ICE b/w Chrome and libnice fails
@szcom
Submitted by Sergey Zyrianov Assigned to José Antonio Santos Cadenas @jcaden
Description
Hi,
We run kurento 6.6.1/latest on aws behind port restricted NAT (or elastic IP in aws terms). Kurento runs as a docker with host privileged network ( --net=host).
Chrome client discovers stun/turn/host candidates and Kurento/libnice does host and stun ones.
Kurento is controlling ICE agent.
We are observing often failures to setup ICE b/w Chrome and Kurento.
In failure scenarios ICE Connection state in Chrome stays in "checking" state.
Other symptoms of failure cases are:
- libnice selects docker0 interface with 172.17.0.1 IP as its local candidate
- tcpdump on chrome side shows STUN requests/responses are going both ways between local and remote candidates in selected by libnice pair
- DTLS sent by Chrome is not answered by libnice
- selected pair is host(libnice)->stun(Chrome)
nr.3 seems to be the reason for Chrome to stay in "checking" ICE state.
We did not observe failures when libnice selected en0 instead of docker0 for its local candidate.