Answer the question
In order to leave comments, you need to log in
D
D
Dmitry2015-11-21 02:26:11
Dmitry, 2015-11-21 02:26:11
What are the P2P NAT-aware VPN solutions?
The task, it would seem, is simple: there are 2 networks in different cities, both behind NAT. Also, there is a server with an external address in the third city.
A solution is needed so that these two networks send traffic directly to each other, and break through NATs using a third server (as a STUN). What is needed is a direct connection bypassing NATA. Banal OpenVPN can also relay through the server, but this option is not suitable, because 2-3-fold delays are obtained, and the flow will be quite fat.
Relay only as a last resort -- if both clients are behind a symmetric NAT (the type of NAT can suddenly change), then relaying is still acceptable.
As I understand it, OpenVPN can only pass traffic through itself, it cannot forward clients directly. I dug more towards freelan. It seems they write that they can do everything, but in fact, I didn’t understand how to do it without port forwarding on NAT, which I don’t have access to.
I also tried Teredo, but it's completely random with it - it can work, or it can fall off after 20 minutes and not work until the next coming, it's not clear what it depends on.
Are there any solutions for such a scheme? Don't offer Linux-only, you need both Windows and Linux.
1 answer(s)
@bbk
I also found one interesting solution on this issue https://samy.pl/pwnat/ and there is also a paid Logmein Hamachi. But there can be no simple answer to this question, so I'm sure it's not always 100% possible to install a tunnel.
Here is another list of articles +/- related to the topic:
B
bbk, 2019-01-10 @bbk
Neshl, it looks like this open source product does what it needs!
zerotier.com
Peer to peer connection setup goes like this:
A wants to send a packet to B, but since it has no direct path it sends it upstream to R (a root).
If R has a direct link to B, it forwards the packet there. Otherwise it sends the packet upstream until the planetary roots are reached. Planetary roots know about all nodes, so eventually the packet will reach B if B is online.
R also sends a message called rendezvous to A containing hints about how it might reach B. Meanwhile the root that forwards the packet to B sends rendezvous informing B how it might reach A.
A and B get their rendezvous messages and attempt to send test messages to each other, possibly accomplishing hole punching of any NATs or stateful firewalls that happen to be in the way. If this works a direct link is established and packets no longer need to take the scenic route.
I also found one interesting solution on this issue https://samy.pl/pwnat/ and there is also a paid Logmein Hamachi. But there can be no simple answer to this question, so I'm sure it's not always 100% possible to install a tunnel.
Here is another list of articles +/- related to the topic:
- Methods for p2p transfer behind firewalls and NATs...
- Programming P2P application
- Direct native traffic TCP file transfer between tw...
- NAT Port Mapping Protocol
- STUN TURN ICE Explanation
- Direct native traffic TCP file transfer between tw...
- Host server at home behind ISP NAT using STUN
- On-Demand WebRTC Tunneling in Restricted Networks
- VPN with WebRTC/STUN/ICE (Question at the time of publication...
- TeamViewer VPN Linux-to-Windows equivalent
Similar questions
U
A
P
M
L
LebedevStr2017-09-26 20:21:20
Is there a VPN client with the ability to connect its own IP list?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question