search

livekit / livekit

End-to-end stack for WebRTC. SFU media server and SDKs.
https://docs.livekit.io
Apache License 2.0
10.66k stars 898 forks source link

Turn ERROR: could not establish pc connection #3186

Open rajil opened 1 week ago

rajil commented 1 week ago

Hello,

I am terminating TURN ssl at the reverse proxy and sending the traffic over to the livekit server. Unfortunately https://livekit.io/connection-test is giving an error on TURN.

The nginx proxy is setup like so with the livekit server at 172.17.1.134

stream {
   server {
    listen 192.168.50.16:4431 ssl ;
    proxy_pass 172.17.1.134:5349;
    ssl_certificate /etc/letsencrypt/live/turn.mydomain.top/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/turn.mydomain.top/privkey.pem; # managed by Certbot

  }

  map $ssl_preread_server_name $targetBackend {
    turn.mydomain.top 192.168.50.16:4431;
    default       192.168.50.16:4430;
  }

  server {
    listen 443;
    proxy_pass $targetBackend;
    ssl_preread on;
  }
}

The livekit config is like so,

port: 7880
bind_addresses:
  - "0.0.0.0"
rtc:
  tcp_port: 7881
  port_range_start: 50100
  port_range_end: 50200
  use_external_ip: true # may need to set true or set node_ip
turn:
  enabled: true
  domain: turn.mydomain.top
  tls_port: 5349
  udp_port: 3479
  external_tls: true
keys:
  devkey: "blah"
logging:
   level: debug
   pion_level: error

When livekit starts i can see the following,

livekit-1  | 2024-11-19T05:23:41.277Z   INFO    livekit server/main.go:208      starting in development mode
livekit-1  | 2024-11-19T05:23:41.278Z   INFO    livekit routing/interfaces.go:120       using single-node routing
livekit-1  | 2024-11-19T05:23:41.493Z   INFO    livekit rtcconfig/webrtc_config.go:262  failed to get external ip       {"local": "172.17.1.134", "err": "write udp4 172.17.1.134:50141->74.125.250.129:19302: write: operation not permitted"}
livekit-1  | 2024-11-19T05:23:46.406Z   WARN    livekit rtcconfig/ip.go:272     could not validate external IP  {"ip": "123.456.789.123", "error": "context canceled"}
livekit-1  | 2024-11-19T05:23:46.406Z   DEBUG   livekit rtcconfig/ip.go:246     error reading from UDP socket   {"err": "read udp 172.17.0.1:50141: use of closed network connection"}
livekit-1  | 2024-11-19T05:23:46.407Z   INFO    livekit rtcconfig/webrtc_config.go:262  failed to get external ip       {"local": "172.17.0.1", "err": "context canceled"}
livekit-1  | 2024-11-19T05:23:46.407Z   INFO    livekit rtcconfig/webrtc_config.go:85   no external IPs found, using node IP for NAT1To1Ips     {"ip": "123.456.789.123"}
livekit-1  | 2024-11-19T05:23:46.408Z   INFO    livekit service/turn.go:145     Starting TURN server    {"turn.relay_range_start": 30000, "turn.relay_range_end": 30002, "turn.portTLS": 5349, "turn.externalTLS": true, "turn.portUDP": 3479}
livekit-1  | 2024-11-19T05:23:46.408Z   INFO    livekit service/server.go:258   starting LiveKit server {"portHttp": 7880, "nodeID": "ND_vnj2ibmRBbCo", "nodeIP": "123.456.789.123", "version": "1.8.0", "bindAddresses": ["0.0.0.0"], "rtc.portTCP": 7881, "rtc.portICERange": [50100, 50200]}
livekit-1  | 2024-11-19T05:23:46.408Z   DEBUG   livekit service/signal.go:122   starting relay signal server    {"topic": "ND_vnj2ibmRBbCo"}

The livekit log is attached. Any idea why the internal TURN doesnt work?

livekitlog.txt

cnderrauber commented 5 days ago

Both pub and sub peerconnection were connected in the log, the disconnect reason is CLIENT_REQUEST_LEAVE which indicates the client left actively.

rajil commented 5 days ago

Does it mean that TURN is working but the livekit connection test utility is reporting incorrectly?

cnderrauber commented 5 days ago

I don't know which error is reported but the relay candidates are gathered so the turn is working

rajil commented 5 days ago

This is the error i get, image

Are you looking at line 62 to confirm the relay candidate?

    62  livekit-1  | 2024-11-19T05:27:20.904Z   DEBUG   livekit.transport       rtc/transport.go:1428   added ICE candidate     {"room": "!XprDcIZOFuYhxqUTyn:mydomain.com", "roomID": "RM_RR4TKj2SzA5P", "partici
pant": "@user:mydomain.com:FDHUXFTCTC", "pID": "PA_XTHt2Kszb26n", "remote": false, "transport": "PUBLISHER", "candidate": {"candidate":"candidate:2645882119 1 udp 41885951 123.456.789.123 30001 typ relay raddr 
231.456.789.123 rport 24017 generation 0 ufrag FKrM network-id 1","sdpMid":"0","sdpMLineIndex":0,"usernameFragment":"FKrM"}}
cnderrauber commented 9 hours ago

right, the relay candidate created and added successfully. can you check the webrtc-internals of the failure test to see if there was more details

rajil commented 6 hours ago

There are multiple sessions in webrtc-internal when a test is made and i dont know which session to test. Additionally, the session closes pretty quickly and the information is lost in webrtc-internals. I don't know how to save the log.