1007: ICE negotiation failed

600 views
Skip to first unread message

Devin Yang

unread,
Mar 11, 2015, 7:41:54 AM3/11/15
to bigbluebu...@googlegroups.com
Our BBB server behind the Firewall, the BBB server have ip address 10.0.1.34,

I have following document to configure the Server as below document.
https://code.google.com/p/bigbluebutton/wiki/FAQ

git@meeting090:/etc$ cat hosts
127.0.0.1 localhost
10.0.1.34 meeting090.example.com meeting090


The network topology as below 

BBB Server(one to one nat:10.0.1.34)<===Hub====>(10.0.1.1Firewall)<===Hub==>10.0.0.1(Linux Route192.186.1.37)<===Hub======>Lan(Clients)
                                                                                                   |
                                                                                                    
                                                                         Internet(PublicIP Mapping to 10.0.1.34) 


My problem is that client can join the meeting form publicIP, but the WebRTC IP always go try to connect to  private IP 10.0.1.34.

If no route to 10.0.0.0/8 , Client got the error, 1007: ICE negotiation failed.
therefore, It makes all client from public connect to our server failed with WebRTC

Sorry, My English is poor, any Idea what's going on.





Fred Dixon

unread,
Mar 16, 2015, 3:38:01 PM3/16/15
to bigbluebu...@googlegroups.com
Hi Devin,

> Our BBB server behind the Firewall,

Your setup looks to be more complex than others.  You need to make sure TCP ports 80, 9123, 1935, and UDP ports from 16384-32768 are forwarded from your firewall (10.0.1.1) to your BigBlueButton server (10.0.1.34).  

> My problem is that client can join the meeting form publicIP,

Users need to join with the hostname (not IP) so the entry in /etc/hosts on 10.0.1.34 can re-route the traffic to the local server.

Regards,... Fred

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.



--
BigBlueButton Developer
BigBlueButton on twitter: @bigbluebutton

Richard Rafalski

unread,
Mar 19, 2015, 11:54:21 AM3/19/15
to bigbluebu...@googlegroups.com
Hey,

same problem here:
Server and web client are in separate private LANs behind NAT fire walls.
Port forwarding is confgured like suggested by Fred on the server site.
The client is trying to connect the server via the internal ip-address of the server not via the external address.

This is the case because the server offers only its internal address to the client during the webrtc negotiation process (see candidate line):

1e866eac-cdbe-11e4-8756-331603ec02c9 v=0
1e866eac-cdbe-11e4-8756-331603ec02c9 o=FreeSWITCH 1426688714 1426688715 IN IP4 192.168.2.122
1e866eac-cdbe-11e4-8756-331603ec02c9 s=FreeSWITCH
1e866eac-cdbe-11e4-8756-331603ec02c9 c=IN IP4 192.168.2.122
1e866eac-cdbe-11e4-8756-331603ec02c9 t=0 0
1e866eac-cdbe-11e4-8756-331603ec02c9 a=msid-semantic: WMS LZwGIfWqlJQzbVzwKv0GQmAkXOCJ95PL
1e866eac-cdbe-11e4-8756-331603ec02c9 m=audio 29002 UDP/TLS/RTP/SAVPF 111 126
1e866eac-cdbe-11e4-8756-331603ec02c9 a=rtpmap:111 opus/48000/2
1e866eac-cdbe-11e4-8756-331603ec02c9 a=fmtp:111 minptime=10
1e866eac-cdbe-11e4-8756-331603ec02c9 a=rtpmap:126 telephone-event/8000
1e866eac-cdbe-11e4-8756-331603ec02c9 a=ptime:20
1e866eac-cdbe-11e4-8756-331603ec02c9 a=sendrecv
1e866eac-cdbe-11e4-8756-331603ec02c9 a=fingerprint:sha-256 BF:17:A6:26:80:70:7A:4F:4E:75:F4:26:19:2B:BC:26:29:54:11:D9:7C:32:67:49:4F:4C:11:48:5A:CE:63:F2
1e866eac-cdbe-11e4-8756-331603ec02c9 a=rtcp-mux
1e866eac-cdbe-11e4-8756-331603ec02c9 a=rtcp:29002 IN IP4 192.168.2.122
1e866eac-cdbe-11e4-8756-331603ec02c9 a=ssrc:890122884 cname:Ubhth4KtEqSFci2M
1e866eac-cdbe-11e4-8756-331603ec02c9 a=ssrc:890122884 msid:LZwGIfWqlJQzbVzwKv0GQmAkXOCJ95PL a0
1e866eac-cdbe-11e4-8756-331603ec02c9 a=ssrc:890122884 mslabel:LZwGIfWqlJQzbVzwKv0GQmAkXOCJ95PL
1e866eac-cdbe-11e4-8756-331603ec02c9 a=ssrc:890122884 label:LZwGIfWqlJQzbVzwKv0GQmAkXOCJ95PLa0
1e866eac-cdbe-11e4-8756-331603ec02c9 a=ice-ufrag:DSjj4KuSoWsoS7ZD
1e866eac-cdbe-11e4-8756-331603ec02c9 a=ice-pwd:97Wg1wAvNj1QrTtVBD5wdpfr

1e866eac-cdbe-11e4-8756-331603ec02c9 a=candidate:4138500373 1 udp 659136 192.168.2.122 29002 typ host generation 0

1e866eac-cdbe-11e4-8756-331603ec02c9
1e866eac-cdbe-11e4-8756-331603ec02c9 2015-03-18 23:28:36.764960 [NOTICE] mod_dptools.c:1258 Channel [sofia/external/tcfqaxurvao...@xxx.xxxxxxx.xx] has been answered

Any way to force the server to offer also its external ip address as a additional candidate?

Thank you for any ideas

Richard


On Monday, March 16, 2015 at 8:38:01 PM UTC+1, Fred Dixon wrote:
Hi Devin,

> Our BBB server behind the Firewall,

Your setup looks to be more complex than others.  You need to make sure TCP ports 80, 9123, 1935, and UDP ports from 16384-32768 are forwarded from your firewall (10.0.1.1) to your BigBlueButton server (10.0.1.34).  

> My problem is that client can join the meeting form publicIP,

Users need to join with the hostname (not IP) so the entry in /etc/hosts on 10.0.1.34 can re-route the traffic to the local server.

Regards,... Fred
On Wed, Mar 11, 2015 at 7:41 AM, Devin Yang <devin...@gmail.com> wrote:
Our BBB server behind the Firewall, the BBB server have ip address 10.0.1.34,

I have following document to configure the Server as below document.
https://code.google.com/p/bigbluebutton/wiki/FAQ

git@meeting090:/etc$ cat hosts
127.0.0.1 localhost
10.0.1.34 meeting090.example.com meeting090


The network topology as below 

BBB Server(one to one nat:10.0.1.34)<===Hub====>(10.0.1.1Firewall)<===Hub==>10.0.0.1(Linux Route192.186.1.37)<===Hub======>Lan(Clients)
                                                                                                   |
                                                                                                    
                                                                         Internet(PublicIP Mapping to 10.0.1.34) 


My problem is that client can join the meeting form publicIP, but the WebRTC IP always go try to connect to  private IP 10.0.1.34.

If no route to 10.0.0.0/8 , Client got the error, 1007: ICE negotiation failed.
therefore, It makes all client from public connect to our server failed with WebRTC

Sorry, My English is poor, any Idea what's going on.





--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.

To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.

Devin Yang

unread,
Mar 26, 2015, 10:32:36 AM3/26/15
to bigbluebu...@googlegroups.com
Thanks for your reply, 
I will trying to connect the BBB Server to internet directly without Firewall, and to make sure our BBB Server is working.
I think that our BBB server's build seems like little old 0.9.0-beta(614).
Maybe I will install a new one and test again.

Anyway, the BBB is great product to me, thank you.


Fred Dixon於 2015年3月17日星期二 UTC+8上午3時38分01秒寫道:
Hi Devin,

> Our BBB server behind the Firewall,

Your setup looks to be more complex than others.  You need to make sure TCP ports 80, 9123, 1935, and UDP ports from 16384-32768 are forwarded from your firewall (10.0.1.1) to your BigBlueButton server (10.0.1.34).  

> My problem is that client can join the meeting form publicIP,

Users need to join with the hostname (not IP) so the entry in /etc/hosts on 10.0.1.34 can re-route the traffic to the local server.

Regards,... Fred
On Wed, Mar 11, 2015 at 7:41 AM, Devin Yang <devin...@gmail.com> wrote:
Our BBB server behind the Firewall, the BBB server have ip address 10.0.1.34,

I have following document to configure the Server as below document.
https://code.google.com/p/bigbluebutton/wiki/FAQ

git@meeting090:/etc$ cat hosts
127.0.0.1 localhost
10.0.1.34 meeting090.example.com meeting090


The network topology as below 

BBB Server(one to one nat:10.0.1.34)<===Hub====>(10.0.1.1Firewall)<===Hub==>10.0.0.1(Linux Route192.186.1.37)<===Hub======>Lan(Clients)
                                                                                                   |
                                                                                                    
                                                                         Internet(PublicIP Mapping to 10.0.1.34) 


My problem is that client can join the meeting form publicIP, but the WebRTC IP always go try to connect to  private IP 10.0.1.34.

If no route to 10.0.0.0/8 , Client got the error, 1007: ICE negotiation failed.
therefore, It makes all client from public connect to our server failed with WebRTC

Sorry, My English is poor, any Idea what's going on.





--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.

To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.

Papa Charlie

unread,
Sep 9, 2015, 7:20:49 PM9/9/15
to BigBlueButton-Setup
Hello,

Did anyone find a solution to the problem below ? (Any way to force the server to offer also its external ip address as a additional candidate?)

On Thursday, 19 March 2015 16:54:21 UTC+1, Richard Rafalski wrote:
Hey,
Reply all
Reply to author
Forward
0 new messages