Policy Based Routing not working on WebRTC connection (P2P)

I've successfully implemented the policy-based routing package (PBR). I've configured the policy to direct traffic from specific domains and IPs to WAN2. My goal is to route all Facebook traffic through WAN2 because it offers a faster and more reliable connection. Everything seems to be working as expected, with traffic spiking in WAN2 when watching videos, chatting, and browsing.

However, I encountered an issue with video and voice calls that use WebRTC, which establishes peer-to-peer (P2P) connections. When I debug using chrome://webrtc-internals/, I noticed that the WAN IP is being paired with the ICE candidate instead of the WAN2 IP. Ideally, it should pair with the WAN2 IP (e.g., 64.xx), but instead, it's pairing with the WAN IP (e.g., 175.xxx).

I managed to capture all the *.facebook.com URLs and others, including fbsbx.com, which I believe is the STUN server because I see it on the WebRTC debugger [stun.fbsbx.com:3478].

my pbr config:

config pbr 'config'
        option enabled '1'
        option verbosity '2'
        option strict_enforcement '1'
        option resolver_set 'dnsmasq.nftset'
        option ipv6_enabled '0'
        list ignored_interface 'vpnserver'
        list ignored_interface 'wgserver'
        option boot_timeout '30'
        option rule_create_option 'add'
        option procd_reload_delay '1'
        option webui_show_ignore_target '0'
        list webui_supported_protocol 'all'
        list webui_supported_protocol 'tcp'
        list webui_supported_protocol 'udp'
        list webui_supported_protocol 'tcp udp'
        list webui_supported_protocol 'icmp'

config include
        option path '/usr/share/pbr/pbr.user.aws'
        option enabled '0'

config include
        option path '/usr/share/pbr/pbr.user.netflix'
        option enabled '0'

config policy
        option name 'Ip info'
        option dest_addr 'ipinfo.io'
        option interface 'wan2'

config policy
        option name 'Ifconfig.me'
        option dest_addr 'ifconfig.me'
        option interface 'wan2'

config policy
        option name 'What is my IP'
        option dest_addr 'whatismyisp.com'
        option interface 'wan2'

config policy
        option name 'HostIP'
        option dest_addr 'hostip.info'
        option interface 'wan2'

config policy
        option name 'TestMynet'
        option dest_addr 'testmy.net'
        option interface 'wan2'

config policy
        option name 'Facebook'
        option dest_addr 'facebook.com fbcdn.net fbsbx.com fb.com fb.me wechat.com fbcdn.com fbstatic.net m.me messenger.com 157.240.235.59'
        option interface 'wan2'

Any help would be appreciated; I've been trying to fix this for three days now, and I can't find solutions.

I lack the knowledge on the ICE discovery process to suggest a solution, but it seems to me that besides creating the policy for the stun server something else is needed to mangle the ICE candidates information.

It solved by using custom user files

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.