diff --git a/talk/p2p/base/tcpport.cc b/talk/p2p/base/tcpport.cc
index f74ad8b822..069323a3cd 100644
--- a/talk/p2p/base/tcpport.cc
+++ b/talk/p2p/base/tcpport.cc
@@ -237,7 +237,7 @@ TCPConnection::TCPConnection(TCPPort* port, const Candidate& candidate,
     int opts = (candidate.protocol() == SSLTCP_PROTOCOL_NAME) ?
         talk_base::PacketSocketFactory::OPT_SSLTCP : 0;
     socket_ = port->socket_factory()->CreateClientTcpSocket(
-        talk_base::SocketAddress(port_->Network()->ip(), 0),
+        talk_base::SocketAddress(port->ip(), 0),
         candidate.address(), port->proxy(), port->user_agent(), opts);
     if (socket_) {
       LOG_J(LS_VERBOSE, this) << "Connecting from "
@@ -293,9 +293,19 @@ int TCPConnection::GetError() {
 
 void TCPConnection::OnConnect(talk_base::AsyncPacketSocket* socket) {
   ASSERT(socket == socket_);
-  LOG_J(LS_VERBOSE, this) << "Connection established to "
-                          << socket->GetRemoteAddress().ToSensitiveString();
-  set_connected(true);
+  // Do not use this connection if the socket bound to a different address than
+  // the one we asked for. This is seen in Chrome, where TCP sockets cannot be
+  // given a binding address, and the platform is expected to pick the
+  // correct local address.
+  if (socket->GetLocalAddress().ipaddr() == port()->ip()) {
+    LOG_J(LS_VERBOSE, this) << "Connection established to "
+                            << socket->GetRemoteAddress().ToSensitiveString();
+    set_connected(true);
+  } else {
+    LOG_J(LS_WARNING, this) << "Dropping connection as TCP socket bound to a "
+                            << "different address from the local candidate.";
+    socket_->Close();
+  }
 }
 
 void TCPConnection::OnClose(talk_base::AsyncPacketSocket* socket, int error) {
diff --git a/talk/p2p/base/turnport.cc b/talk/p2p/base/turnport.cc
index a93755d199..7fe695eb8c 100644
--- a/talk/p2p/base/turnport.cc
+++ b/talk/p2p/base/turnport.cc
@@ -297,6 +297,18 @@ void TurnPort::PrepareAddress() {
 }
 
 void TurnPort::OnSocketConnect(talk_base::AsyncPacketSocket* socket) {
+  ASSERT(server_address_.proto == PROTO_TCP);
+  // Do not use this port if the socket bound to a different address than
+  // the one we asked for. This is seen in Chrome, where TCP sockets cannot be
+  // given a binding address, and the platform is expected to pick the
+  // correct local address.
+  if (socket->GetLocalAddress().ipaddr() != ip()) {
+    LOG(LS_WARNING) << "Socket is bound to a different address then the "
+                    << "local port. Discarding TURN port.";
+    OnAllocateError();
+    return;
+  }
+
   LOG(LS_INFO) << "TurnPort connected to " << socket->GetRemoteAddress()
                << " using tcp.";
   SendRequest(new TurnAllocateRequest(this), 0);