srflx ICE candidate wrong ip?

Question

srflx ICE candidate wrong ip?

Closed this issue 4 months ago · 1 comments

Hello I am trying to test ICE tricking from my configuration, it is running behind loadbalancer as follows:
LB <=> k8s with 3 nodes
When testing ICE gathering here https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
It responds with srflx candidate equal to one of node ips instead of client ip, when testing with some public stun servers it seems returns srflx candidate with correct ip address (client ip not the node ip). Is it expected or a bug?

Answer 1 · 2024-02-27T13:07:09.000Z

This is expected. Using STUNner as a STUN server (this is the thing that generates the srflx candidates) is strongly discouraged: this only works if you deploy STUNner in the host-network namespace and you may need to run without a load balancer. The recommended operational mode is to use STUNner as a TURN server to generate relay ICE candidates: this works even if you deploy STUNner over a regular private pod IP. We even recommend disabling STUN candidate collection all together by enforcing the iceTransportPolicy=relay setting in your ICE server configuration. See more on ICE models for STUNner here.