We've some situations were some clients with default ISP router firewall and router IDS system can't connect to our PBX ( Grandstream UCM6510 via WEBRTC ) , testing configurations we've found that if we force the client to connect to the TURN ( coturn ) server in TCP mode the connection starts to work.
the configuration that works is the following
peerConnectionConfiguration: {
iceServers: [
// {
// url: 'turn:some.turn.server:3478?transport=udp',
// urls: 'turn:some.turn.server:3478?transport=udp',
// username: "anyone",
// credential: "somepassw"
// },
{
url: 'turn:some.turn.server:3478?transport=tcp',
urls: 'turn:some.turn.server:3478?transport=tcp',
username: "anyone",
credential: "somepassw"
}
],
iceTransportPolicy: 'relay',
// rtcpMuxPolicy: 'negotiate',
// bundlePolicy: 'max-compat',
iceCandidatePoolSize: 1
}
the configuration that doesn't work is the following:
peerConnectionConfiguration: {
iceServers: [
{
url: 'turn:some.turn.server:3478?transport=udp',
urls: 'turn:some.turn.server:3478?transport=udp',
username: "anyone",
credential: "somepassw"
},
{
url: 'turn:some.turn.server:3478?transport=tcp',
urls: 'turn:some.turn.server:3478?transport=tcp',
username: "anyone",
credential: "somepassw"
}
],
iceTransportPolicy: 'relay',
// rtcpMuxPolicy: 'negotiate',
// bundlePolicy: 'max-compat',
iceCandidatePoolSize: 1
}
When the client ( webbrowser .. chrome 90 ) connects to the turn server in udp relay mode the connection pair for the transports goes to "connected" mode but the transport stays forever in "connecting" and the dtls sessions never gets stablished because the remote peer certificate never arrives.
So the scheme of the connection is
PBX (UDP) <-> TURN ( UDP <-> TCP ) <-> CLIENT (TCP)
We know that if there is packet loss the connection is going to be more slow because of the nature of TCP, the question here is, if we enable DTLS over UDP on port 443 (assuming that the firewall and the IDS system don't block the packets) is going to be more performant than plain TCP Turn mode without TLS ?
Ps: clients can connect to webpages over TLS 1.3 over http/3 on their browsers , i'm assuming that connection goes over UDP