpoints (Default: 49152).</help>
+    </field>
+    <field>
+        <id>turnserver.settings.MaxPort</id>
+        <label>Max UDP Port</label>
+        <type>text</type>
+        <help>Upper bound of the UDP relay endpoints (Default: 65535).</help>
+    </field>
+    <field>
+        <label>TLS Support</label>
+        <type>header</type>
+    </field>
+    <field>
+        <id>turnserver.settings.TlsEnabled</id>
+        <label>Enable TLS</label>
+        <type>checkbox</type>
+        <help>Enable TLS/DTLS support. This requires a valid TLS certificate.</help>
+    </field>
+    <field>
+        <id>turnserver.settings.TlsCertificate</id>
+        <label>TLS Certificate</label>
+        <type>dropdown</type>
+        <style>style_tls</style>
+        <help>Select a valid TLS certificate.</help>
+    </field>
+    <field>
+        <id>turnserver.settings.TlsPort</id>
+        <label>TLS Port</label>
+        <type>text</type>
+        <help>TURN listener port for TLS (Default: 5349). NOTE: Do NOT set this to 80 or 443 when listening on all IPs, this may block access to the OPNsense WebUI.</help>
+    </field>
+    <field>
+        <label>Security</label>
+        <type>header</type>
+    </field>
+    <field>
+        <id>turnserver.settings.UseAuthSecret</id>
+        <label>Use Auth Secret</label>
+        <type>checkbox</type>
+        <help>This sets a special authorization option that is based upon authentication secret. Enables TURN REST API.</help>
+    </field>
+    <field>
+        <id>turnserver.settings.StaticAuthSecret</id>
+        <label>Auth Secret</label>
+        <type>password</type>
+        <help>The authentication secret value for TURN REST API. It is recommended to use a long random string, at least 32 characters long.</help>
+    </field>
+    <field>
+        <label>Features</label>
+        <type>header</type>
+    </field>
+    <field>
+        <id>turnserver.settings.Realm</id>
+        <label>Realm</label>
+        <type>text</type>
+        <help>The default realm to be used for the users. Must be used with TURN REST API. A good choice may be the domain name of the company.</help>
+    </field>
+    <field>
+        <id>turnserver.settings.FingerprintsEnabled</id>
+        <label>Enable Fingerprints</label>
+        <type>checkbox</type>
+        <help>Use fingerprints in the TURN messages.</help>
+    </field>
+    <field>
+        <label>Tuning</label>
+        <type>header</type>
+    </field>
+    <field>
+        <id>turnserver.settings.UserQuota</id>
+        <label>User Quota</label>
+        <type>text</type>
+        <help>Per-user allocation quota. Default value is 0 (no quota, unlimited number of sessions per user).</help>
+    </field>
+    <field>
+        <id>turnserver.settings.TotalQuota</id>
+        <label>Total Quota</label>
+        <type>text</type>
+        <help>Total allocation quota. Default value is 0 (no quota).</help>
+    </field>
+    <field>
+        <id>turnserver.settings.StaleNonce</id>
+        <label>Stale Nonce Lifetime</label>
+        <type>text</type>
+        <help>Limit the nonce lifetime (in seconds) for extra security. Default value is 600 secs (10 minutes).</help>
+    </field>
+    <field>
+        <id>turnserver.settings.ChannelLifetime</id>
+        <label>Channel Lifetime</label>
+        <type>text</type>
+        <help>The lifetime for the channel (in seconds). Default value is 600 secs (10 minutes).</help>
+    </field>
+    <field>
+        <id>turnserver.settings.PermissionLifetime</id>
+        <label>Permission Lifetime</label>
+        <type>text</type>
+        <help>The permission lifetime (in seconds). Default value is 300 secs (5 minutes).</help>
+    </field>
+</form>

net/turnserver/src/opnsense/mvc/app/models/OPNsense/Turnserver/ACL/ACL.xml

@@ -0,0 +1,9 @@
+<acl>
+    <page-services-turnserver>
+        <name>Services: Turnserver</name>
+        <patterns>
+            <pattern>ui/turnserver/*</pattern>
+            <pattern>api/turnserver/*</pattern>
+        </patterns>
+    </page-services-turnserver>
+</acl>

net/turnserver/src/opnsense/mvc/app/models/OPNsense/Turnserver/Menu/Menu.xml

@@ -0,0 +1,5 @@
+<menu>
+    <Services>
+        <Turnserver VisibleName="Turnserver" cssClass="fa fa-comment-o fa-fw" url="/ui/turnserver"/>
+    </Services>
+</menu>

net/turnserver/src/opnsense/mvc/app/models/OPNsense/Turnserver/Turnserver.php

@@ -0,0 +1,53 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Frank Wall
+ *    Copyright (C) 2015 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Turnserver;
+
+use OPNsense\Base\BaseModel;
+
+/**
+ * Class Turnserver
+ * @package OPNsense\Turnserver
+ */
+class Turnserver extends BaseModel
+{
+    /**
+     * check if module is enabled
+     * @return bool is the Turnserver service enabled
+     */
+    public function isEnabled()
+    {
+        if ((string)$this->settings->enabled === "1") {
+            return true;
+        }
+        return false;
+    }
+}