Incorrect public IP

[rg0now]

Often STUNner cannot determine the public IP for a Gateway even in completely legitimate uses. For instance, many private Kubernetes clusters lack a LoadBalancer and node ExternalIPs (kubeadm does not set the NodeExternalIP and the NodeExternaDNS on nodes unless it is explicitly instructed to do so), so STUNner will fall to pick up a public IP. In these cases the ICE server configs generated by the auth-svc will contain the placeholder $STUNNER_ADDR as the public IP, which is obviously wrong.

There are a couple of related issues at play here here:

• the default public IP ($STUNNER_ADDR) we use as a fallback is obviously wrong,
• if the auth-svc fails to find a public IP it should report an error instead of returning a dysfunctional TURN URI,
• the caller should have a way to manually enforce the public IP in the TURN server URIs.

The plan is to implement the following logic in the auth-svc daemon to obtain a usable public IP:

• if the HTTP query contains key public-ip key then use the value of that key,
• otherwise use the public_address in the stunnerd-config config file,
• otherwise use the STUNNER_PUBLIC_ADDR environment variable (if set),
• if still no usable IP found then return a HTTP 404 error.

This issue tracks the progress on the development of this feature.