Closed Bug 1471700 Opened 6 years ago Closed 4 years ago

Connections to TCP or TLS TURN server for WebRTC ICE do not use configured proxy

Categories

(Core :: WebRTC: Networking, defect, P2)

Product:
Core
Component:
WebRTC: Networking
Version:
60 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: calvin.walton, Unassigned)

Details

(Whiteboard: [need info drno 2018-07-05])

Attachments

(2 files)

aboutWebrtc-esr60-turn-tcp.html
4.99 KB, text/html
Details
aboutWebrtc-esr52-turn-tcp.html
264.15 KB, text/html
Details 
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Build ID: 20180611123338

Steps to reproduce:

Configure a Windows system to use a proxy server that allows CONNECT to port 443. Configure the network firewall so the system cannot make direct outgoing connections to the internet.
Note that in my test environment, I have full DNS resolution available via a lan DNS server.

Using https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
Add a TCP or TLS TURN server that listens on port 443 (turn://example.com:443?protocol=tcp or turns://example.com:443?protocol=tcp)
and click "Gather Candidates"


Actual results:

Firefox 52 ESR:
When using a TCP turn server, two relay ICE candidates are returned.
(Firefox 52 does not support TLS turn servers.)

Firefox 60 ESR and Firefox 61:
No relay ICE candidates are returned. (This is a regression from the FF 52 behaviour.)
Upon inspecting the network (using Wireshark), I found that Firefox is attempting to connect directly to the TURN server, rather than use the configured proxy server.

Chrome 67:
A relay ICE candidate is returned.


Expected results:

Firefox should connect to the TURN server via the configured proxy server, and return a relay ICE candidate.

    
    

    
  


  

    
    

    
  
I have attached the "about:webrtc" pages from Firefox 52.9 (which successfully gathered relay candidates) and Firefox 60.1 (which did not).
Note that if you need a TURN server for testing/reproduction of this issue, please let me know and I should be able to provide credentials to mine. (I'm using the "coturn" turn server software.)

    
  
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Component: Untriaged → WebRTC: Networking
OS: Unspecified → All
Product: Firefox → Core
Hardware: Unspecified → All
Resolution: --- → DUPLICATE

    
    

    
  
Unlike Bug 1421240, I can also reproduce this issue when using Firefox's proxy configuration ("Manual proxy configuration" selection) instead of inheriting system proxy configuration.

    
  
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---

    
    

    
  
Is this known? Do we have a meta bug for proxy issues and webrtc ?
Flags: needinfo?(drno)
Whiteboard: [need info drno 2018-07-05]

    
    

    
  
Byron, Michael does any of you have an idea what could be going on here or what has changed which could explain this?
Flags: needinfo?(mfroman)
Flags: needinfo?(drno)
Flags: needinfo?(docfaraday)
Status: UNCONFIRMED → NEW
Rank: 15
Ever confirmed: true
Priority: -- → P2

    
    

    
  
I can't think of anything that has changed on the nICEr side.
Flags: needinfo?(mfroman)

    
    

    
  
I cannot reproduce this on OS X nightly. Does nightly work for you?
Flags: needinfo?(docfaraday) → needinfo?(calvin.walton)

    
    

    
  
I can still reproduce this issue with the following browser versions.
All are Windows 10 ver 1803, 64-bit.

- Firefox Beta 62.0b11
- Firefox Nightly 63.0a1 (2018-07-27)

If you cannot reproduce this on OS X, it might be Windows specific?

Note that I see the issue regardless of whether the proxy is configured in the system settings or if it is configured directly in Firefox.
Flags: needinfo?(calvin.walton)

    
    

    
  
I'm not able to reproduce this with a HTTP proxy. It works on Win 10 and OSX 10.14 if I enter the proxy configuration manually into Firefox (with "Use this proxy server for all protocols" ticked).


It does not work on Win and OSX if the proxy is configured in the network settings of the OS.


Calvin, since I only used a HTTP proxy, do you know if HTTPS vs HTTP makes a difference here?


Flags: needinfo?(calvin.walton)

    
    

    
  
Without proxy things are working. But with a firewall and a proxy in front, the communication is not starting



    
    

    
  
We've re-written our proxy code, but reporter is not responding.


Status: NEW → RESOLVED
Closed: 6 years ago4 years ago
Resolution: --- → INCOMPLETE

    
    

    
  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0


Since version 0.86 firefox cannot connect to the TURN server (turn:<turn-server>:443?transport=tcp) if proxy server is configured, and does not return a relay ICE candidate. With no proxy configured, the relay works.



    
    

    
  
(In reply to gabriel from comment #14)




User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0


Since version 0.86 firefox cannot connect to the TURN server (turn:<turn-server>:443?transport=tcp) if proxy server is configured, and does not return a relay ICE candidate. With no proxy configured, the relay works.




Does it work if the TURN server is configured as an IP address instead of a domain name?


Flags: needinfo?(gabriel)

    
    

    
  
No, it makes no difference. I have reported it as a new bug 1702417.


Flags: needinfo?(gabriel)

    
  
Flags: needinfo?(calvin.walton)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: