Bypass Firewall Restrictions Using ICE Servers

You can use ICE servers to ensure connectivity across networks and restrictive firewall rules. There are two types of ICE servers: STUN and STUN/TURN. STUN/TURN is generally referred to as TURN. STUN and TURN servers both allow clients that are behind NAT to discover their public IP address, which remote clients need to establish a connection. TURN servers differ from STUN servers; TURN servers are capable of serving as a simple relay for traffic between two participants that are behind restrictive firewall rules.

Note

Using LiveSwitch's embedded STUN/TURN to bypass firewall restrictions is the recommended approach. Embedded STUN/TURN is available for SFU, MCU, and P2P connections.

Embedded STUN/TURN

STUN and TURN bindings are preconfigured by LiveSwitch. You only need to adjust the ICE Server values if you want to use a different STUN or TURN service.

Note

When creating a Connection object, don't set IceServers to null or any other values.

External STUN/TURN

To specify an external ICE server, create an instance of FM.LiveSwitch.IceServer.

For STUN servers, you only specify the URI of the STUN server. The URI should include the scheme, domain, and port. The scheme must be stun.
For TURN servers, you specify the URI of the TURN server, as well as the username and password to access the TURN server. The scheme must be turn.

The code samples below show how to configure two ICE servers, one for STUN and one for TURN.

Note

About the code examples on this page:

For .NET MAUI and Unity, use the C# code.
For macOS, use the iOS code.

peerConnection.IceServers = new[]
{
    new FM.LiveSwitch.IceServer("stun:stun.liveswitch.fm:3478"),
    new FM.LiveSwitch.IceServer("turn:turn.liveswitch.fm:3478", "test", "pa55w0rd!")
}

peerConnection.setIceServers(new fm.liveswitch.IceServer[] {
    new fm.liveswitch.IceServer("stun:stun.liveswitch.fm:3478"),
    new fm.liveswitch.IceServer("turn:turn.liveswitch.fm:3478", "test", "pa55w0rd!")
});

peerConnection.setIceServers([
    FMLiveSwitchIceServer(url: "stun:stun.liveswitch.fm:3478"),
    FMLiveSwitchIceServer(url: "turn:stun.liveswitch.fm:3478", username: "test", password: "pa55w0rd!")
])

peerConnection.setIceServers([
    new fm.liveswitch.IceServer("stun:stun.liveswitch.fm:3478"),
    new fm.liveswitch.IceServer("turn:turn.liveswitch.fm:3478", "test", "pa55w0rd!")
]);

Client Configuration

LiveSwitch Cloud restricts local host ICE candidates by default for SFU and MCU connections on the client side. These candidates are typically based on the private IP addresses that are not routable over the public Internet. They are not necessary to establish connectivity with the Media Servers managed by LiveSewitch Cloud. For peer connections, the default ICE Gather Policy is All, enabling direct connectivity between clients on the same network. No explicit setting of the ICE Gather Policy is required.