Are stun/turn servers expected to be in the webrtc offer? - webrtc

When creating webrtc peer connection, I passed in a list of STUN/TURN ICE servers (no trickling ICE). But when establishing the connection I only saw local ip address in ice candidates in the offer created. The same for the answer received. The connection worked sometimes. Was that expected? Where I could check if that was wrong?

It turned out that TURN server urls do exist in the sdp offer and answer. The issue in my case was I added the ICE servers after peer connection creation so it didn't add to the offer.

No, the STUN/TURN ICE urls will not be present offer/answer SDP.
These servers are meant to be used by a peer connection to generate ICE candidates. The peer you would like to connect to has nothing to do with how you gather your candidates, therefore it does not care about your stun/turn configurations. It only cares about your actual ice candidates and the metadata of the media you're about to send.
If you are interested enough, I recommend you take a look at WebRTC for the curious, it covers this topic in detail yet it is quite comprehensible.

Related

WebRTC Identifying only Local Ice Candidates with Trickle Ice example without any stun servers

I am trying to bring up a in home peer to peer webrtc based chat system using webrtc data channel, When I try to get the Ice candidates using Create offer i observe that only once ice candidate which is local is created and the SDP string generated has ip address 127.0.0.1 and 0.0.0.0 mentioned.
I have added a data channel and created respective ice handlers before createOffer().
I tried to add media by getUsermedia() but i see only one ice candidate.
When I tried to check with Trickle Ice (https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/)
I see the same, i dont see any entry with my IP Address in it..
Because of this the other peer is not able to make the connection.
I am not using any websockets,but directly sharing sdp strings between peers using email, as i am trying to understand how it works.
As Ice servers are needed only nat traversal and my purpose is for in home chat, i dont want to add any STUN Or TURN Servers.
I see the below entry in Trickle Ice without any Ice Servers.
Time Component Type Foundation ProtocolAddress Port Priority
0.003 rtp host 1178812653 udp 31703155-6932-43d7-9d9b-44dda8daea28.local 58170 126 | 30 | 255
Any Help is appreciated
What Antonin said is exactly right. Here's a discuss-webrtc with more details.
A solution could be to either use the mDNS hostname candidates as-is, or to do a gUM call which will then make Chrome use the private IP address (the latter seems like a workaround, might break eventually). Somebody else might have a more definitive solution. Good luck!

Do both endpoints in WebRTC need STUN/TURN config/credentials

Working in WebRTC, it would seem like only the offering client would need to provide STUN and TURN locations and credentials that would be encased in the offer and then used by the receiving client(s). Is that the case? If not, why not?
No, clients on both ends need to provide some sort of STUN/TURN configuration, note that these configurations need not to be the same.
Recall that STUN and TURN just provides you the tools to get around NAT. In other words, it provides the tools for a peer to figure out a way to be reachable publicly. They do that by generating ICE candidates that we send through signalling. As long as we can generate at least one valid ICE candidate and tell our peer about it, we can establish a connection.
The reason why both ends need to provide configuration is because otherwise, one of the peers would have no way to tell which IP address belongs to the other. Therefore, even though the answering peer has your ICE candidates (so it knows how to reach you), if the ICE candidates are generated only by the offering side, then this side has no way to securely tell that an incoming connection attempt is actually coming from the peer who you sent your offer to (although it most likely would be).
And for the bounty question "I would like to know if it's possible to connect peers over TURN when only one peer has the required TURN credentials.", the answer is also no.
To understand why, you need to understand that a TURN server is there so in case you can't establish a direct connection due to firewalls, incompatibilities, etc. it generates you "fake" ICE candidates to send to your peer because, in reality, these candidates are actually representing your TURN server. Your TURN server would then relay data sent by your peer to you, at this point, it is not considered peer-to-peer anymore.
That said, your peer doesn't even know about your TURN server, it sees your TURN generated candidates like any other candidate. Your peer still has to gather ICE candidates somehow to send you. And it can't use your TURN server to do that because you never provided its credentials throughout the workflow.
I recommend you read the book WebRTC For the Curious if you are interested in this stuff. It's very comprehensive.

In webRTC,When the sdp exchange is completed, is the role of websocket finished?

As far as I know, the role of the signaling server is to exchange sdp between the web browsers you want to communicate with.
I understood the process as follows.
Web browser passes sdp to signaling server through websocket
The server passes each other's sdp back to the web browsers.
When the transfer is complete, close the web socket.
After that, web browsers can communicate with each other without a signaling server
Did I get it right?
It depends on whether you are using vanilla or trickle ICE.
In trickle ICE, ICE candidates are not discovered via STUN, for example, prior to sending the SDP. In this case your webRTC endpoints may not be able to communicate because they will not be able to communicate with each other yet. The signaling layer is still required to relay the ICE candidates to establish the peer connection. Once the peer connection is established, signaling is no longer required. Most implementations I have seen use trickle ICE because it usually reduces the latency to establish the peer connection.
In vanilla ICE, the ICE candidates are discovered prior to sending the SDP. In this case, the signaling is complete after sending the SDP.

Peer-to-server audio streaming using WebRTC

I understand that to establish a peer-to-peer connection
initiator peer
initialises shared signaling channel
initialises RTCPeerConnection object (pc)
requests local stream(s) using getUserMedia
registers local MediaStream with pc
creates SDP offer and sends to peer
trickles ICE candidates
registers remote ICE candidate to begins connectivity checks
receiver peer
listens and processes remote offers delivered
registers remote ICE candidate to begins connectivity checks
generates SDP answer and sends to peer
But my WebRTC use case is peer-to-server where received streams are processed on my Node.js server. In my use case the server has publicly routable IP address and is listening for any new RTCPeerConnection requests. Because of this, some of the steps involved to establish a peer-to-peer connection seem unnecessary for my case.
Q1 How do the steps to establish a peer-to-server connection differ from peer-to-peer connection establishment?
Particularly
Q2 Do I still need a signaling channel?
Q3 Do I still need the step to trickle ICE candidates?
Your peer-to-server connection is no different than a peer-to-peer. Meaning, that your server is just a peer that handles numerous connections. You will still need a unique connection for each connection to the server, so the steps would not differ at all on the connection set up. But you can reuse media streams.
Yes, you still need a signalling server for connection build up and tear down for each of your clients and for your server to communicate(id est exchange ICE/SDP). It could be the same FQDN/physical box as your Node.js server but signalling would still have to take place.
Yes, on the client side. Admittedly, your ICE candidates will be few for your server(since it is publicly accessible) and you may not have to query for them(should just use local IP and what ever ports are available if it is truly open for connections, which is not very secure...) but the client will still have to trickle candidates to the server so that the server's stream can hit the client.

How does WebRTC work?

I'm interested in Peer-to-Peer connections in the browser. Since this seems to be possible with WebRTC, I'm wondering how it works exaclty.
I've read some explanations and saw diagrams about it and now it's clear to me, that the connection establishmet works over the server. The server seems to exchange some data between the client that are willing to connect to each other, so that they can start a direct connection, that is independent of the server.
But that's exaclty what I don't understand. Until now, I thought the only way to create connections is to listen on a port on computer A and connect to that port from computer B. But this does not seem to be the case in WebRTC. I think none of the clients starts to listen on a port. Somehow, they can create a connection without listening on ports and accepting connections. Neither client A, nor client B starts acting as a server.
But how? What data is exchanged over the WebRTC server, that the clients can use to connect to each other?
Thanks for your explanations for this :)
Edit
I found this article. It's not related to WebRTC, but I think it answers a part of my question. I'm not sure, tough. It still would be cool, if someone could explain it to me and give me some additional links.
WebRTC gives SDP Offer to the client JS app to send (however the JS app wants) to the other device, which uses that to generate an SDP Answer.
The trick is that the SDP includes ICE candidates (effectively "try to talk to me at this IP address and this port"). ICE works to punch open ports in the firewalls; though if both sides are symmetric NATs it won't be possible generally, and an alternative candidate (on a TURN server) can be used.
Once they're talking directly (or via TURN, which is effectively a packet-mirror), they can open a DTLS connection and use it to key the SRTP-DTLS media streams, and to send DataChannels over DTLS.
Edit:
Acronyms here: http://blog.1click.io/10-jargons-abbreviations-for-webrtc-fans/ for the rest, there is Google. Most of these are defined by the IETF (http://ietf.org/)
Edit 2:
Firefox and Chrome (and the spec) have moved to using "trickle" for ICE candidates, so the ICE candidates are generally added after-the-face to the PeerConnection and exchanged independently of the initial SDP (though you can wait until the initial candidates are ready before sending an offer, and bundle them together).
See https://webrtcglossary.com/trickle-ice/ and https://datatracker.ietf.org/doc/draft-ietf-ice-trickle/
How WebRTC Works
This document provides a quick and abstract introduction to WebRTC. In order to get more information about WebRTC please look at the Further Reading section at the end of this document.
WebRTC
WebRTC(Web Real-Time Communication) is a set of technologies that is developed for peer to peer duplex real-time communication between browsers. As its name mentions it is compatible with Web and it is a standard in W3C One of the important feature of WebRTC is that it works even behind NAT addresses.
WebRTC uses several technologies to provide real-time peer to peer communication between browsers. These technologies are
SDP (Session Description Protocol)
ICE (Interactivity Connection Establishment)
RTP (Real Time Protocol)
There is one more thing which is Signalling Server is needed for running WebRTC. However, there is no defined standart in implementing signalling server. Each implementation creates its own style. There will give some more information about Signalling Server later in this section.
Let's give some quick info about technologies above.
SDP (Session Description Protocol)
SDP is a simple protocol and it is used for which codecs are supported in browsers. For instance, assume that there are two peers(Client A and Client B) which will be connected through WebRTC. Client A and Client B create SDP strings that defines which codecs they support. For example, Client A may support H264, VP8 and VP9 codecs for video, Opus and PCM codecs for audio. Client B may support only H264 for video and only Opus codec for audio. For this case, the codecs that will be used between Client A and Client B are H264 and Opus. If there are no common codecs between peers, peer to peer communication cannot be established.
You may have a question about how these SDP strings are sent between each others. This is where Signalling Server takes place.
ICE (Interactivity Connection Establishment)
ICE is the magic that establishes connection between peers even if they are behind NAT. Let's assume again Client A and Client B will get connected and take a look at how ICE is used for that.
Client A finds out their local address and public Internet address by using STUN server and sends these address to Client B through Signalling Server. Each addresses received from STUN server is called ICE candidate
In the image above, there are two servers. One of them is STUN and other of them is TURN server.
STUN server is used to let Client A learn its all addresses. Let me give an example for this, our computers generally has one local address in the 192.168.0.0 network and there is a second address we see when we connect to www.whatismyip.com, this IP address is actually the Public IP address of our Internet Gateway(modem, router, etc.) so let's define STUN server; STUN servers lets peers know theirs Public and Local IP addresses. Btw, Google provides free STUN server(stun.l.google.com:19302).
There is a one more server, TURN Server, in the image. TURN Server is used when peer to peer connection cannot be established between peers. TURN server just relays the data between peers.
Client B does the same, gets local and public IP addresses from STUN server and sends these addresses to Client A through Signalling Server.
Client A receives Client B's addresses and tries each IP addresses by sending special pings in order to create connection with Client B. If Client A receives response from any IP addresses, it puts that address in a list with its response time and other performance credentials. At last Client A choose the best addresses according to its performance.
Client B does the same in order to connect to Client A
RTP (Real Time Protocol)
RTP is a mature protocol for transmitting real-time data. It is based on UDP. Audio and Video are transmitted with RTP in WebRTC. There is a sister protocol of RTP which name is RTCP(Real-time Control Protocol) which provides QoS in RTP communication. RTP is also used in RTSP(Real-time Streaming Protocol)
Signalling Server
The last part is the Signalling Server which is not defined in WebRTC. As mentioned above, Signalling Server is used to send SDP strings and ICE Candidates between Client A and Client B. Signalling Server also decides which peers get connected to each other. WebSocket technology is generally used in Signalling Servers for communication.
Compatibility
In the last one year, all browsers including Safari, Edge have released new versions supporting WebRTC. Chrome, Firefox and Opera have already supported WebRTC for a while. The video codec that is common to browsers are H264. For the audio, Opus is common in browsers. PCM can also be used for audio codec but AAC is not used even if AAC is supported in all browsers because of licensing issues. IP Cameras generally support H264 for video codec and PCM or AAC for audio codec.
Further Reading and References
WebRTC Samples
ICE Wikipedia
SDP
RTP RFC
Getting Started with WebRTC
WebRTC.org
STUN Server
RTSP Wikipedia
Btw, I am developer at Ant Media Server which supports scalable one-to-many WebRTC and peer to peer WebRTC connection
Establishing a p2p WebRTC connection has 3 steps (10.000 feet overview) :
Step 1: Signaling: both peers connect to a signaling server (using websockets over 80/443, comet, SIP,etc..) and exchange information (about their media capabilities, public IP:port pairs when they become available, etc.)
Step 2: Discovery: Devices connected to LAN or mobile networks are not aware of their public IP (and port) where they can be reached at so they use STUN/TURN servers located on the public Internet to discover their ip:port pair (ICE candidates). In the process they punch a hole through the NAT/router which is used in step3:
Step 3: P2P connection: once the ICE candidates are exchanged through the initial signaling channel each peer is aware of each other's ip:port (and holes have been punched in NATs/routers) so a peer to peer UDP connection can be established.
The scheme above explains the process with 2 devices connected to local networks. It's part of an article I wrote that deals with troubleshooting connection issues but it does a good job of explaining how WebRTC works.
A very good explanation can be found in this book "High Performance Browser Networking (O'Reilly)" http://chimera.labs.oreilly.com/books/1230000000545/ch03.html#STUN_TURN_ICE
which provides the fundamentals on how WebRTC uses ICE technology.
In particular assuming the IP address of the STUN server is known, the WebRTC application first sends a binding request to the STUN server. The STUN server replies with a response that contains the public IP address and port of the client as seen from the public network.
Now the application discovers its public IP and port tuple which can send to the other peer through SDP. (note that SDP are sent over an external signalling channel, f.i. websocket established through a web service)
With this mechanism in place, whenever two peers want to talk to each other over UDP, they can then use the established public IP and port tuples to exchange data.
Unfortunately, in some cases UDP may be blocked by a firewall. To address this issue, whenever STUN fails, we can use the Traversal Using Relays around NAT (TURN) protocol as a fallback, which can run over UDP and switch to TCP if all else fails.
WebRTC connection starts with WebRTC offer.
Caller creates the WebRTC offer and posts it to the Signaling server which will pass the offer to the callee. Users actually passing their SDP (Session Description Protocol) information each other.
Then we need to exchange the internet connection details. it allows clients to discover their public IP address and the type of NAT they are behind. this information is used to establish the media connection. This is handled by STUN server. this process is also known as getting the ICE Candidates. This data is also exchanged via the Signalling Server.
Final step is to exchange audio and video streams true TURN (Traversal Using Relay NAT) server. This ensures the connection even thought users are behind the firewall. this server process a lot of heavy calculations so its cost is high. when you test your app in dev with different browsers, you are directly connecting each other, you are not using TURN server