Skip to content

Nat Punching

NAT

QUICK Protocol

NAT Punching (UDP)

NAT Punching (TCP)

Create a NAT outbound to from each client to each client. IPs are sent through a third party Server.
First packet is dropped because no NAT rules on the other side. Return connection is created.

sequenceDiagram
Client 1 ->> Server : Send to Server [Client 1 internal and external IP address]
Client 2 ->> Server : Send to Server [Client 2 internal and external IP address]
Server ->> Client 2 : Send to Client 2 [Client 1 internal and external IP address]
Server ->> Client 1 : Send to Client 1 [Client 2 internal and external IP address]
Client 1 ->> Client 2 : Start a NAT route [Client 1 -> Client 2] Packet Dropped
Client 2 ->> Client 1 : Start a NAT route [Client 2 -> Client 1] Packet Accepted

Use nonce to authenticate users

Edge Cases

  1. If both Client and Server are on the same NAT no Punching needed and Internal Addresses are used.
  2. Heartbeats keep the the port mappings open and the connection alive.

Source
Implementation