Hacker News new | past | comments | ask | show | jobs | submit login

STUN is just for punching holes in your NAT router, and also discovering what is your public IP address. Both things will be needed for the other peer to know where to reach you. And the other way around.

Once this NAT thing has been done by both parts, and the actual communication has started directly P2P, STUN is not needed any more.




You'd also need a TURN server if both peers are behind NAT without UPnP, which is very common. STUN alone wouldn't be enough.


That is partially incorrect, STUN can punch a hole through even when both sides uses NAT in many cases. That is what I would classify as STUN’s main feature.


Note that parent said “ if both peers are behind NAT without UPnP”. As far as I know, there’s no way to punch holes / open ports automatically without UPnP.


Go read about stun.

You send outgoing packets simultaneously from both sides. Causing both sides to add nat translation entry’s to their nat tables. When the packets arrive both sides already have nat translation entries and the packets go right through the nat.


Punching holes doesn't work only when network devices in between are broken or are actively preventing it.

From the network point of view it looks the same as two hosts starting an outgoing TCP connection through nat - if that works then hole punching should work too.


Not TCP. UDP - there are no connection in UDP, so the routers / firewalls don't really differentiate between a new connection and packets that happen to have the correct ip+port.

Some are trickier than others, as there are 2 IPs and 2 ports in a packet (at any point), and it can be hard to match all of them for the stricter devices, esp. on NATs that do source port randomization.


> when network devices in between are broken or are [maliciously] actively preventing it.

Those are called "middleboxes" (IIRC) and they're unfortunately somewhat pervasive.


> STUN is just for punching holes in your NAT router, and also discovering what is your public IP address.

I know, but what I mean is that "true P2P" on our current internet architecture is not possible, you always need the help of a third party


If we are still in the 90's that definition of "true p2p" would be: two computers with both having public IPs and transferring packets via TCP. But nowadays we are always behind NATs so we became less strict with the definition of what is true p2p


IPv6 is slowly taking over, hopefully in the near future being behind a NAT will be considered abnormal (just like happened with Unicode, we're around 35% = "Unicode 2009", popularity-wise).


Then bittorrent is transcendent p2p?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: