No Relay candidates generated for TURNS

[MNie]

Describe the bug I have a coTurn server configured to accept Stun/Turn and Turns. It seems that everything is working just fine when testing the server on trickle-ice page. Relay candidate is generated.

900871257 1 udp 7935 11.11.11.11 56364 typ relay raddr 12.12.12.12 rport 40818 generation 0 ufrag ciZA network-cost 999

But when trying to check what candidates were generated when using MixedReality-WebRTC I got only host candidates:

3798860893 1 udp 2122197247 ipv6address 56122 typ host generation 0 ufrag kbbg n
etwork-id 3 network-cost 10
1709055246 1 udp 2122131711 ipv6address 56123 typ host generation 0 ufrag kbbg n
etwork-id 4 network-cost 10
2901276845 1 tcp 1518217471 ipv6address 56668 typ host tcptype passive generatio
n 0 ufrag kbbg network-id 3 network-cost 10
727572990 1 tcp 1518151935 ipv6address 56669 typ host tcptype passive generation
 0 ufrag kbbg network-id 4 network-cost 10

When I check Stun or Turn everything works just fine.

To Reproduce The whole codebase could be found here. To reproduce the problem:

1. Run project,
2. Run postman/insomnia or other HTTP request tool,
3. Send a request with the following:

{
    "Servers": [ "turns:yourcoturnserver:443"],
    "Otp": "your otp used for generating Turn password",
    "UserPostfix": "your turn username postfix"
}

Expected behavior Relay candidate would be generated for turns.

Environment

• MR-WebRTC version: 2.0.2 (1.0.3 also doesn't work)
• Platform: Windows 10
• Architecture: x64
• Target device: None

Additional context Stun and Turn works fine, turns works fine in the production environment (where Golang and Fable are used).

[0k1]

Do we have any updates on this ?

[kspark-scott]

I can at least confirm that we use coturn with MixedReality-WebRTC -- both v1.0.3 and v2.0.2 -- and have had no problem with relay candidates being generated and used as expected. The only setup we do is to add our server URL and credentials when initializing the peer connection, as below. Might it be a password problem? Do the coturn logs show anything?

var cfg = new PeerConnectionConfiguration()
{
    SdpSemantic = SdpSemantic.UnifiedPlan
};
cfg.IceServers.Add(new Microsoft.MixedReality.WebRTC.IceServer
{
    Urls = { server.Url },
    TurnUserName = server.Username,
    TurnPassword = server.Password
});
m_peerConnection = new PeerConnection();
await m_peerConnection.InitializeAsync(cfg);

[torepaulsson]

I've hit an issue relating to TURNS (Turn over TLS) as well. Looking at the communication in wireshark the TLS handshake fail with unknown CA. I've checked the certificates on my computer, and it included the CA listed, but for some reason the call did not have access to the list of CAs for some reason?

@kspark-scott, does your turn server use "turn:" or "turns:" at the start of the server url? I've gotten turn without tls to work.

We've also noticed that the request does not pick up on proxy servers either, I wonder if there is a limitation in the google api or elsewhere which does not pick up on trusted CA and proxy server configuration.

[kspark-scott]

@torepaulsson, yes, that's the difference. We use only turn. I missed the reference to turns in the original description.

[torepaulsson]

Hi again, looking around I found issue on the webrtc lib about using the OS Trust Store instead of a precompiled list of root CA:s; https://bugs.chromium.org/p/webrtc/issues/detail?id=11710

Seems like webrtc bundles a list of root certificates, in our case we use LetsEncrypt which is not included in the list.

I've found some code where there is a custom validation, unsure if we can somehow get that available in the .net wrapper.