I am developing an applet for browser-to-browser application where User A knows User B's IP, requests connection through a port, and User B responds the request.
The main problem is that both users are behind a NAT, so just with the IP and the port is not possible to connect.
Which options do I have to solve this problem without forcing users to change their NAT configuration?
THANKS!
It is called TURN and STUN NAT traversal implementations. You may want to learn about JXTA or read the Practical JXTA II book online at Scribd for more information.
Related
I am new to networking and have a question regarding p2p and NAT traversing.
I have two PCs with known different static public IPs (IPv4). The first PC (#1) belongs to me, the second one (#2) belongs to my friend.
I want to write a simple P2P chat app which would allow me to exchange messages between these two PCs. The public IPs are known to me and my friend. Also, our local IPs are also known ( #1 is connected to a local private network where all devices share the same public IP). I would like to avoid port forwarding thus I am looking for a way to use some NAT traversal techniques. I would appreciate it if you can share thoughts on this matter.
P.S.
I am familiar with Python, C/C++, Java, C#
P.S.S.
The answer here
NAT-Traversal implementation for P2P connection
assumes port forwarding.
Here are two NAT traversal methods we always use: upnp & nat-pmp, you can search them in github and use them to realise P2P communication between two different internal IP. But one thing you need to notice is that these techs need the support of router.
If I establish a connection with a friend on Skype, the audio and video data does not go through Microsoft but directly. I also have a p2p client X that does a similar thing. I do not fully understand how this happens internally. How does a machine establish the connection with the other if there is no direct identifier such as a public IP address? Multiple computers in the same network can each do p2p or Skype calls at the same time.
I have been wondering about this for a week because I want to connect two Nodes with each other (like a socket server/client). Can you point me in the right direction?
If two clients want to connect, but neither knows the address of the other, some sort of intermediary that they both know has to be in place to help set up the connection. They both contact the intermediary with the desire to connect, the intermediary tells them both what the others direct address is, and the connection can be set up directly.
Sometimes (read: always) one or both machines share a public IP with others behind NAT, and NAT traversal techniques are needed to establish end-to-end connectivity, usually some form of ICE or SIP.
I'm looking for the name of a protocol and example code that permits handing off IP/port connections to establish unmediated P2P after introduction through a server.
Simple example:
You and I both start chat programs that connect to chatintroduce.com (fictional server). I send you a "Hi! Wanna chat?" message. It doesn't get sent. Instead my chat program tells chatintroduce to send your chat program a request for connection. You respond to a prompt and your chat program tells chatintroduce to broker the connection. Chatintroduce establishes an initial two-way connection between us. Now, this final step is important, chatintroduce releases control and our two chat programs now talk directly to each other without any traffic through chatintroduce.
In other words, I construct packets which have your IP address and you receive them without interference from firewalls, NATs or any other technologies. In other words, true peer-to-peer connection independent of intermediate server.
I need to know what search terms to use to find appropriate technology. An RFC name would suffice. I've been searching for days without success.
I think what you are looking for is TCP/UDP hole punching which typically coordinates the P2P connection using a STUN server to determine the "capabilities" of the firewalls (e.g. is it a full cone nat? symmetric?).
https://en.wikipedia.org/wiki/Hole_punching_(networking)
We employed this at a company I worked for to create a kind of BitTorrent that could circumvent firewalls for streaming video between two peers.
Note that sometimes it is NOT possible to establish a connection without the intermediary.
What you are looking for is ICE protocol. RFC 5245. This protocol is used for connecting two peers through NAT traversal. There are some open source libraries and also some proprietary libraries for this. You can search google with ICE implementation.
You will also need to read about some additional protocols. These are used with ICE protocol. They are STUN and TURN.
For some cases you can't make P2P call 100% time. You will have to use a relay server. Like if the NAT combination of two peers are Symmetric vs Symmetric/PRC. That relay server is called TURN server.
Some technique like Port forwarding and TCP/UDP hole punching will help you to increase P2P rates.
See this answer for more information about which combination of NAT will require a relay server and which don't.
Thank you. I will be looking further into ICE, STUN, TURN, and hole-punching.
I also found n2n which looks like almost exactly what I wanted.
https://github.com/meyerd/n2n
http://xmodulo.com/configure-peer-to-peer-vpn-linux.html
With n2n, one makes a VPN with a super node that all other edge nodes know.
But once the introductions are made, the super node can be absent.
This was exactly what I wanted. I hope it works across platforms (linux, MacOS, Windows).
Again, I am still researching before implementation, so your advice was very important to me.
Thank you.
Use PJNATH. Its open source.
http://www.pjsip.org/pjnath/docs/html/
There is not much open source on NAT Traversal. As far as I know PJNATH is good.
For server you can use Google's Open source STUN and TURN server.
This is my first experience with P2P and i need some help regarding the design.
I am developing a simple messenger application. I have a directory server on which every user authenticates and announces an open port on which every user is reachable. The directory server maintains the users and the ports and I can query the directory server for any specific user. This part is done. The second part is the chat which i think should be P2P. I can start a chat as well as I can be end point of a chat (client as well as server)
What is confusing me is how do I deal with P2P? Do I create two different sockets? One on which I am listening for TCP requests for incoming connections and another one from which I would send TCP requests to start chat.
In this case do I need 3 sockets, one to talk with server and two for P2P?
If you want to go P2P, you'd better use a framework, such as JXTA for example if you are coding in Java. Creating sockets may not be enough by itself, because there are more complicated issues you need to deal with such as NAT traversal if you are operating beyond your LAN.
It seems like you have a central peer (some of server). If it has a public IP address, then you could implement a TURN-like architecture (peers communicate via this central peer). If you want direct connection between peers, you are looking a STUN solutions, but you still need a central peer to facilitate the communication.
TCP Stun is not easy. UDP is not very complicated, you just need to punch a hole in your NAT. Now, keep in mind that NAT traversal is not always possible (it depends of the NAT itself). In this case, the backup solution in a STUN one.
I'm currently writing a desktop application that integrates facebook using the graph API. I'd like to implement real-time updates (http://developers.facebook.com/docs/api/realtime/), but in the doc it say's that you have to establish a http server that facebook will address to send the updates to. My problem is now that my box is sitting behind a router with only one IP-address (so the router uses NAT).
Will it still be possible for facebook to contact my webserver for sending me updates?
#kohlehydrat: Every webserver needs to have an IP address that can be reached from "anywhere" on the internet. Since your webserver is sitting behind a NAT with only one IP, I seriously doubt Facebook can reach your webserver.
However, see if you can configure the NAT in such a way to reserve a dedicated port for your application.
For example:
10.122.48.222:4231
traffic to port 4231 is directed towards your application.
10.122.48.222 is outward facing NAT IP address.
I am not sure if we can do this, but its an idea.
The router should catch port 80 requests (or whatever port your webserver is supposed to listen on) and forward it to your internal computer port 80, preferably in a consistent NAT style.
Basically, IP based communication with proper routing should not be an issue if both parties can find each other.
You Need to Do what is called as "PORT FORWARDING".
I had a similar issue initially, Then I forwarded my port where in my IP was Made Public from being local only to the company.
And now my issue is solved.
hope this helps.
this question is already closed, but since you have not received this particular answer (which is what I believe most facebook developers do in order to develop behind firewalls) I will post it here:
You can reverse tunnel your machine to any machine with a publically available ip.
see blog post on this topic
in a lot of facebook sdks, this functionality is even included ( for instance, facebooker, a ruby gem provides the functionality to rake facebooker:tunnel:start after you setup the appropriate settings)