How to disable host type ICE Candidate?

Feralas

unread,

Jun 14, 2023, 4:34:26 PM6/14/23

to discuss-webrtc

I am trying to setup an Unreal Engine App with a TURN Server and try to release to public

But when I try to connect the UEApp from internet

I notice the web browsers always tries to make host type candidate connections.

Before making a success srflx or relay candidate connection.

Since the host candidate connection will release the private IP to internet users.

May I know is there any ways to stop to release the host candidate to public?

Many thanks!

Muhammad Usman Bashir

unread,

Jun 15, 2023, 1:32:44 PM6/15/23

to discuss-webrtc

To prevent host (private) IP leakage, you can use the WebRTC APIs to control the ICE candidates. More specifically, you can take advantage of the `RTCPeerConnection` API's `iceTransportPolicy` setting. By setting it to "relay", the API will only gather Server Reflexive (srflx) and Relay candidates (those from your TURN server), effectively bypassing the gathering of host candidates.

Yes, you can modify the iceTransportPolicy in the clientConfig of the cirrus.js file in Pixel Streaming's WebSignalingServer.

Here's how you can do it:

```
var clientConfig = {
type: 'config',
peerConnectionOptions: {
'iceServers': [
{
'urls': 'turn:YourTurnServer',
'username': 'TurnServerUsername',
'credential': 'TurnServerPassword'
}
],
'iceTransportPolicy': 'relay' // Only use Relay ICE candidates
}
};

```
Replace 'YourTurnServer', 'TurnServerUsername', and 'TurnServerPassword' with your TURN server details.

This will restrict WebRTC to only use your TURN server, mitigating the risk of exposing your private IP address. Just remember that this may affect connection times and reliability if your TURN server is not highly available.

Thanks

Warren McDonald

unread,

Jun 16, 2023, 1:22:36 AM6/16/23

to discuss-webrtc

In chromium based browsers, setting iceTransportPolicy : "relay" will also suppress the logging of the remote candidate addresses in the console, so that they can't be harvested by inspection.

Michal Śledź

unread,

Jun 16, 2023, 5:39:12 AM6/16/23

to discuss-webrtc

Browsers should utilize mDNS to prevent from private IP leakage, shouldn't they?

Muhammad Usman Bashir

unread,

Jun 19, 2023, 4:05:26 AM6/19/23

to discuss-webrtc

Yes, browsers do use mDNS to prevent private IP leakage, particularly in the context of WebRTC. This aids in maintaining user privacy.

You get more understanding from mDNS in WebRTC: A draft document at IETF about how mDNS should be used in WebRTC to hide local IP addresses: https://datatracker.ietf.org/doc/html/draft-ietf-rtcweb-mdns-ice-candidates-03

Feralas

unread,

Jun 26, 2023, 12:32:36 AM6/26/23

to discuss-webrtc

Thanks for the method.

But still not work after modifying the iceTransportPolicy....

modifying in cirrus.js still unable to disclose the private IP thru udp host candidates.....

Muhammad Usman Bashir 在 2023年6月16日星期五凌晨1:32:44 [UTC+8] 的信中寫道：

Reply all

Reply to author

Forward