You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Often STUNner cannot determine the public IP for a Gateway even in completely legitimate uses. For instance, many private Kubernetes clusters lack a LoadBalancer and node ExternalIPs (kubeadm does not set the NodeExternalIP and the NodeExternaDNS on nodes unless it is explicitly instructed to do so), so STUNner will fall to pick up a public IP. In these cases the ICE server configs generated by the auth-svc will contain the placeholder $STUNNER_ADDR as the public IP, which is obviously wrong.
There are a couple of related issues at play here here:
the default public IP ($STUNNER_ADDR) we use as a fallback is obviously wrong,
if the auth-svc fails to find a public IP it should report an error instead of returning a dysfunctional TURN URI,
the caller should have a way to manually enforce the public IP in the TURN server URIs.
The plan is to implement the following logic in the auth-svc daemon to obtain a usable public IP:
if the HTTP query contains key public-ip key then use the value of that key,
otherwise use the public_address in the stunnerd-config config file,
otherwise use the STUNNER_PUBLIC_ADDR environment variable (if set),
if still no usable IP found then return a HTTP 404 error.
This issue tracks the progress on the development of this feature.
The text was updated successfully, but these errors were encountered:
Often STUNner cannot determine the public IP for a Gateway even in completely legitimate uses. For instance, many private Kubernetes clusters lack a LoadBalancer and node ExternalIPs (
kubeadm
does not set theNodeExternalIP
and theNodeExternaDNS
on nodes unless it is explicitly instructed to do so), so STUNner will fall to pick up a public IP. In these cases the ICE server configs generated by the auth-svc will contain the placeholder$STUNNER_ADDR
as the public IP, which is obviously wrong.There are a couple of related issues at play here here:
$STUNNER_ADDR
) we use as a fallback is obviously wrong,The plan is to implement the following logic in the auth-svc daemon to obtain a usable public IP:
public-ip
key then use the value of that key,public_address
in thestunnerd-config
config file,STUNNER_PUBLIC_ADDR
environment variable (if set),This issue tracks the progress on the development of this feature.
The text was updated successfully, but these errors were encountered: