diff --git a/nodes/andromeda.kosmos.org.json b/nodes/andromeda.kosmos.org.json
index f233f14..fc8ce4d 100644
--- a/nodes/andromeda.kosmos.org.json
+++ b/nodes/andromeda.kosmos.org.json
@@ -19,7 +19,7 @@
   "automatic": {
     "fqdn": "andromeda.kosmos.org",
     "os": "linux",
-    "os_version": "4.15.0-74-generic",
+    "os_version": "4.15.0-96-generic",
     "hostname": "andromeda",
     "ipaddress": "46.4.18.160",
     "roles": [
diff --git a/site-cookbooks/kosmos-ejabberd/attributes/default.rb b/site-cookbooks/kosmos-ejabberd/attributes/default.rb
index f383af4..f724394 100644
--- a/site-cookbooks/kosmos-ejabberd/attributes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/attributes/default.rb
@@ -1,5 +1,7 @@
 node.default["kosmos-ejabberd"]["version"] = "20.04"
 node.default["kosmos-ejabberd"]["checksum"] = "5377ff18960a399e661fa23f4a1d9f57c78d4579ed108c52b8f68e7cd9268868"
+node.default["kosmos-ejabberd"]["turn_min_port"] = 49152
+node.default["kosmos-ejabberd"]["turn_max_port"] = 59152
 
 node.override["tor"]["HiddenServices"]["ejabberd"] = {
   "HiddenServicePorts" => [
diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
index 1899493..1572727 100644
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@@ -154,7 +154,11 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
   sensitive true
   variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'],
             hosts: hosts,
-            admin_users: admin_users
+            admin_users: admin_users,
+            stun_auth_realm: "kosmos.org",
+            turn_ip_address: node['ipaddress'],
+            turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
+            turn_max_port: node["kosmos-ejabberd"]["turn_max_port"]
   notifies :run, "execute[ejabberdctl reload_config]", :delayed
 end
 
@@ -206,6 +210,12 @@ unless node.chef_environment == "development"
     protocol :udp
     command  :allow
   end
+
+  firewall_rule 'ejabberd_turn' do
+    port     node["kosmos-ejabberd"]["turn_min_port"]..node["kosmos-ejabberd"]["turn_max_port"]
+    protocol :udp
+    command  :allow
+  end
 end
 
 #
diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
index 9e4c14e..5ed892b 100644
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@@ -78,9 +78,11 @@ listen:
     port: 3478
     transport: udp
     module: ejabberd_stun
+    auth_realm: <%= @stun_auth_realm %>
     use_turn: true
-    ## The server's public IPv4 address:
-    # turn_ip: 203.0.113.3
+    turn_ip: <%= @turn_ip_address %>
+    turn_min_port: <%= @turn_min_port %>
+    turn_max_port: <%= @turn_max_port %>
 
 s2s_use_starttls: optional