No WebRTC connection
You attempt to log in and create a WebRTC connection in a browser application to the API Gateway. The log in succeeds, but the application fails to create a WebRTC connection.
WebRTC connection through a symmetric NAT firewall
WebRTC cannot create a connection through a symmetric NAT firewall without using a TURN (Traversal Using Relays around NAT) server.
Check with your system administrator if you are behind a symmetric NAT firewall, or run the test described here: Am I behind a Symmetric NAT?1.
Remedy
To set up a TURN server, please refer to STUN and TURN server addresses.
WebRTC connection on a local network uses mDNS
To prevent private IP addresses from leaking from a local network when running WebRTC applications, modern browsers by default send mDNS (multicast DNS) addresses as ICE Candidates to the signaling server.
mDNS relies on multicast which by default will not pass through routers. This means that in enterprise environments, mDNS will fail in many cases.
The signaling server running in the API Gateway supports a workaround for connections across routers on a local network. The signaling server will attempt to get the client's local IP network address from X-Forwarded-For and Remote_Addr headers in the HTTP request and use that to add an ICE Candidate with higher priority than the ICE Candidate with the mDNS address. This will not work in all cases; on some networks, X-Forwarded-For is removed and Remote_Addr will not contain the local IP address of client.
Remedy
As a last resort, you can try disabling browser mDNS support to force the browser to reveal the local IP network address in WebRTC connections.
In Chromium-based browsers, mDNS support can be disabled by opening chrome://flags or edge://flags and setting Anonymize local IPs exposed by WebRTC to Disabled.