Disconnected: peer failed

[Houndshark]

I'm running this on Windows 11 with Docker Desktop and I'm using Firefox.

When I use docker-compose with the default docker-compose.yaml file, the server is able to be created and ran, and the webserver works, but whenever I login with the admin password, I just get "Disconnected: peer failed" on the client.

The container itself has logs and includes these: 2022-12-18 04:02:35,896 DEBG 'neko' stdout output: 4:02AM WRN pingAllCandidates called with no candidate pairs. Connection is not possible yet. module=webrtc submodule=pion subsystem=ice

4:02AM WRN undeclaredMediaProcessor failed to open SrtcpSession: the DTLS transport has not started yet module=webrtc submodule=pion subsystem=pc 4:02AM WRN undeclaredMediaProcessor failed to open SrtpSession: the DTLS transport has not started yet module=webrtc submodule=pion subsystem=pc

Can I get help with this? I have a feeling this could be from Windows.

[m1k1o]

If you are accessing it locally, you need to set up your local IP as NAT1TO1 and additional, more info here.

[shokohsc]

Hello, having the same issue with the docker-compose from https://neko.m1k1o.net/#/getting-started/?id=using-mux-instead-of-epr and I was running just fine a few weeks ago in kubernetes, is there a way to get an old docker firefox tag ?

[m1k1o]

@shokohsc maybe the issue came with those recent changes for tcp mux? Could you try with reverting that change if it fixes your issue? I can create image for you if needed.

There are versioned images available on github container registry. But I see they are very old as the pipeline is failing after GPU changes, I should fix that.

[shokohsc]

@m1k1o I am having the same behavior with ghcr.io/m1k1o/neko/firefox:2.5 so I guess issue may come from somewhere else. Can you run the latest tag (2.7) on your end without issue (I mean the docker-compose example) ?

[m1k1o]

@shokohsc I just took the example docker compose, only added my local IP as NAT1TO1 (because i wanted to test it locally) and it works out of the box.

Check if you have not recently installed some browser extensions that might block WebRTC traffic, e.g. Private Internet Access is known for causing troubles.

[shokohsc]

Thanks, I found the issue on my side, sidecar container handling pod network causes the issue for me. @m1k1o If you could push the 2.6 tag to ghcr.io please ? ghcr.io/m1k1o/neko/firefox:2.5.1 works inside kubernetes with my sidecar container... I'm lost, there is definitely something that has changed on 2.7 tag.

[m1k1o]

I pushed version 2.6. Can you try?

[shokohsc]

oh shoot: exec /usr/bin/supervisord: exec format error, by any chance, did you build and push it for arm event for the amd64 arch ? I build it myself at the 2.6 tag and it runs all right: shokohsc/neko:firefox So there is definitely an issue between 2.6 & 2.7 but I couldn't find it Oo

[m1k1o]

Alright thanks. Then github CI is completly unusable and needs to be reworked. Created ticket for that.

Could you please try to only revert this commit if it caused the issue? Or alternatively checkout one commit before this commit and try it out there? Maybe upgrade caused that.

Since I am not able to reproduce that, it will be hard to debug. Does it only affect MUX? Only TCP or als UDP?

[shokohsc]

Ok, I can run master with [this commit](this commit) reverted. I cannot seem to be able to build again for the second commit though, I tried the rebuild-server script without success. Here is my kube manifest:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: neko
  labels:
    app.kubernetes.io/name: neko
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: neko
  template:
    metadata:
      labels:
        app.kubernetes.io/name: neko
    spec:
      automountServiceAccountToken: false
      containers:
        - name: neko
          image: shokohsc/neko:bd73dfa
          imagePullPolicy: Always
          env:
            - name: TZ
              value: Europe/Paris
            - name: NEKO_SCREEN
              value: 1920x1080@60
            - name: NEKO_PASSWORD
              value: neko
            - name: NEKO_PASSWORD_ADMIN
              value: admin
            - name: NEKO_TCPMUX
              value: '8081'
            - name: NEKO_UDPMUX
              value: '8082'
            - name: NEKO_ICELITE
              value: "1"
            - name: NEKO_NAT1TO1
              value: 10.0.42.42
            - name: NEKO_VIDEO_CODEC
              value: "h264"
            - name: NEKO_H264
              value: "1"
            - name: NEKO_IMPLICITCONTROL
              value: "1"
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
            - name: tcpmux
              containerPort: 8081
              protocol: TCP
            - name: udpmux
              containerPort: 8082
              protocol: UDP
          startupProbe:
            tcpSocket:
              port: http
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            limits:
              cpu: 2
              gpu.intel.com/i915: 1
              memory: 4096M
            requests:
              cpu: 1
              gpu.intel.com/i915: 1
              memory: 2048M

[m1k1o]

Recently fixed client side ICE gathering, could you retry if it fixes your issue? @shokohsc

[shokohsc]

Hello @m1k1o , browser still cannot connect with m1k1o/neko:firefox as of 19 March 2023 :s Here is my neko debug console logs if it can help

[NEKO] DBG connecting to wss://neko.shokohsc.home/ws?password=admin
XHR finished loading: GET "https://neko.shokohsc.home/emoji.json".
XHR finished loading: GET "https://neko.shokohsc.home/keyboard_layouts.json".
[NEKO] DBG received websocket event signal/provide with payload:  {id: 'JRLcem_41UP4MOsgwil2NWm7n_7DfAyL', sdp: 'v=0\r\no=- 2785836265855895654 1679250235 IN IP4 0.0…mYY\r\na=ice-pwd:mqOhBJvDVYGMzDGsLTXWVryVSqBUrgoE\r\n', lite: true, ice: Array(1)}ice: Array(1)0: credentialType: "password"urls: Array(1)0: "stun:stun.l.google.com:19302"length: 1
[NEKO] DBG creating peer
[NEKO] DBG received websocket event system/init with payload:  {implicit_hosting: false, locks: {…}, file_transfer: false}
[NEKO] DBG received websocket event screen/configurations with payload:  {configurations: {…}}
[NEKO] DBG received websocket event broadcast/status with payload:  {url: '', isActive: false}
[NEKO] DBG received websocket event signal/candidate with payload:  {data: '{"candidate":"candidate:2470435529 1 udp 213070643…id":"","sdpMLineIndex":0,"usernameFragment":null}'}
[NEKO] DBG received websocket event signal/candidate with payload:  {data: '{"candidate":"candidate:785165097 1 tcp 2124414975…id":"","sdpMLineIndex":0,"usernameFragment":null}'}
[NEKO] DBG peer signaling state changed have-remote-offer
[NEKO] DBG received video track from peer: video RTCTrackEvent {isTrusted: true, receiver: RTCRtpReceiver, track: MediaStreamTrack, streams: Array(1), transceiver: RTCRtpTransceiver, …}
[NEKO] DBG received audio track from peer: audio RTCTrackEvent {isTrusted: true, receiver: RTCRtpReceiver, track: MediaStreamTrack, streams: Array(1), transceiver: RTCRtpTransceiver, …}
[NEKO] DBG peer signaling state changed stable
[NEKO] DBG peer ice connection state changed: checking
[NEKO] DBG sending local ICE candidate {candidate: 'candidate:3482972537 1 udp 2113937151 e628df43-768…typ host generation 0 ufrag XkE2 network-cost 999', sdpMid: '0', sdpMLineIndex: 0, usernameFragment: 'XkE2'}candidate: "candidate:3482972537 1 udp 2113937151 e628df43-768e-4fff-b45e-c8635e03921f.local 65247 typ host generation 0 ufrag XkE2 network-cost 999"sdpMLineIndex: 0sdpMid: "0"usernameFragment: "XkE2"
[NEKO] DBG peer connection state changed connecting
[NEKO] DBG sent all local ICE candidates
[NEKO] DBG peer ice connection state changed: disconnected
[NEKO] DBG peer connection state changed failed

[m1k1o]

So 10.0.42.42 is reachable from your client, right?

[shokohsc]

Yes definitely, this is the ip resolved by the neko application subdomain

[m1k1o]

This bug https://github.com/pion/ice/issues/505#event-9011834340 that prevented me from keeping using NewUDPMuxDefault and forced me to switch to NewMultiUDPMuxFromPort has been fixed https://github.com/pion/ice/pull/550 so we could theoretically switch back.

[dreamflasher]

I get the same error, but have a different setup so I am not sure if I should create a new issue or comment here. Happy to move this to a new issue.

My setup: Neko is running on an Ubuntu server and I used cloudflare tunnel for reverse proxy. This works perfectly fine to reach the neko login view on https, but when entering the password I also get "Disconnected: peer failed".

In the documentation the UDP ports are not forwarded (https://neko.m1k1o.net/#/getting-started/reverse-proxy), but I guess they are still working?

[m1k1o]

UDP ports are not part of the reverse proxy configuration because they are not HTTP(s). But yes, they still need to be reachable. Or you need to use turn servers.

[dreamflasher]

How do they need to be reachable? What I mean: Will they be reached via the server IP or via the domain?

[yesBad]

Turn server configuration: Search up coturn in Google, then maybe check https://github.com/m1k1o/neko/issues/275

[dreamflasher]

Also see here for more documentation on turn server configuration: https://neko.m1k1o.net/#/getting-started/?id=using-turn-servers-instead-of-port-forwarding

But I would prefer using port forwarding. And my impression is I managed to get 50% done, it's just unclear to me how to setup the TCP and UDP ports (with cloudflare).

[dreamflasher]

The ports are open for TCP and UDP and reachable via netcat, and I added NEKO_NAT1TO1 with the public IP, just in case. And I use single ports with MUX. The error remains in Firefox, in Chrome and Brave it shows "Reconnecting…" but in all cases can't connect.

[dreamflasher]

Ahh I finally found the culprit: When doing NEKO_UDPMUX one needs to remove NEKO_EPR from the config file.

[shokohsc]

Latest version 2.8.9 is fixed for me when I turn NEKO_ICELITE off.