STUN - Session Traversal Utilities for NAT
(RFC 5389) - used in NAT Traversal for applications real-time video, voice, messaging and other IP communications that are interactive.
STUN works with the following types of NAT
- Full cone NAT
- Restricted cone NAT
- Part Restricted cone NAT
STUN does not work with bi-directional NAT (Symmetric NAT).
TURN works better with this type of NAT
STUN works as follows
- Client (OS or application) on a private network sends a "binding request" to the STUN server on the public internet.
- STUN Server sends "success response" that contains an IP address and PORT as observed from the the STUN servers. (After the Client has been natted)
Once the client is aware of its external IP address and port number it uses this external IP address and port number when communicating to its peers. This allows its peers to establish communications to the device which would otherwise not be accomplished since the client is on a private IP network.
Standard Ports for STUN
UDP/TCP 3478
TLS 5349