How to use stun correctly?

B

beatsspam2018-06-18 19:40:28

Computer networks

beatsspam, 2018-06-18 19:40:28

Interested in a superficial algorithm for working with stun udp to bypass Nat. Let's go without a specific programming language. I see it like this:

From computer #1 I turn to the stun server, I get my external ip: port. I disconnect from the stun server, close the socket.
On computer #1, I create a socket to listen on the newly received port. + - I optionally add this port via UPnP to the 1k1 routing table.
From computer #2, I can now send packets to the ip:port of computer #1, which it received via stun.

Now confirm or deny this or not? I ask because such a scheme did not work on port restricted nat for two providers, Rostelecom and MTS (both 100 Mbps fiber optics).

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

T

Tyranron, 2018-06-24
@Tyranron

Well, using STUN itself is quite simple - go to the server and get your external IP + port, which is what you wrote about.
The question, it turns out, is more about how to organize NAT penetration using STUN, that is, signaling.
In general, an exhaustive answer is given in RFC 5245 - Interactive Connectivity Establishment (ICE) (used in WebRTC).
More understandable language from Mozilla .
Note that the diagrams first createRTCPeerConnection, what is Caller, what is Callee. I'm not quite aware of what happens under the hood, but I can assume that a listening socket is first created, because there is already a request to the STUN server, which "pierces" the routing table and returns the "pierced" external port + address, which is sent to another node, and only then another node can connect to the "broken" external port.