Getting ICE Failed when working over NAT (but works in local network)

[dotannn]

Hello everybody,

I'm Experimenting WebRTC and Janus and encounter an error in establishing connection during ICE stage that I unable to fix.

I'm trying to do one directional live streaming of my camera.

My setup is as follows :

1. I use gstreamer to capture my camera and send to localhost RTP stream (just like janus streaming example)
2. use janus tstreaming plugin to convert from rtp 2 webrtc - janus runs on the same computer (AKA - my PC)
3. because I want to test streaming over NAT I've peroxided janus http server connect it to proxy server running on a cloud server, which I also running on this server a simple website that also connect to the proxy server (as the client side of janus, using janus.js )
4. Because I want it to work not only in my local network I configured a STUN server in both sides.

When trying to connect in my local network it all works fine and I get the live stream after a successful handshake. (attached logs)

But when trying from a computer in a different network I'm getting ICE failed (attached logs) the weird part is that after a lot of refreshes I've been able to see the video for sometime but it only happen twice and almost always I get the failure message (and of course - no video).

I know its not an internet connectivity issue because (as I described the setup) even in local network case I still doing the handshake thru a proxy server which isn't in the local network.

I'm attaching also the janus printing log and janus configuration (both sides).

janus configs: https://gist.github.com/dotannn/72a83cac2eb42f74da37

local-network connectio logs : (successful) https://gist.github.com/dotannn/2ce26d6b372e4ad0036e

internet connection logs (unsuccessful) : https://gist.github.com/dotannn/94d8ad0275f39068a66e

Any idea :) ?

Thanks, Dotan

[lminiero]

You should check the admin API for info on failed connectivity. www.meetecho.com/blog/understanding-the-janus-admin-api/

[dotannn]

Thank you, I took your advice and enabled the Admin interface.

https://gist.github.com/dotannn/196782185282262df325

First log from chrome and second from mozilla, both don't work but a different type of error. In chrome now I can clearly see that my remote-candidate missing the public ip, but I'm still don't see any good reason for that to happen, since I defined STUN server in the client side.
In mozilla, the janus side is still in gathering but the web console return ICE Failed and do nothing.

[dotannn]

I added more stun servers (I guess one is not enough to ensure getting IP) in the client side just in case and now it getting a public IP as it suppose. but still i'm getting ICE Failed.

https://gist.github.com/dotannn/63254a3da4157cb32c7c

Thanks, Dotan

[lminiero]

Can you please use services like gist or pastebin for these logs? I'd rather not save tons of files locally.

[dotannn]

Sure, All logs replaced to gist

[lminiero]

Is this happening for all remote users (different networks) or just some of them? Have you checked with wireshark/tcpdump to verify if you can see connectivity checks flowing on those ports? It may be port filtering happening somewhere (e.g., on the server, like if you're using AWS and haven't configured the security group accordingly) or those users may be behind a symmetric NAT, for which you'd need a TURN server too, STUN wouldn't be enough.

[dotannn]

Hi, Thank you for your help.

After checking in serveral different locations some are working fine (actually - one out of four) so it realy inconsistent. I'm not under AWS, the janus actually runs on raspberry pi, I do have AWS server just for proxying the messeges between janus and janus-client (using websockets) but not for serving WebRTC.

1. I'll take a look on wireshark, but what excacly i need to look for ?
2. sorry for the ignurence but, what do you mean by "symmetric NAT" ?

[lminiero]

Happy reading :wink: https://webrtchacks.com/an-intro-to-webrtcs-natfirewall-problem/

[dotannn]

Thank you again, Now I have better general understanding but sill having the same problem.

Since last message I Set-up a STUN and TURN servers on EC2 server of AWS but still it won't help and I still have ICE Failed. (I used coturn project : https://github.com/coturn/coturn)

I checked my new server with : https://plugin.temasys.com.sg/demo/samples/web/content/peerconnection/trickle-ice/index.html and it works fine. so I don't know what could I do wrong.

[lminiero]

Is Janus behind a symmetric NAT? If so, you'd need TURN for its side as well, which can be overkill.

[lminiero]

Closing as not an issue. If you want to resume/restart this conversation, please do that on the meetecho-janus group.