ICE failure on Google Compute Engine Container

I’ve been spending a while trying to sort this problem out.

I’m running a mediasoup server in a Google Compute Engine Instance, in a Docker container using the Container Optimized OS

I can get the solution running fine locally, but when trying to open a webrtc connection between two browser sessions, in Firefox, I get an error:

WebRTC: ICE failed, add a STUN server and see about:webrtc for more details

In Chrome, in chrome://webrtc_internals, I see the following log events:

Caused by: setLocalDescription





**iceconnectionstatechange (legacy)**




The way I have things set up is:

  • I bind a static external IP address to that compute engine instance’s network interface.
  • For mediasoup, the announceIp is the static external ip address, and the ip is the Primary Internal Ip of the network interface.
  • I know this is very insecure, but to see if it is an issue if ports are being blocked, for the firewall, I open all ingress and egress ports for that instance. In particular, I create an Ingress rule which allows all tcp and udp ports, for ip ranges . I create an Egress rule which allows all tcp and udp ports, for ip ranges Once I have this problem figured out I’ll make more strict firewall rules.
  • Not sure if this matters (don’t think it does), but https websockettraffic, and correspondingly the incoming protoo websocket connection goes through an https load balancer, and different ip address before hitting the instance.

How would I go about debugging why the Ice connection fails? Has anyone else had success getting a mediasoup worker instance to work in a compute engine container and has tips to share?

Firefox is actually pretty good for debugging these kinds of issues. Just go to about:webrtc, clean everything and they do your test, then you’ll see all of the candidates, their status and even connection log about what was happening.

Thank you @nazar-pc that was super helpful!!! The firefox tools are way more instructive.

So opening the firerfox about:webrtc dialog, it showed that under remote candidate, the ip was the internal ip address, or what I set as ip for webRtcTransportOptions.
When I leave announcedIp null - and just set the ip to the external static ip address, it works.

What is the reason for this? I thought ip should be the internal ip of the network interface, and announcedIp should be the external ip? Why was my browser trying to bind the udp port of ip and not announcedIp ?

It should have been announcedIp, did you mistype it in the code the same way?

announcedIp is the public IP in case your machine/container/etc. only has private address that is set in ip.

1 Like

I’m using typescript, so I don’t believe wasn’t mistyped. Have to investigate further, but not sure what happened.

I feel really stupid. I had a typo in my environment variable that caused announced ip to not be set. Anyways @nazar-pc thanks so much for pointing me to the firefox tool.