0

I am a networking newbie... I have a (stupid? :) ) question regarding UDP communication.

I created two simple programs based on the boost::asio library: a server and a client. These two programs communicate via UDP sockets. Client connects to a server and starts transmitting the datagrams.

It works very well in my LAN. I use IP address to connect with the server (eg. 192.168.1.111).

What if my server application works in other LAN, and client have to connect via internet? How do I reach the server?

Only possible solutions I know are:

  • port forwarding (insecure?)
  • VPN (over-complicated)

Are there better solutions?

How is that possible that some applications (like Skype or LogMeIn...) works without VPN/port forwoarding, and user in one LAN can reach any computer in other LAN?

4pie0
  • 29,204
  • 9
  • 82
  • 118
user2449761
  • 1,169
  • 13
  • 25

1 Answers1

2

Are there better solutions?

Yes.

Skype uses the Hole Punching trick.

Assume A wants to contact B:

  • A and B are connected to server C

  • server C tells B to send dummy UDP packet to A ( to IP and port used by A for Skype connections) effectively punching a hole in it's own (B's) firewall

  • this packet is discarded by A (it goes from outside of the NAT) but now A can send UDP packets to B which will let them through firewall ( B router thinks this is a response to [dummy] packet)

This article describes it with more details: How-Skype-Co-get-round-firewalls

4pie0
  • 29,204
  • 9
  • 82
  • 118
  • Of course this makes some assumptions about the NAT implementation, that multiple streams with the same local endpoint will all undergo the same mapping. Presumably it would be more secure to use different mappings per-remote, and then this trick would fail. I don't know whether any NAT systems do it that way. – Ben Voigt Mar 14 '14 at 00:44