IceConnectionState failed when using Coturn server

[Felipe Lima]

Hello!

I'm trying to stream the screen from Android (google-webrtc version 1.0.20284) to a web client (Chrome).

When both are on WiFi, everything works perfectly and I can view the stream correctly on the web client. 

To test my Coturn server, I turn off the WiFi on my Android device to force it to use the

TURN server. When I do that, the streaming never works. While debugging on my 

phone I noticed this on Logcat:

I  (port.cc:1234): Jingle:Conn[0x73b0a51400:audio:1qypz49L:1:0:relay:udp:52.37.121.x:63681->lUGtf7lO:1:33562623:relay:udp:52.37.121.x:59783|C--I|0|0|107838996712800255|-]: Timed out a

   fter 15011 ms without a response, rtt=6000

I  (port.cc:1457): Jingle:Conn[0x73b0a51400:audio:1qypz49L:1:0:relay:udp:52.37.121.x:63681->lUGtf7lO:1:33562623:relay:udp:52.37.121.x:59783|C-xI|0|0|107838996712800255|-]: Sent STUN p

   ing, id=314c70427148796f42496c36, use_candidate=0, nomination=0

I  (p2ptransportchannel.cc:1472): Jingle:Channel[audio|1|__]: Transport channel state changed from 2 to 3

I  (transportcontroller.cc:824): audio TransportChannel 1 state changed. Check if state is complete.

I  (port.cc:1503): Connection deleted with number of pings sent: 51

I  (webrtcsession.cc:1464): Changing IceConnectionState 1 => 4

I  (p2ptransportchannel.cc:1890): Jingle:Channel[audio|1|__]: Removed connection 0x73b0a51400 (0 remaining)

PCRTCClient  D  IceConnectionState: FAILED

E  Peerconnection error: ICE connection failed.

ConnectionEvents  E  ICE connection failed.

The TURN server is accessible and I can double check that in the Trickle ICE test page (https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/)

I'm using the default Coturn settings:

turn:X.X.X.X:3478?transport=udp (IPv4)

turn:[X:X:X:X:X]:3478?transport=udp (IPv6)

I can see logs for the incoming connections on the Coturn server, here is a snippet from /var/log/messages:

Nov  4 21:54:17 ip-172-31-37-45 turnserver: 2816: session 000000000000000013: realm <north.gov> user <>: incoming packet BINDING processed, success

Nov  4 21:54:23 ip-172-31-37-45 turnserver: 2823: session 001000000000000006: realm <north.gov> user <ninefingers>: incoming packet BINDING processed, success

Nov  4 21:54:27 ip-172-31-37-45 turnserver: 2827: session 000000000000000013: realm <north.gov> user <>: incoming packet BINDING processed, success

Nov  4 21:54:33 ip-172-31-37-45 turnserver: 2833: session 001000000000000006: realm <north.gov> user <ninefingers>: incoming packet BINDING processed, success

Nov  4 21:54:36 ip-172-31-37-45 turnserver: 2836: session 000000000000000013: closed (2nd stage), user <> realm <north.gov> origin <>, local [2600:1f14:5cc:aa00:eee4:8f69:72ef:5d9c]:3478, remote [2607:fb90:8060:de14:a49f:2a47:bc32:7d53]:37413, reason: allocation watchdog determined stale session state

Nov  4 21:54:37 ip-172-31-37-45 turnserver: 2837: handle_udp_packet: New UDP endpoint: local addr [2600:1f14:5cc:aa00:eee4:8f69:72ef:5d9c]:3478, remote addr [2607:fb90:8060:de14:a49f:2a47:bc32:7d53]:37413

Nov  4 21:54:37 ip-172-31-37-45 turnserver: 2837: session 000000000000000014: realm <north.gov> user <>: incoming packet BINDING processed, success

Nov  4 21:54:43 ip-172-31-37-45 turnserver: 2843: session 001000000000000006: realm <north.gov> user <ninefingers>: incoming packet BINDING processed, success

Interestingly, when I use the AppRTC TURN server, I can correctly stream it, so that means something must be wrong with my Coturn configuration.

I'm using the default settings with the Amazon AMI (ami-908316f0) and just set the external-ip in the turnserver.conf file.

Anything else I'm missing? Any ideas?

Thanks in advance!

Felipe

[archer]

Did you set auth options on turnserver?

According to https://github.com/coturn/coturn/wiki/turnserver, WebRTC requires -a option.


在 2017年11月6日星期一 UTC+8上午7:55:20，Felipe Lima写道：

[shakeeb]

Hi Felipe,

>>Interestingly when I use the AppRTC TURN server, I can correctly stream it, so that means something must be wrong with my Coturn configuration.

I agree with you. You need to check your TURN server.  

>>The TURN server is accessible and I can double check that in the Trickle ICE test page (https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/)

This doesn't check all. It only checks allocation. It doesn't check data relay. I have attached html file which you can be used to test relay.

You need to configure STUN and TURN server with credentials and host to a local/remote(not safe) webserver with https.  

 

>>I'm using the default settings with the Amazon AMI (ami-908316f0) and just set the external-ip in the turnserver.conf file.

Although you have not mentioned here, I think you have also configured authentication properly as you are getting the allocation.

Can you please checked that you configured Amazon firewall properly. You need to open all the signaling ports and all the relay ports( the range of relay ports).

Thanks,

Shakeeb 

[Felipe Lima]

Yes i'm using the -a option (lt-cred-mech).

Also a couple of interesting points:

* My Android app (on LTE) can only connect via IPv6, while Chrome can only connect via IPv4.

* I can se tons of packages coming in through the UDP port 3478 on the coturn instance with tcpdump, eg:

07:49:22.119697 IP6 2607:fb90:4a4:52d0:98c2:91ba:5964:a94.45101 > 2600:1f14:5cc:aa00:6c7e:80cd:c97c:ff59.3478: UDP, length 132

0x0000:  6000 0000 008c 11eb 2607 fb90 04a4 52d0  `.......&.....R.

0x0010:  98c2 91ba 5964 0a94 2600 1f14 05cc aa00  ....Yd..&.......

0x0020:  6c7e 80cd c97c ff59 b02d 0d96 008c a11f  l~...|.Y.-......

0x0030:  0016 0070 2112 a442 4d4a 5a6a 6d62 6f67  ...p!..BMJZjmbog

0x0040:  4445 2b79 0012 0008 0001 e2dd 1537 dd8d  DE+y.........7..

0x0050:  0013 0060 0001 004c 2112 a442 6d71 6646  ...`...L!..BmqfF

0x0060:  6c6b 516d 704c 4143 0006 0009 6d54 5033  lkQmpLAC....mTP3

0x0070:  3a75 6966 6600 0000 c057 0004 0003 0384  :uiff....W......

0x0080:  8029 0008 98e1 9dae 1489 2595 0024 0004  .)........%..$..

0x0090:  6e7f 1eff 0008 0014 299b d53b 83e3 085a  n.......)..;...Z

0x00a0:  90c2 b602 7add e6b8 6863 94e6 8028 0004  ....z...hc...(..

0x00b0:  47a6 51de                                G.Q.

They are coming from the Android app when it's trying to connect. Eventually its stops and gives up with:

(webrtcsession.cc:1440): Changing IceConnectionState 1 => 4

IceConnectionState: FAILED

Finally, I can see both sessions in the TURN server web UI (screenshot attached).

Any other ideas? Thanks for the help so far!