You are here: Integration > Reverse proxy and TURN server > Alternative configurations

Alternative dual NIC reverse proxy/TURN server deployment

This section shows an alternative dual NIC network configuration for the reverse proxy and TURN server.

Dual NIC public/private address with routing to alternative VLAN for management

In this example, the environment is split into two parts: an internal, private network segment and a DMZ network. The private network has two Pexip Infinity Conferencing Nodes and the reverse proxy/TURN server internal interface, while the DMZ perimeter network contains the reverse proxy/TURN server external interface.

Note that all IP addresses in this guide are examples only — actual IP addressing will be deployment specific.

The reverse proxy/TURN server in this case has two network interfaces:

  • An internal facing interface (IP address which is connected to the internal LAN network.
  • An external facing interface (IP address which is connected to the DMZ network.

The internal interface of the reverse proxy/TURN server is configured on the same subnet as the Conferencing Nodes, while the external interface of the reverse proxy/TURN server is configured on the DMZ subnet. The Conferencing Nodes use as their default gateway. This is also the gateway to the management network, from where SSH connections to the internal interface of the reverse proxy/TURN server will originate.

There is no NAT between the outside and the DMZ network segment. The reverse proxy/TURN server uses the DMZ firewall as its default gateway, and is also configured with a static route to the management network via the LAN gateway at so that SSH management traffic from this management network can function.

To deploy the reverse proxy/TURN server in this configuration:

  1. Deploy the Reverse Proxy and TURN Server appliance OVA file and power on the VM instance.
  2. In the install wizard, define the network configuration (steps 1 and 2 in the install wizard) for what will be the internal interface of the reverse proxy/TURN server ( in this example).
  3. For the default gateway (step 3), configure the LAN gateway (
  4. For the trusted hosts/networks (step 4), configure
  5. After the install wizard completes, the reverse proxy/TURN server will reboot with the new configuration. When it is back up, connect over SSH to the reverse proxy from a host in the management network (or log in via the VMware console) as user 'pexip' and shut down the virtual machine using the following command:

    sudo shutdown –h now

    Input the password for user 'pexip' when prompted by sudo.

  6. After the VM has been shut down, add one additional network interface to this VM instance and power it on again.
  7. Log in to the reverse proxy/TURN server through SSH or VMware console and add the network configuration for the external network interface ( in this example) and the static route configuration to /etc/network/interfaces, as described in Configuring a second NIC.

    In this example, the resulting /etc/network/interfaces file should contain the following (note that the existing gateway entry for interface eth0 is removed as the reverse proxy/TURN server should only have one default gateway defined):

    auto lo eth0 eth1
    iface lo inet loopback
    iface eth0 inet static
    iface eth1 inet static
    post-up route add -net netmask gw

    To ensure that the eth0 and eth1 interfaces correspond with the correct port group in VMware, running the ifconfig command on the reverse proxy/TURN server will show the hardware MAC addresses of each interface, so that these can be matched against the virtual interfaces in VMware.

  8. Reboot the reverse proxy/TURN server VM to apply the new network settings.

STUN server configuration

If the reverse proxy/TURN server is deployed with a dual NIC public/private address, then Conferencing Nodes will typically not be able to discover their public NAT addresses as they will sending their STUN requests to the internal interface of the TURN server.

Therefore, you will need to configure Pexip Infinity with a separate STUN server (see Configuring Pexip Infinity to use a STUN server).