Link to this headingNAT
Link to this headingQUICK Protocol
Link to this headingNAT Punching (UDP)
Link to this headingNAT Punching (TCP)
https://robertsdotpm.github.io/cryptography/tcp_hole_punching.html
Create a NAT outbound to from each client to each client. IPs are sent through a third party Server.
First packet is dropped because no NAT rules on the other side. Return connection is created.
sequenceDiagram
Client 1 ->> Server : Send to Server [Client 1 internal and external IP address]
Client 2 ->> Server : Send to Server [Client 2 internal and external IP address]
Server ->> Client 2 : Send to Client 2 [Client 1 internal and external IP address]
Server ->> Client 1 : Send to Client 1 [Client 2 internal and external IP address]
Client 1 ->> Client 2 : Start a NAT route [Client 1 -> Client 2] Packet Dropped
Client 2 ->> Client 1 : Start a NAT route [Client 2 -> Client 1] Packet Accepted
Use nonce to authenticate users
Link to this headingEdge Cases
- If both Client and Server are on the same NAT no Punching needed and Internal Addresses are used.
- Heartbeats keep the the port mappings open and the connection alive.