[Freeswitch-users] [Freeswitch] WebRTC connection problems with firefox behind symmetric nat (since 1.8.2)

Marko Seidenglanz marko.seidenglanz at modima.de
Tue Mar 5 11:37:46 UTC 2019 

Hello,


Our setup is the following:

SIP Message transfer: Freeswitch(10.240.0.130) ----INVITE(via UDP)---->
INTERNET ----->Proxy(185.61.149.132) ----INVITE(via HTTP)----> Firefox

ICE Message transfer: Freeswitch(10.240.0.130) <----> INTERNET <----->
NAT(89.246.67.250) <----> Firefox


10.240.0.130: Freeswitch

185.61.149.132: Proxy for SIP Message transfer to client

89.246.67.250: Firefox client behind NAT


I've attached a pcap that was recorded on Freeswitch side. If you filter by
"(sip || stun) && (ip.addr == 89.246.67.250 || ip.addr == 185.61.149.132)",
you'll see the connection process.

The issue is, that freeswitch does not auto change the stun port anymore.
On source 89.246.67.250 is our firefox client. 10.240.0.130 is the IP where
freeswitch resides. Though he receives the stun messages from
89.246.67.250:44953, he still sends the binding requests to
89.246.67.250:17212, which is the srvrflx candidate that he received via
sdp. 89.246.67.250:17212 was determined by Firefox using Googles STUN
Server (stun.l.google.com:19302).

We omited the whole STUN-Process in earlier versions of our application,
since Firefox is behind symmetric NAT and so it does not make sense to use
a STUN server as the discovered port is not reachable from Freeswitch. It
is blocked by our pfSense Firewall.

Earlier versions of Freeswitch (e.g. 1.6.2) did learn the candidate, from
which he received STUN CHECK messages and used it to send his check
messages. But since your fix, he does not do this anymore. It is not a
problem with chrome, since chrome browser sends a lot more check messages
than firefox. Firefox only sends 4 messages and then considers the STUN
Candidate check as failed, if he does not receive a check message on this
candidate pair. Obviously, this does not seem to be enough for Freeswitch
to change the UDP port.


Has anyone had similar experiences, or can anyone help us solve the
problem?


Kind regards,

Marko Seidenglanz

-- 
Marko Seidenglanz
Softwareentwicklung

Telefon: +49 351-21324-261
E-Mail: marko.seidenglanz at modima.de

modima GmbH
Sitz der Gesellschaft: Altplauen 19, 01187 Dresden
Amtsgericht Dresden HRB: 32806
Geschäftsführer: Wolfram Gürlich
USt-IdNr: DE232950743
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20190305/d4bb79d8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sip_ice_fs_firefox.pcap
Type: application/vnd.tcpdump.pcap
Size: 751559 bytes
Desc: not available
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20190305/d4bb79d8/attachment-0001.pcap>

More information about the FreeSWITCH-users mailing list