Empathy/libnice video call not set up properly over OpenVPN/tun
@mikeflynorg
Submitted by b'W. Michael Petullo' Assigned to b'W. Michael Petullo' @mikeflynorg
Description
I am trying to make a video call between two computers using empathy/libnice. One computer is connected to my home LAN, and the other computer is connected from a remote location via a OpenVPN/tun tunnel to the same LAN (OpenVPN client). The LAN's network ID is 192.168.1.0/24, and the OpenVPN/tun network uses 191.168.2.0/24. Let us assume 10.0.0.0/24 is the network the OpenVPN client physically connects to.
The computer physically present on my LAN can see the video from the OpenVPN client, but the OpenVPN client cannot see the video from the computer physically present on my LAN (VPN client).
I used Wireshark to watch a video call establish. One thing I noticed is that the VPN client sent the following in a JINGLE(transport_info) message:
CANDIDATE [name="rtcp" protocol="udp" port="45185" address="192.168.2.x"]
[...]
CANDIDATE [name="rtp" protocol="udp" port="58599" address="10.0.0.y"]
As you can see, the VPN client seems to advertise its non-VPN address in the second CANDIDATE messages. I would expect the VPN client to only advertise 192.168.2.x. Once the VPN is up, the 10.0.0.y interface cannot do anything other than pass OpenVPN traffic.
I started to look at the libnice source code, and I found that I could "fix" the problem by modifying nice_agent_add_local_address(). I changed the function to immediately return TRUE (skip the g_slist_append) if and only if the addr parameter == 10.0.0.y. WIth this change, libnice correctly chooses my OpenVPN interface address.
Clearly this is not the right solution. Is there something libnice could do to solve this problem in a more general way? It seems libnice needs some mechanism to avoid particular interfaces, such as my 10.0.0.y which exists only to pass OpenVPN traffic.