selected-pair wrong ip chosen

[noamtcohen]

I've deployed to an EC2 instance and set the [nat] config:

[nat]
stun_server = stun.l.google.com
stun_port = 19302
nice_debug = false
ice_lite = false
;ice_tcp = true

nat_1_1_mapping = 35.156.67.86

All UDP and TCP ports are open in the security group but when I look at the selected-pair it seems like it selected the internal IP address of the EC2 instance and not the public one.

{
    "session_id": 1789497330223313,
    "session_last_activity": 75609919230,
    "session_transport": "janus.transport.http",
    "handle_id": 5841265621360440,
    "created": 75547287482,
    "send_thread_created": true,
    "current_time": 75630459662,
    "plugin": "janus.plugin.echotest",
    "plugin_specific": {
        "audio_active": true,
        "video_active": true,
        "bitrate": 0,
        "slowlink_count": 0,
        "destroyed": 0
    },
    "flags": {
        "got-offer": true,
        "got-answer": true,
        "processing-offer": false,
        "starting": true,
        "ready": false,
        "stopped": false,
        "alert": false,
        "bundle": true,
        "rtcp-mux": true,
        "trickle": true,
        "all-trickles": true,
        "trickle-synced": false,
        "data-channels": true,
        "has-audio": true,
        "has-video": true,
        "plan-b": false,
        "cleaning": false
    },
    "agent-created": 75547544658,
    "ice-mode": "full",
    "ice-role": "controlled",
    "sdps": {
        "profile": "UDP/TLS/RTP/SAVPF",
        "local": "v=0\r\no=- 6085081773497696351 2 IN IP4 35.156.67.86\r\ns=-\r\nt=0 0\r\na=group:BUNDLE audio video data\r\na=msid-semantic: WMS janus\r\nm=audio 9 UDP/TLS/RTP/SAVPF 111 103 104 9 0 8 106 105 13 126\r\nc=IN IP4 35.156.67.86\r\na=sendrecv\r\na=mid:audio\r\na=rtcp-mux\r\na=ice-ufrag:Iwed\r\na=ice-pwd:PvfsLFHvTSs774NFH7BtZI\r\na=ice-options:trickle\r\na=fingerprint:sha-256 FD:E5:D8:8E:ED:43:F1:C5:80:E8:B7:F4:D5:A5:44:D3:A3:5D:7D:33:DB:65:62:B8:5D:BC:B7:40:43:D3:A5:45\r\na=setup:active\r\na=rtpmap:111 opus/48000/2\r\na=rtcp-fb:111 transport-cc\r\na=fmtp:111 minptime=10;useinbandfec=1\r\na=rtpmap:103 ISAC/16000\r\na=rtpmap:104 ISAC/32000\r\na=rtpmap:9 G722/8000\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:8 PCMA/8000\r\na=rtpmap:106 CN/32000\r\na=rtpmap:105 CN/16000\r\na=rtpmap:13 CN/8000\r\na=rtpmap:126 telephone-event/8000\r\na=ssrc:919968137 cname:janusaudio\r\na=ssrc:919968137 msid:janus janusa0\r\na=ssrc:919968137 mslabel:janus\r\na=ssrc:919968137 label:janusa0\r\na=candidate:1 1 udp 2013266431 35.156.67.86 44424 typ host\r\na=candidate:2 1 udp 1677722111 35.156.67.86 44424 typ srflx raddr 172.31.16.188 rport 44424\r\nm=video 9 UDP/TLS/RTP/SAVPF 100 101 107\r\nc=IN IP4 35.156.67.86\r\na=sendrecv\r\na=mid:video\r\na=rtcp-mux\r\na=ice-ufrag:Iwed\r\na=ice-pwd:PvfsLFHvTSs774NFH7BtZI\r\na=ice-options:trickle\r\na=fingerprint:sha-256 FD:E5:D8:8E:ED:43:F1:C5:80:E8:B7:F4:D5:A5:44:D3:A3:5D:7D:33:DB:65:62:B8:5D:BC:B7:40:43:D3:A5:45\r\na=setup:active\r\na=rtpmap:100 VP8/90000\r\na=rtcp-fb:100 ccm fir\r\na=rtcp-fb:100 nack\r\na=rtcp-fb:100 nack pli\r\na=rtcp-fb:100 goog-remb\r\na=rtcp-fb:100 transport-cc\r\na=rtpmap:101 VP9/90000\r\na=rtcp-fb:101 ccm fir\r\na=rtcp-fb:101 nack\r\na=rtcp-fb:101 nack pli\r\na=rtcp-fb:101 goog-remb\r\na=rtcp-fb:101 transport-cc\r\na=rtpmap:107 H264/90000\r\na=rtcp-fb:107 ccm fir\r\na=rtcp-fb:107 nack\r\na=rtcp-fb:107 nack pli\r\na=rtcp-fb:107 goog-remb\r\na=rtcp-fb:107 transport-cc\r\na=fmtp:107 level-asymmetry-allowed=1;packetization-mode=1;profile-level-id=42e01f\r\na=ssrc:1062805299 cname:janusvideo\r\na=ssrc:1062805299 msid:janus janusv0\r\na=ssrc:1062805299 mslabel:janus\r\na=ssrc:1062805299 label:janusv0\r\na=candidate:1 1 udp 2013266431 35.156.67.86 44424 typ host\r\na=candidate:2 1 udp 1677722111 35.156.67.86 44424 typ srflx raddr 172.31.16.188 rport 44424\r\nm=application 9 DTLS/SCTP 5000\r\nc=IN IP4 35.156.67.86\r\na=sendrecv\r\na=sctpmap:5000 webrtc-datachannel 16\r\na=mid:data\r\na=ice-ufrag:Iwed\r\na=ice-pwd:PvfsLFHvTSs774NFH7BtZI\r\na=ice-options:trickle\r\na=fingerprint:sha-256 FD:E5:D8:8E:ED:43:F1:C5:80:E8:B7:F4:D5:A5:44:D3:A3:5D:7D:33:DB:65:62:B8:5D:BC:B7:40:43:D3:A5:45\r\na=setup:active\r\na=candidate:1 1 udp 2013266431 35.156.67.86 44424 typ host\r\na=candidate:2 1 udp 1677722111 35.156.67.86 44424 typ srflx raddr 172.31.16.188 rport 44424\r\n",
        "remote": "v=0\r\no=- 6085081773497696351 2 IN IP4 127.0.0.1\r\ns=-\r\nt=0 0\r\na=group:BUNDLE audio video data\r\na=msid-semantic: WMS v6OPsgUjgihDylm6cnQXD9zH4YCidMUeFQeZ\r\nm=audio 9 UDP/TLS/RTP/SAVPF 111 103 104 9 0 8 106 105 13 126\r\nc=IN IP4 0.0.0.0\r\na=rtcp:9 IN IP4 0.0.0.0\r\na=ice-ufrag:JFf/\r\na=ice-pwd:5IbTIkF3AbXdBamBcZ1uSoQT\r\na=fingerprint:sha-256 63:4F:39:23:7E:96:D3:40:FF:51:53:58:3E:CA:B5:87:60:5A:BA:2B:D6:5F:14:84:B0:8C:5F:35:1A:D7:69:94\r\na=setup:actpass\r\na=mid:audio\r\na=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level\r\na=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time\r\na=sendrecv\r\na=rtcp-mux\r\na=rtpmap:111 opus/48000/2\r\na=rtcp-fb:111 transport-cc\r\na=fmtp:111 minptime=10;useinbandfec=1\r\na=rtpmap:103 ISAC/16000\r\na=rtpmap:104 ISAC/32000\r\na=rtpmap:9 G722/8000\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:8 PCMA/8000\r\na=rtpmap:106 CN/32000\r\na=rtpmap:105 CN/16000\r\na=rtpmap:13 CN/8000\r\na=rtpmap:126 telephone-event/8000\r\na=ssrc:862481336 cname:5Byd2TZanygCiIkv\r\na=ssrc:862481336 msid:v6OPsgUjgihDylm6cnQXD9zH4YCidMUeFQeZ 8147b866-1944-49d8-9814-a3b786fd60e9\r\na=ssrc:862481336 mslabel:v6OPsgUjgihDylm6cnQXD9zH4YCidMUeFQeZ\r\na=ssrc:862481336 label:8147b866-1944-49d8-9814-a3b786fd60e9\r\nm=video 9 UDP/TLS/RTP/SAVPF 100 101 107 116 117 96 97 99 98\r\nc=IN IP4 0.0.0.0\r\na=rtcp:9 IN IP4 0.0.0.0\r\na=ice-ufrag:JFf/\r\na=ice-pwd:5IbTIkF3AbXdBamBcZ1uSoQT\r\na=fingerprint:sha-256 63:4F:39:23:7E:96:D3:40:FF:51:53:58:3E:CA:B5:87:60:5A:BA:2B:D6:5F:14:84:B0:8C:5F:35:1A:D7:69:94\r\na=setup:actpass\r\na=mid:video\r\na=extmap:2 urn:ietf:params:rtp-hdrext:toffset\r\na=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time\r\na=extmap:4 urn:3gpp:video-orientation\r\na=extmap:6 http://www.webrtc.org/experiments/rtp-hdrext/playout-delay\r\na=sendrecv\r\na=rtcp-mux\r\na=rtcp-rsize\r\na=rtpmap:100 VP8/90000\r\na=rtcp-fb:100 ccm fir\r\na=rtcp-fb:100 nack\r\na=rtcp-fb:100 nack pli\r\na=rtcp-fb:100 goog-remb\r\na=rtcp-fb:100 transport-cc\r\na=rtpmap:101 VP9/90000\r\na=rtcp-fb:101 ccm fir\r\na=rtcp-fb:101 nack\r\na=rtcp-fb:101 nack pli\r\na=rtcp-fb:101 goog-remb\r\na=rtcp-fb:101 transport-cc\r\na=rtpmap:107 H264/90000\r\na=rtcp-fb:107 ccm fir\r\na=rtcp-fb:107 nack\r\na=rtcp-fb:107 nack pli\r\na=rtcp-fb:107 goog-remb\r\na=rtcp-fb:107 transport-cc\r\na=fmtp:107 level-asymmetry-allowed=1;packetization-mode=1;profile-level-id=42e01f\r\na=rtpmap:116 red/90000\r\na=rtpmap:117 ulpfec/90000\r\na=rtpmap:96 rtx/90000\r\na=fmtp:96 apt=100\r\na=rtpmap:97 rtx/90000\r\na=fmtp:97 apt=101\r\na=rtpmap:99 rtx/90000\r\na=fmtp:99 apt=107\r\na=rtpmap:98 rtx/90000\r\na=fmtp:98 apt=116\r\na=ssrc-group:FID 3942698219 2436190300\r\na=ssrc:3942698219 cname:5Byd2TZanygCiIkv\r\na=ssrc:3942698219 msid:v6OPsgUjgihDylm6cnQXD9zH4YCidMUeFQeZ ea71bd84-c4c4-43e2-9e49-2cf86cb5e495\r\na=ssrc:3942698219 mslabel:v6OPsgUjgihDylm6cnQXD9zH4YCidMUeFQeZ\r\na=ssrc:3942698219 label:ea71bd84-c4c4-43e2-9e49-2cf86cb5e495\r\na=ssrc:2436190300 cname:5Byd2TZanygCiIkv\r\na=ssrc:2436190300 msid:v6OPsgUjgihDylm6cnQXD9zH4YCidMUeFQeZ ea71bd84-c4c4-43e2-9e49-2cf86cb5e495\r\na=ssrc:2436190300 mslabel:v6OPsgUjgihDylm6cnQXD9zH4YCidMUeFQeZ\r\na=ssrc:2436190300 label:ea71bd84-c4c4-43e2-9e49-2cf86cb5e495\r\nm=application 9 DTLS/SCTP 5000\r\nc=IN IP4 0.0.0.0\r\na=ice-ufrag:JFf/\r\na=ice-pwd:5IbTIkF3AbXdBamBcZ1uSoQT\r\na=fingerprint:sha-256 63:4F:39:23:7E:96:D3:40:FF:51:53:58:3E:CA:B5:87:60:5A:BA:2B:D6:5F:14:84:B0:8C:5F:35:1A:D7:69:94\r\na=setup:actpass\r\na=mid:data\r\na=sctpmap:5000 webrtc-datachannel 1024\r\n"
    },
    "queued-packets": -1,
    "streams": [
        {
            "id": 1,
            "ready": -1,
            "disabled": false,
            "ssrc": {
                "audio": 919968137,
                "video": 1062805299,
                "audio-peer": 862481336,
                "video-peer": 3942698219,
                "video-peer-rtx": 2436190300
            },
            "rtcp_stats": {
                "audio": {
                    "base": 48000,
                    "lsr": 0,
                    "lost": 0,
                    "lost-by-remote": 0,
                    "jitter-local": 0,
                    "jitter-remote": 0
                },
                "video": {
                    "base": 90000,
                    "lsr": 0,
                    "lost": 0,
                    "lost-by-remote": 0,
                    "jitter-local": 0,
                    "jitter-remote": 0
                }
            },
            "components": [
                {
                    "id": 1,
                    "state": "ready",
                    "connected": 75548021414,
                    "local-candidates": [
                        "1 1 udp 2013266431 35.156.67.86 44424 typ host",
                        "2 1 udp 1677722111 35.156.67.86 44424 typ srflx raddr 172.31.16.188 rport 44424"
                    ],
                    "remote-candidates": [
                        "2379063420 1 udp 2122255103 2001::9d38:90d7:4a5:cfb:b280:fb4b 50396 typ host generation 0 ufrag JFf/ network-id 2 network-cost 50",
                        "2795255774 1 udp 2122194687 192.168.1.7 50397 typ host generation 0 ufrag JFf/ network-id 1 network-cost 10",
                        "264484875 1 udp 1685987071 77.127.4.180 50397 typ srflx raddr 192.168.1.7 rport 50397 generation 0 ufrag JFf/ network-id 1 network-cost 10"
                    ],
                    "selected-pair": "172.31.16.188:44424 [host,udp] <-> 77.127.4.180:50397 [srflx,udp]",
                    "dtls": {
                        "fingerprint": "FD:E5:D8:8E:ED:43:F1:C5:80:E8:B7:F4:D5:A5:44:D3:A3:5D:7D:33:DB:65:62:B8:5D:BC:B7:40:43:D3:A5:45",
                        "remote-fingerprint": "63:4F:39:23:7E:96:D3:40:FF:51:53:58:3E:CA:B5:87:60:5A:BA:2B:D6:5F:14:84:B0:8C:5F:35:1A:D7:69:94",
                        "remote-fingerprint-hash": "sha-256",
                        "dtls-role": "active",
                        "dtls-state": "trying",
                        "valid": false,
                        "ready": false,
                        "sctp-association": false
                    },
                    "in_stats": {
                        "audio_packets": 0,
                        "audio_bytes": 0,
                        "audio_nacks": 0,
                        "audio_bytes_lastsec": 0,
                        "video_packets": 0,
                        "video_bytes": 0,
                        "video_nacks": 0,
                        "video_bytes_lastsec": 0,
                        "data_packets": 11,
                        "data_bytes": 6853
                    },
                    "out_stats": {
                        "audio_packets": 0,
                        "audio_bytes": 0,
                        "audio_nacks": 0,
                        "video_packets": 0,
                        "video_bytes": 0,
                        "video_nacks": 0,
                        "data_packets": 39,
                        "data_bytes": 16560
                    }
                }
            ]
        }
    ]
}

[lminiero]

First of all, DON'T post huge bunches of text here: it's explained pretty clearly in the guidelines, please use services like pastebin or gist when you have to provide such long dumps.

That said, it's perfectly normal to see the private IP in the selected pair from Janus' perspective. The nat-1-1 feature is nothing more than a "overwrite IP in the SDP", and doesn't manipulate the way libnice does its job. Closing as not an issue.

[noamtcohen]

@lminiero Mirko Brankovic told me to open this issue after unable to help me on the group: https://groups.google.com/forum/#!msg/meetecho-janus/UV2Rt5sX9JA/mHMNdCTrBAAJ;context-place=forum/meetecho-janus What do you suggest I do next?