Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VoIP: Stop falling back to Google for STUN #10173

Closed
manuroe opened this issue Jun 26, 2019 · 10 comments · Fixed by matrix-org/matrix-react-sdk#3309

Comments

@manuroe
Copy link
Member

commented Jun 26, 2019

From riot-ios created by manuroe: vector-im/riot-ios#2532

Stop using any hardcoded fallback URL in the SDK.

@jryans

This comment has been minimized.

Copy link
Member

commented Aug 6, 2019

We need to decide whether to replace the fallback server with something else (to preserve the same likelihood that VoIP calls can be completed) or remove the fallback entirely and hope for the best.

@neilisfragile

This comment has been minimized.

Copy link

commented Aug 6, 2019

It would be good enough to have Google STUN fallback as an option set to False. if a call fails then the user can choose to enable the option if they wish.

cc @ara4n

@dbkr

This comment has been minimized.

Copy link
Member

commented Aug 7, 2019

We also decided to use our own stun server as a fallback rather than google's. Remaining questions:

  • Do we want it to be stun.riot.im or do we just want to re-use turn.matrix.org?
  • Where do we persist the user's decision of whether to use the fallback, and how long, therefore, should we remember that decision? For that login session on that device, to account data or somewhere else?
@jryans

This comment has been minimized.

Copy link
Member

commented Aug 8, 2019

Current thinking is:

  • Use turn.matrix.org as the server name
  • Asking permission for every call to fallback in the case that HS doesn't have a STUN server

This issue may apply both to making and receiving calls.

@ara4n

This comment has been minimized.

Copy link
Member

commented Aug 8, 2019

we need to make clear that falling back to matrix.org is a hail mary which may not work (when giving them the option) and the right fix is for their server to configure turn

@neilisfragile

This comment has been minimized.

Copy link

commented Aug 9, 2019

After a huddle conclusions are:-

  • We use turn.matrix.org
  • We prompt the user on registration/sign in that they do not have a TURN server configured and that they can fall back to the matrix.org one
  • Out of pragmatism (and also as a nag to server admins to fix) store this on the client rather than account data, so each client will prompt independently
  • Need a config option to disable the consent

Separately we will create a tool to help admins trouble shoot their TURN config matrix-org/synapse#1519

@jryans jryans self-assigned this Aug 12, 2019
@jryans jryans added this to In Progress in Workflow via automation Aug 12, 2019
@jryans jryans changed the title VoIP: Stop falling back to Google for STUN VoIP: Stop falling back to Google for STUN / TURN Aug 13, 2019
@jryans jryans changed the title VoIP: Stop falling back to Google for STUN / TURN VoIP: Stop falling back to Google for STUN Aug 13, 2019
@jryans

This comment has been minimized.

Copy link
Member

commented Aug 13, 2019

Just to clarify, we'll be offering turn.matrix.org as a general fallback via the STUN protocol only (not the TURN protocol). The STUN protocol is effectively a public IP lookup only, while the TURN protocol means you also relay the data.

jryans added a commit to matrix-org/matrix-js-sdk that referenced this issue Aug 13, 2019
This changes the STUN fallback server from a Google server to one hosted at
`turn.matrix.org`.

Part of vector-im/riot-web#10173
jryans added a commit to matrix-org/matrix-js-sdk that referenced this issue Aug 13, 2019
This changes ICE server fallback to be disabled by default. The SDK consumer
will receive a new event in case the homeserver has no ICE servers of its own,
and can prompt the user to agree to the fallback if desired.

Part of vector-im/riot-web#10173
jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue Aug 13, 2019
This adds a prompt at the start of each session when the homeserver does not
have any ICE servers configured. The fallback ICE server is only used if the
user allows it. The dialog also recommends notifying the homeserver admin to
rectify the issue.

Fixes vector-im/riot-web#10173
jryans added a commit to matrix-org/matrix-js-sdk that referenced this issue Aug 13, 2019
This changes the ICE server fallback to be disabled by default. The SDK consumer
will receive a new event in case the homeserver has no ICE servers of its own,
and can prompt the user to agree to the fallback if desired.

Part of vector-im/riot-web#10173
@jryans jryans moved this from In Progress to In Review in Workflow Aug 13, 2019
@jryans

This comment has been minimized.

Copy link
Member

commented Aug 13, 2019

We have agreed to change the time of the prompt:

  • Prompt before placing a call if no TURN from HS
  • Prompt after receiving a call if the call fails and no TURN from HS
@jryans

This comment has been minimized.

Copy link
Member

commented Aug 15, 2019

After discussion with @nadonomy, we'll use the following dialog text for the prompt:

You cannot make calls

Your homeserver (test.convolv.es) isn’t configured to make voice or video calls. Ask your homeserver admin to set up a TURN server to enable them.

Alternatively, you can make voice & video calls using our public STUN server (hosted at turn.matrix.org), sharing your IP address with us. You can also manage this in Settings.

[Cancel] [Use Public Server]

@ara4n

This comment has been minimized.

Copy link
Member

commented Aug 15, 2019

Not sure the simplification works here - it's not that you can't make calls, but that it will be unreliable. And this text implies that using the public Matrix server will magically fix, which it probably won't.

Let's simplify things by only showing the warning after a call fails. We don't care if TURN is misconfigured before a call if that call then goes on to work.

How about:

Call failed due to misconfigured server

Please ask the administrator of your homeserver (arasphere.net) to configure a TURN server in order for calls to work reliably.

Alternatively, you can try to use the public server at turn.matrix.org, but this will not be as reliable, and it will share your IP address with that server. You can also manage this in Settings.

[OK] [Try using turn.matrix.org]


(Edited to add "your homeserver" - @jryans)

jryans added a commit to matrix-org/matrix-react-sdk that referenced this issue Aug 15, 2019
This adds a prompt at the start of each session when the homeserver does not
have any ICE servers configured. The fallback ICE server is only used if the
user allows it. The dialog also recommends notifying the homeserver admin to
rectify the issue.

Fixes vector-im/riot-web#10173
Workflow automation moved this from In Review to In Test Aug 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Workflow
In Test
6 participants
You can’t perform that action at this time.