6

I'm trying to get my head wrap around this issue...

I would like to connect two users...

Those users are already connected to a TCP server, which is aware of both public ip and connection TCP port. I was hoping to use the existing connection to the server in order to create a p2p connection between my users, since it is kind of redundant to ask them to connect to another UDP server in order to know the public port they are connected through.

Is it at all possible to resolve this without creating another server (UDP this time)?

TheSquad
  • 415
  • 1
  • 4
  • 10
  • What are you trying to do in the end? Share a file, connect to a file share, chat,...? What application are you serving? – Bart Silverstrim Sep 07 '12 at 11:44
  • I guess your question is relative to should I use udp or tcp between both users ? actually, I'm intending to try a voip for personal use... – TheSquad Sep 07 '12 at 11:51
  • So your actual question is that you have User A on one network, User B on another network, and you both see a server on a third network, and want to stream a VOIP connection by proxying through the third network? – Bart Silverstrim Sep 07 '12 at 11:56
  • Actually no, I would like to use the third server as some kind of STUN server, but since the third server use a tcp connection, I would like to know if there is a way, to punch a hole on NAT firewalls (for A and B) in order to connect them directly on p2p. The server is dedicated and does not have any firewall blocking connections. – TheSquad Sep 07 '12 at 12:00
  • Most home routers should be able to open a series of UDP ports for a direct connection if that's the route you want to take (which is better than trying to proxy). Look at the settings page for your NAT routers. – Bart Silverstrim Sep 07 '12 at 21:21

1 Answers1

9

I know this question is almost two years old, but it has no answers, so I thought I'd chime in with a way to handle this.

This is actually something that works with UDP only because it is stateless, and will not work with TCP. Your described setup with a TCP connection to a third "control" server is actually the perfect setup for this. We'll call the parties here "User A", "User B", and "Control". Here's how this works:

  • User A and User B establish a TCP connection to Control. Once established, both users send to Control a port on which they can be contacted. We'll call User A's "Port X" and User B's "Port Y".
  • Control shares the port information of User A with User B, and vice-versa.
  • User A sends a UDP packet from Port X to User B on Port Y. User B's firewall will of course reject this packet.
  • User B sends a UDP packet from Port Y to User A on Port X. User A's firewall will forward this port internally to User A, because User A's firewall just saw a packet leave User A through it out Port X and to User B on Port Y (and because it's UDP, it has no idea that it was rejected), so it assumed that a packet coming from User B on Port Y to User A on Port X is a response packet, so it lets it through.
  • User A sends another UDP packet from Port X to User B on Port Y, and it is also allowed through User B's firewall for the same reason.
  • Users A and B can now send UDP packets back and forth, and Control's participation is no longer needed.
Nick Coons
  • 387
  • 4
  • 16
  • 1
    Thank you nick for your answers. No matter this is a 2 years old question, it might help others. However I would suggest something to improve your answer. Before your first bullet point when A and B share with control their Opened port. When you are behind a NAT the device has no way to get the NAT public port opened. You have to get it from an udp listen server that will get the public port and inform the device of it. Them the device has the information to send to control. – TheSquad Jul 09 '14 at 10:49
  • I've never run into that, but I've always done smaller setups with this. I believe the NAT device will use the same port publicly as the internal device used so long as it's available, which is why I haven't had an issue with this method. I could see that if two devices internally were trying to use the same port that the NAT device would have to use a different port for one of them. But I'm not sure how a "UDP listen server" would solve that, since there's no way to guarantee that a packet sent to it would use the same port as future packets to another destination. – Nick Coons Jul 09 '14 at 22:31
  • 2
    It all depends on the NAT type. The majority of them will create a public port different from the private port and will continue to use it for every IP as long as you use the same port. This is not true for symmetric NAT, but there is no way to predict a port with symmetric NAT. Here an excellent article about hole punching : http://pdos.csail.mit.edu/papers/p2pnat.pdf – TheSquad Jul 11 '14 at 07:33
  • @NickCoons thanks for the great explanation. Would like to ask is there any available service solution or open source code to implement this? or does Amazon AWS offer such service? – Dennis Oct 19 '16 at 03:29
  • @Den Sorry, I don't know. – Nick Coons Oct 20 '16 at 06:16