mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-22 10:41:48 +00:00
4b84907998
In case of symmetric NATs, `firezone-connection` needs to fallback to using TURN to allow peers to communicate with each other. Usage of TURN requires us to make an allocation on each TURN server and bind channels for each socket that we expect the remote to send data from. Once set up, `str0m`s ICE state machine will select a candidate pair for us which in the case of symmetric NATs will be a pair of relay candidates. Allocations and channels are what makes operating a TURN server expensive. As a result, the spec requires those to be continuously refreshed if they are still in use. `firezone-connection` handles this in the `Allocation` state machine. Last but not least, this PR also slightly changes the API to tell the caller from which source socket it has to send the data. This is important to make hole-punching work if we are listening on multiple sockets.