ICE 1007

[fabricerouillier]

Hi,

First thanks a lot for your initiative.

I did follow the instructions , everything went well excepted the sound : I got a ICE 1007 error that let think that FreeSWITCH is not reachable.

Note that the webcams are working correctly.

My server is behind a firewall : all the ports are correctly redirected (in the same way as for a classical non docker installation of BBB).

I need to precise that I am not comfortable with docker at all.

[staukini]

I'm currently having the same problem (for about 2 weeks). I found out that firefox works like charm but chrome/chromium/new edge/brave get ICE 1007 when connection audio (or mic).

[staukini]

@fabricerouillier here is my console output of the browser if you want to compare.

[staukini]

btw. the firewall is configured as described in the official bbb-docu (https://docs.bigbluebutton.org/2.2/configure-firewall.html#configure-your-firewall) I have also double checked if kurento has been successfully updated as well as the freeswitch (as described here: https://docs.bigbluebutton.org/2.2/configure-firewall.html#configure-bigbluebutton-to-work-with-your-firewall)

as said: firefox works fine but I have troubles using any chrome browser as well as iOS.

[fabricerouillier]

I will re-install from scratch and perform the same test as you.

In my side I am using a Scaleway instance , say strictly with the same conditions as another (non docker) setting of BBB 2.2.31 which works perfectly.

[staukini]

I just reinstalled the complete BBB-Setup. I'm using the build-in https proxy and setup the firewall and nat according to the original bbb-documentation. Sadly the problem doesn't resolve - ICE 1007 when using chrome; again: firefox works.

[Alpini1980]

Same problem for me. Getting 1007 error in Chrome but not in Firefox. Chrome on my Smartphone isn't passing the ECHO-Test but the camera works.

Not sure if the connection log in Firefox about:webrtc may be of help for tracking down the problem. It is showing several STUN / TURN releated errors like:

(stun/WARNING) STUN-CLIENT(relay(IP4:192.168.0.101:0/TLS|xx.xxxxxxxxx.xxx:465)::TURN): nr_stun_process_error_response failed (stun/WARNING) STUN-CLIENT(relay(IP4:192.168.0.101:0/TLS|xx.xxxxxxxxx.xxx:465)::TURN): Error processing response: Retry may be possible, stun error code 401.

To test port 465 I transfered some bytes from the client to the bbb server with netcat and the server received them. So I wonder what's the problem here. Is my local "IP4:192.168.0.101:0/TLS" wrong here and STUN doesn't work?

[fabricerouillier]

After some parallel installation on the same (scaleway) cloud of this docker version and of a non docker version, I guess that the issue is that the external IP is not well set in the docker version.

Using firefox, the information in about:webrtc shows that the bind is tried exclusively on the local IP while it should be done on the external IP.

[tna76874]

Hi, first of all: Thanks for this repo!

But I still get the ICE 1007 error. My ufw rules are:

To                         Action      From
--                         ------      ----
OpenSSH                    LIMIT       Anywhere                  
Nginx Full                 ALLOW       Anywhere                  
16384:32768/udp            ALLOW       Anywhere                  
OpenSSH (v6)               LIMIT       Anywhere (v6)             
Nginx Full (v6)            ALLOW       Anywhere (v6)             
16384:32768/udp (v6)       ALLOW       Anywhere (v6) 

My .env

ENABLE_HTTPS_PROXY=true
ENABLE_GREENLIGHT=true
SHARED_SECRET=mysecred
ETHERPAD_API_KEY=myapikey
RAILS_SECRET=myrailssecret
DOMAIN=MYDOMAIN

EXTERNAL_IPv4=myipv4
EXTERNAL_IPv6=

STUN_IP=216.93.246.18
STUN_PORT=3478

SIP_IP_ALLOWLIST=

CLIENT_TITLE=BigBlueButton
WELCOME_MESSAGE=Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href="https://www.bigbluebutton.org/html5" target="_blank"><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the phone button.  Use a headset to avoid causing background noise for others.
WELCOME_FOOTER=This server is running <a href="https://docs.bigbluebutton.org/" target="_blank"><u>BigBlueButton</u></a>.
DEFAULT_PRESENTATION=./mod/nginx/default.pdf
LISTEN_ONLY_MODE=true
DISABLE_ECHO_TEST=false
AUTO_SHARE_WEBCAM=false
DISABLE_VIDEO_PREVIEW=false
CHAT_ENABLED=true
CHAT_START_CLOSED=false
DISABLE_SOUND_MUTED=false
DISABLE_SOUND_ALONE=false
BREAKOUTROOM_LIMIT=8
OFFICE365_KEY=
OFFICE365_SECRET=
OFFICE365_HD=
OAUTH2_REDIRECT=
LDAP_SERVER=
LDAP_PORT=
LDAP_METHOD=
LDAP_UID=
LDAP_BASE=
LDAP_BIND_DN=
LDAP_AUTH=
LDAP_PASSWORD=
LDAP_ROLE_FIELD=
LDAP_FILTER=
ALLOW_GREENLIGHT_ACCOUNTS=true
SMTP_SERVER=
SMTP_PORT=
SMTP_DOMAIN=MYDOMAIN
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_AUTH=
SMTP_STARTTLS_AUTO=
SMTP_SENDER=
RELATIVE_URL_ROOT=/b
ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator
PAGINATION_NUMBER=25
NUMBER_OF_ROWS=25
ENABLE_GOOGLE_CALENDAR_BUTTON=
MAINTENANCE_MODE=false
MAINTENANCE_WINDOW=
HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
DEFAULT_REGISTRATION=open

[cjhille]

I'm unable to provide a solution, but maybe I can add some observations: For a few weeks I've been getting the same ICE1007 reports by users, but only from a certain internet provider (vodafone/cable). To alleviate the issue I setup the coturn server, which was previously not needed. However the coturn server only works for firefox (desktop) clients. Chrome users of that particular provider still get the ICE1007 error and coturn log states allocation watchdog determined stale session state. This tools also attests that TURN connections for my coturn server are working.

More general, according to the coturn log it takes issue with some statements in the .conf file. 1) Bad configuration format: dh2066 2) if ipv6 is set it says it is not in the right format @alangecker can you see these errors in your coturn log? Any idea why it won't work for cetain chrome users of vodafone/cable? Connections to demo.bigbluebutton.org seem to work for them.

[SamirSaidani]

Weird. I've just done a fresh install, and was about to confirm the issue on a fresh ubuntu 16.04, with no firewall configured. At the very beginning of my test, Firefox worked fine, but IC 1007 error popped up with chrome both in listening and microphone mode.

But after a while, like 10mn, all of sudden I had no issue with neither chrome, nor edge. I've restarted the bbb docker instance, restarted the server, but was not able to reproduce the error after that. Looks like a kind of propagation problem ?

In firefox, about:webrtc, remote candidate shows my external IP.

[markusu49]

I think I was able to solve the issue in my case.

The situation was the same:

• The problem: echo test does not pass (ICE 1007). Listen-only audio and webcam sharing works as expected.
• I tested on two different internet connections (Cable and LTE). With Cable everything worked from the beginning, problems exist only with LTE. Maybe a notable difference: Cable supports IPv6, LTE does not.
• Enabling coturn solved the problem for Firefox, but not for Chrome.

My server is running in Azure Cloud behind a firewall. Filtering has been disabled, but the NIC still receives a private (10.x.x.x) IP address.

The solution:

It seems like the external IP address MUST be assigned to an interface for FreeSWITCH to work correctly.

After adding a dummy NIC with the external IP address, the echo test passes - in both browsers, on both internet connections, without coturn enabled.

https://docs.bigbluebutton.org/2.2/configure-firewall.html#configure-a-dummy-nic-if-required

[tna76874]

Thank you markusu49 for your investigations. I added now a dummy NIC, as described in the docs. Now Freeswitch gets assignetd the right IP adress, as I can see also in the WebRTC debugs of chrome and firefox.

Now I encounter in both browsers and also from different networks (LTE) the echo test repeating forever with no error message in the browser. In the compose logs I find:

webrtc-sfu_1   | 2021-01-30T07:01:22.379Z - error: [mcs-balancer] Failed to connect to media server url=ws://kurento:8888/kurento, ip=xxx.xxx.xxx, mediaType=undefined, retries=7
core_1         | bbb-fsesl-akka | 2021-01-30T07:01:35.032Z ERROR o.b.f.v.f.ConnectionManager - Failed to connect to ESL

I tried with and without included https proxy, with and without coturn enabled.

[markusu49]

@tna76874 That one looks like a very different issue to me... The connection to kurento:8888 is internal on the server, from the webrtc-sfu to the kurento container. Can you verify these containers are able to reach each other?

Just an idea: Maybe there's an ip address conflict? The addresses in this docker setup are hardcoded to 10.7.7.x/24, so you will have problems if your firewall assigns an address from the same subnet to your server.

[tna76874]

Now I did check:

./scripts/compose exec webrtc-sfu /bin/ash
/app # ping kurento
PING kurento (10.7.7.1): 56 data bytes
64 bytes from 10.7.7.1: seq=0 ttl=64 time=0.122 ms

To be sure, I purged docker completely from my VPS and installed it with the convenience script.

The error persists. There will also be displayed error 1004 in chrome.

[SamirSaidani]

I confirm that I've got the same error popping up again, with Google Chrome, no firewall configured, fresh install on a dedicated server and the latest docker instance.

Firefox Developper 860b1 -> OK Edge Version 88.0.705.63 -> IC 1007. Chrome Version 88.0.4324.150 (Official Build) (64-bit) -> IC 1007.

But : tested through my smartphone on the same network: Chrome Version 78.0.3904.62/Android 7 -> OK after updating chrome on my smartphone: Chrome Version 88.0.4324.152 -> IC 1007

[SamirSaidani]

I've tested on my PC Chrome Version 78.0.3904.70 (32-bit) : this version works fine, whereas Chrome Version 88.0.4324.150 pops the IC 1007 error.

Could you confirm on your side ?

https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win/693954/ Download chrome-win.zip, it's a "portable" version you can launch directly after extracting the zip file.

[deg0nz]

Maybe this is related. I am using bbb-docker from this repo with a slightly changed setup (I use my own nginx and coturn for TURN/STUN).

My server also showed 1007 errors when trying to connect via relay. (I think) I was able to fix it as described in my comment in https://github.com/bigbluebutton/bigbluebutton/issues/9514

I had no real users with the fix enabled on it yet, but the tests with Firefox and media.peerconnection.ice.relay_only=true were successful.

[nenads]

Fresh install on AWS EC2 same issue

i have elastic ip added as external right domain

and stun for relay is adding private ip..

have added public ip like from doc

this should be elastic ip and ens3 in my case is ens5 as real dev that ec2 has and command is run in host system ? $ ip addr add 144.76.97.34/32 dev ens3