How to override auto-detected ip and ip_local in Flashphoner (WCS) for VPN usage

hyuk

hyuk

Member
Hello

We are using AWS WCS, and we noticed that even if we manually set the ip and ip_local parameters in flashphoner.properties, WCS automatically replaces them with the detected public IP and private IP of the server.

We want to connect our relay server and WCS server through a VPN, so WCS must use the VPN IPs instead of the real public/private IPs.

Is there any configuration available to prevent WCS from auto-detecting and overriding ip and ip_local, and force WCS to use the VPN IPs?

For reference, the actual service will be applied to an environment divided into DMZ and a closed network, and AWS is currently in the testing phase.

Please provide guidance.

Thank you.
 
Max

Max

Administrator
Staff member
Good day.
Please use the special parameter
Code: 
hold_ip_settings=true
to keep ip and ip_local values set manually from overriding.
 
hyuk

hyuk

Member
I changed the IP and local_ip with this option, but the IP address didn't appear in the ice candidate list. So, I added rtc_ip = 119.10.0.2 and rtc-ip_local = 119.10.0.2 to resolve the issue.

Now, packets are arriving normally to the internal server, but there's no response from WCS. What other settings should I add?

Below is a dump of the B server VPN NIC. [root@ip-172-31-7-70 bin]# sudo tcpdump -ni wg0 udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wg0, link-type RAW (Raw IP), capture size 262144 bytes
17:01:46.865609 IP 150.10.43.147.49950 > 119.10.0.2.31014: UDP, length 144
17:01:46.994424 IP 150.10.43.147.49950 > 119.10.0.2.31014: UDP, length 144
17:01:47.115984IP 150.10.43.147.49950 > 119.10.0.2.31014: UDP, length 144
17:01:47.236245 IP 150.10.43.147.49950 > 119.10.0.2.31014: UDP, length 144

A ( private ip : 150.10.43.147 / vpn ip : 119.10.0.1 )
B ( private ip : 172.31.7.70 / vpn ip : 119.10.0.2 )
 
Max

Max

Administrator
Staff member
hyuk said:
I changed the IP and local_ip with this option, but the IP address didn't appear in the ice candidate list. So, I added rtc_ip = 119.10.0.2 and rtc-ip_local = 119.10.0.2 to resolve the issue.
Click to expand...
Use
Code: 
rtc_ice_add_local_interface=true
instead.
In this case, ip_local should be added to candidates list.
 
hyuk

hyuk

Member
Even with these settings, it seems like Server B isn't responding to Server A.
Can I send a response from the WCS server using the VPN network interface?
I'm asking because I'm wondering if it's possible to only send a response via the actual physical interface.

Below is the udp of all interfaces of server b.
A public ip - 3.34.141.204
stun packet 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144

11:52:26.820203 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:26.820239 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:26.958112 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:26.958191 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:27.079337 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:27.079392 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:27.079431 IP 172.31.7.70.51820 > 3.34.141.204.51820: UDP, length 240
11:52:27.215107 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:27.215169 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:27.280595 IP 172.31.7.70.38172 > 169.254.169.123.ntp: NTPv4, Client, length 48
11:52:27.280887 IP 169.254.169.123.ntp > 172.31.7.70.38172: NTPv4, Server, length 48
11:52:27.336371 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:27.336412 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:27.473218 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:27.473258 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:27.609918 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:27.609960 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:27.731302 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:27.731357 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:27.854546 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:27.854586 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:27.977174 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:27.977225 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:28.116035 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:28.116090 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:28.116160 IP 172.31.7.70.51820 > 3.34.141.204.51820: UDP, length 240
11:52:28.238167 IP 172.31.7.70.51820 > 3.34.141.204.51820: UDP, length 128
11:52:28.245226 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 128
11:52:28.245346 IP 172.31.7.70.51820 > 3.34.141.204.51820: UDP, length 96
11:52:28.249395 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:28.249437 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:28.370041 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:28.370095 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:28.493340 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:28.493395 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:28.633178 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:28.633243 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
11:52:28.769700 IP 3.34.141.204.51820 > 172.31.7.70.51820: UDP, length 208
11:52:28.769757 IP 119.10.0.1.56317 > 119.10.0.2.31070: UDP, length 144
 
Last edited:
You must log in or register to reply here.
Top