Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry2015-11-21 02:26:11
VPN
Dmitry, 2015-11-21 02:26:11

What are the P2P NAT-aware VPN solutions?

The task, it would seem, is simple: there are 2 networks in different cities, both behind NAT. Also, there is a server with an external address in the third city.
A solution is needed so that these two networks send traffic directly to each other, and break through NATs using a third server (as a STUN). What is needed is a direct connection bypassing NATA. Banal OpenVPN can also relay through the server, but this option is not suitable, because 2-3-fold delays are obtained, and the flow will be quite fat.
Relay only as a last resort -- if both clients are behind a symmetric NAT (the type of NAT can suddenly change), then relaying is still acceptable.
As I understand it, OpenVPN can only pass traffic through itself, it cannot forward clients directly. I dug more towards freelan. It seems they write that they can do everything, but in fact, I didn’t understand how to do it without port forwarding on NAT, which I don’t have access to.
I also tried Teredo, but it's completely random with it - it can work, or it can fall off after 20 minutes and not work until the next coming, it's not clear what it depends on.
Are there any solutions for such a scheme? Don't offer Linux-only, you need both Windows and Linux.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
B
bbk, 2019-01-10
@bbk

Neshl, it looks like this open source product does what it needs!
zerotier.com

Peer to peer connection setup goes like this:
A wants to send a packet to B, but since it has no direct path it sends it upstream to R (a root).
If R has a direct link to B, it forwards the packet there. Otherwise it sends the packet upstream until the planetary roots are reached. Planetary roots know about all nodes, so eventually the packet will reach B if B is online.
R also sends a message called rendezvous to A containing hints about how it might reach B. Meanwhile the root that forwards the packet to B sends rendezvous informing B how it might reach A.
A and B get their rendezvous messages and attempt to send test messages to each other, possibly accomplishing hole punching of any NATs or stateful firewalls that happen to be in the way. If this works a direct link is established and packets no longer need to take the scenic route.

I also found one interesting solution on this issue https://samy.pl/pwnat/ and there is also a paid Logmein Hamachi. But there can be no simple answer to this question, so I'm sure it's not always 100% possible to install a tunnel.
Here is another list of articles +/- related to the topic:
  • Methods for p2p transfer behind firewalls and NATs...
  • Programming P2P application
  • Direct native traffic TCP file transfer between tw...
  • NAT Port Mapping Protocol
  • STUN TURN ICE Explanation
  • Direct native traffic TCP file transfer between tw...
  • Host server at home behind ISP NAT using STUN
  • On-Demand WebRTC Tunneling in Restricted Networks
  • VPN with WebRTC/STUN/ICE (Question at the time of publication...
  • TeamViewer VPN Linux-to-Windows equivalent

Similar questions
O
OMADude2019-01-04 18:16:43
How to set up a router as a VPN? 1Reply
E
Evgeny Vorobyov2020-10-20 16:47:39
Can you help me set up OpenVPN strictly for LAN connectivity? 1Reply
M
mirus2014-07-14 14:20:13
How to make a central server for OpenVPN certificates? 1Reply
K
kuzmenko_alex2014-07-16 22:33:40
Is VPN secure on a rented VPS? 2Reply
P
Pinkman2022-02-28 22:02:22
How to connect to a site through a vpn that listens to localhost? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question