37

I'm trying to implement in a software a hole punching feature. The thing is, I'm implementing this with an already made TCP Server to communicate with Users.

Here's what I have so far :

  • "A" sends a message to an UDP Server "US" (on port 9333)
  • "US" sends back to "A" the port it has connected to (port 31000 - localport 31005)
  • "A" sends a message to a TCP Server "TS" saying he want's to connect to B (and give the port 31000)
  • "TS" sends a message to "B" giving him the "A"'s port (31000) and ip
  • "B" sends a message to "US" (on port 9333)
  • "US" sends a message to "B" telling him his port 45000 (localport 45005)
  • "B" sends a message to "TS" giving is udp port (45000)
  • "TS" sends a message to "A" giving B's udp port (45000) and ip
  • "A" start sending udp message to B's ip on port 45000 and listen on localport 31005
  • "B" start sending udp message to A's ip on port 31000 and listen on localport 45005

Of course ports 31000, 31005, 45000 and 45005 are here for example, every new connection the port change, only 9333 is static.

I know there is a lot of back-and-forth, more than it should really be. The fact is I'm bound to use the TCP server to communicate with both users, the udp server is just here to return User's port to himself so it can send it back to TCP Server.

However messages between users are not received by any... Anyone would have an idea why ?

EDIT :

I have tested my router with http://nattest.net.in.tum.de/test.php and udp hole punching works fine, so the issue is not coming from my router, but from my protocol...

When users are behind the same NAT, everything works fine, of course it uses privates ip, but it means that the code is working also, so every though leads to a protocol issue...

EDIT 2 :

Actually, I made it half work (And the problem was coming from my code actually, not the protocol... I have connected 2 users, one in 3G with an iPhone, one behind my NAT on Wifi.

The funny (well not so much) thing is, only one socket were able to receive and send data between both users. (the socket initiated by the iphone) According to the protocol I should have 2 well-connected sockets, am I wrong ?

So I managed to punch a hole in my NAT, but actually not in the cellular NAT.

Of course, I tested right away 2 iphones connected in 3G. And no one get's the message from the other.

Did I missed something about cellular NAT ?

P.S. : Sorry for updating so much my question, but since I get no answer I'm trying to find by myself...

P.S. 2 : Since I managed to punch a hole in my NAT, I have changed the title adding "on 3G"

EDIT 3 : I ran the http://nattest.net.in.tum.de/test.php test again with my computer connected to internet through my iphone's 3G connection.

Here's the result : UDP HOLE PUNCHING RESULT

Apparently all udp hole punching test were successful on the 9th test.

Further more it seems :

UDP Binding Test (?): Endpoint independent binding, port prediction is easy

So it should not be any trouble connecting 2 peers over 3G Connection (well not much than behind a "home" NAT)... Am I right ?

EDIT 4 :

Just to be sure, I now send a message to two distinct UDP Server, to check if the port and the local port are the same on 3G.

Long story short, ports (local and public) are the same when connecting on both server. so the test done on EDIT 2 was right, udp is endpoint independent, so there should not be any issue doing the hole punching I guess... (At least with my ISP)

TheSquad
  • 7,385
  • 8
  • 40
  • 79
  • 3G NAT is symmetric and Large Scale. Try this method of hole punching instead: https://drive.google.com/file/d/0B1IimJ20gG0SY2NvaE4wRVVMbG8/view?usp=sharing –  Aug 14 '15 at 17:10
  • 1
    +I for http://nattest.net.in.tum.de/test.php I was looking for such service since a long time. – Sourav Ghosh Mar 28 '17 at 08:48

2 Answers2

18

Unfortunately, there is no 100% reliable way to perform NAT hole punching with UDP. At best, you can make some guesses about how NATs and firewalls will probably behave most of the time. But there will always be exceptions and they may not be rare.

In this case, it sounds like you are using a central server to let two peers figure out each-others external port and then start sending data at each other. That's a pretty good algorithm. The problem is that the external port routing may vary depending on the destination. In other words, if A to B has an external port of 5000, there is no guarantee that A to C will also come from 5000. So having a central server record the port it sees may not help to connect anyone else.

Here are a few related questions with some more details.

Community
  • 1
  • 1
Seth Noble
  • 3,233
  • 19
  • 31
  • Hi, thank you for answering... Alas, I'm aware that there is no 100% reliable way to perform NAT hole punching with UDP :-(. However, the issue only occurs now when both peers are behind 3G Connections. I have tried behind different type of NAT, and it works for most of them (actually only symmetric NAT fails, but I was aware of that...). What I do not understand is why it does not work when both peer are on 3G, although skype and Viber seems to work fine, when both peer are on 3G – TheSquad Sep 12 '12 at 17:09
  • Like I wrote in my question, when one of the peer is behind a non-symmetric NAT and the other on 3G, one socket(out of 2) works, So I can send and receive on both devices through that socket. – TheSquad Sep 12 '12 at 17:11
  • 1
    Services like Skype route data through a central server when direct connectivity cannot be established. The most likely reason why it might not be working when both are on 3G is that the route between the mobile devices is different than the route from each to the central server. In other words, you may be going through completely different NAT devices. – Seth Noble Sep 12 '12 at 17:21
  • I'm not sure of what you say. Seen on skype website : "The Skype team succeeded in P2P communications by leveraging all of the available resources in a network, all without the need for costly centralized resources." Further more, I'm 100% sure (for knowing Viber's CTO) that Viber does not use proxies, but they managed to make it work over 3G, and I do see how !! The algorithm I use might not fit 3G Connexions, are they other algorithm which not involve Zeroconf or Upnp ? – TheSquad Sep 12 '12 at 17:50
  • 2
    Skype is bit confusing because they talk about a "peer-to-peer" network for communication and relaying instead of fixed central servers, but being part of a peer-to-peer network does not mean that data between two nodes is not being relayed between a third. I am not familiar with Viber, but if they really are UDP based and do not have a way to relay data then there will be some situations where it will not work through double NAT. – Seth Noble Sep 12 '12 at 18:59
  • Yeah, I have just saw that skype might use users computer in order to relay another users voip calls... that's odd ! Viber will not be able to do so since it is smartphone only application. – TheSquad Sep 12 '12 at 19:10
  • So, you are saying, that there is absolutely no way that 2 users can connect together (when both are on 3G connections) without using a relay server ? There is absolutely no algorithm that might work like port prediction or something ? – TheSquad Sep 12 '12 at 19:12
  • Further more...How come my cellular network allow explicitly p2p and voip, but does not allow hole punching ? – TheSquad Sep 12 '12 at 19:17
  • 1
    Not quite: I'm saying there is no 100% reliable way to connect any pair nodes when both are behind NAT. There is no algorithm which will work all the time, for all devices, and all network configurations. There are algorithms which will work much of time, but absent the ability to explicitly open ports in the NAT or scan an entire network, there will always be some circumstances or topologies where such algorithms will fail. – Seth Noble Sep 12 '12 at 19:26
  • Ok, so now I do 2 connexions to two distinct udp servers, and ports are the same...So you are positive that since ports are the same, udp hole punching should work properly ? – TheSquad Sep 13 '12 at 12:02
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/16646/discussion-between-seth-noble-and-thesquad) – Seth Noble Sep 13 '12 at 14:16
  • I awarded you the bounty since it will be soon lost, and you tried really hard to help me, but i'll keep the question open a little more while... – TheSquad Sep 19 '12 at 14:47
  • @TheSquad - Try this algorithm: https://drive.google.com/file/d/0B1IimJ20gG0SY2NvaE4wRVVMbG8/view?usp=sharing –  Aug 14 '15 at 17:12
8

The NAT you are behind is symmetric, or it changes your outgoing port number depending on your destination. Hole punching through symmetric NAT requires a different method (either TURN or UDP multi-hole punching). Try doing it this way: https://drive.google.com/file/d/0B1IimJ20gG0SY2NvaE4wRVVMbG8/view?usp=sharing