EC2 server can handle authorization, then no more response between server and client

[lancety]

Describe the bug Local test on macos and windows is working as expected, but after deploy to ec2 server, the server side udp doesnt do anything once processed authorization.

Things checked (v) ec2 all udp port forward (v) tested client of intranet ip, also tryed open local NAT port forwarding for all udp ports - same issue (v) tested mobile 4g network - same issue (v) added default google iceServers

Have a question? I added console log inside the server side authorization function, this is the last breakpoint (console log) I can see from the server side.
There are try catch on server side to detect exceptions, and console log on client side. Did not see any of these error message

What I found By inspecting the network records, I noticed the 'additional-candidates' in ec2 test only have one 'candidate' which is {candidate: "a=candidate:1 1 UDP 2122317823 172.31.3.39 37722 typ host", sdpMid: "0"} My local test 'cadicate' has more than one includes my local ip {candidate: "a=candidate:1 1 UDP 2122317823 172.31.128.1 58605 typ host", sdpMid: "0"} {candidate: "a=candidate:2 1 UDP 2122317567 192.168.1.138 58605 typ host", sdpMid: "0"} the 172.xx address is not my home public ip, not sure what it belongs to :D

any suggestions ? @yandeu Thanks for help~

[yandeu]

Does your instance have a public ip? Did you add some iceServers?

[lancety]

morning @yandeu thanks for quick reply. :) My EC2 server has public IP, its based on "https" module server. I can open pages of the "https" server. When connecting through udp, it does receive 200 response for those additional-candidates request. When creating udp server, the default iceServers is set.
So both server and client can communicate with each other, but after server auth function called, no more action on server or client.

below code is working on my local, but not on ec2 server. I tryed directly return true in authorization function, have same issue

this._udpServer = geckos({
            iceServers: iceServers,
            authorization: async (auth: string, request) => {
                try {
                    // anything returned from here is holding in channel's 'userData' prop
                    const result = this._authCheck(auth) || false;
                    console.log(`udp request auth passed: ${JSON.stringify(result, null, 2)}`)
                    return result;
                } catch (err) {
                    console.error(err);
                }
            },
            cors: {
                // @ts-ignore
                origin: (req) => {
                    if (req.headers.origin === undefined) {
                        console.error('udp request no header origin')
                    }
                    return req.headers.origin;
                },
                allowAuthorization: true
            },
        });

[lancety]

just noticed there is one test siutation which made udp connection success - I opened ec2 node instance, and went out home for 2 hours, after come back (after submit above new comments), I refreshed client page, the udp connection success. but once restart the server node again, the udp issue comeback.

In the success test: one of the additional-candidates request return 2 candidates, 2nd cadidate is my ec2 server ip.

Updates: tryed several time, seems it is random behavior, which only suceess connecting rarely. I tried both default stun server from googlr, and tryed appending more public stun server as well. the sucess cases only happen when additional stun servers.
So I am not sure if there are any 'cool down' ristriction or 'delay' when using these puvlic stun server. I will investigate deepper, and ahare any finding.

[lancety]

a question about the port used by tcp and udp: I am using socket.io for tcp data, geckos.io for udp data, and when create these services, I use same domain:port, will this possiblly causing above issue?

[yandeu]

Does your server block outgoing traffic?

I believe same domain:port but different protocol should not interfere.

[yandeu]

Maybe try twilio's free STUN server: https://www.twilio.com/stun-turn/pricing

[lancety]

hi @yandeu , when using ip stun server ,what is the right format of the server address? is below sample correct?
the client side did not receive right server candidate, so I am having same issue.
I am using Ip from this page https://www.twilio.com/docs/stun-turn/regions , should the port be 443? Thanks for help~

export const iceServers = [
    {urls: "stun:13.210.2.130:443"},
    {urls: "stun:18.231.105.40:443"},
    {urls: "stun:52.59.186.10:443"},
    {urls: "stun:52.66.193.100:443"},
    {urls: "stun:52.215.253.10:443"},
    {urls: "stun:13.115.244.10:443"},
    {urls: "stun:13.229.255.10:443"},
    {urls: "stun:34.203.254.10:443"},
    {urls: "stun:34.216.110.130:443"},
    // {urls: "stun:stun.l.google.com:19302"},
    // {urls: "stun:stun2.l.google.com:19302"},
    // {urls: "stun:stun4.l.google.com:19302"},

]

[lancety]

just found another discussion on stack overflow about the twilio stun server, here is the list I am using, and get 100% success udp connection

    {urls: "stun:global.stun.twilio.com:3478?transport=udp"},
    {urls: "stun:stun.l.google.com:19302"},
    {urls: "stun:stun2.l.google.com:19302"},
    {urls: "stun:stun4.l.google.com:19302"},
]

From my test results, I guess too many stun servers in the udp ice servcer config is not good Browser might not handle that many candidates? Most candidates response received within 1 sec, then few more every 2-5 sec, then no more. I am not sure if the number of respone received in browser same as the stun server I defined at backend, seems there are some effects when changing the size of stun servers in config. Most candidate response is empty, I dont have knowledge to explain what is happening behind of the scene.

[yandeu]

You should use your own twilio account to get access to STUN servers.

See https://www.twilio.com/docs/stun-turn/api

[KingCosmic]

recently ran into a similar problem where the authrization callback would run but after that no connection was made. turned out to be issues with our firewall not allowing the port connection, for simplicity I would try disabling the firewall on your server

[ziarmandhost]

I have same issue, how to fix it, I dont get it

[github-actions[bot]]

This issue is stale because it has been open 300 days with no activity. Remove stale label or comment or this will be closed in 10 days.

[github-actions[bot]]

This issue was closed because it has been stalled for 10 days with no activity.