1

One party is connected through a symmetric NAT, other party can be accessed directly, and there is a STUN server.

The parties are going to communicate via WebRTC. Both are configured to use that STUN server.

Will it work? Do I need a STUN server just because of the WebRTC protocol or there is a real reason to have it in order to pass through that one NAT device?

Velkan
  • 344
  • 3
  • 19

1 Answers1

2

NAT devices change the address and ports of IP packets. However SIP messages contain ip address inside the payload of the IP packets that are not managed by NAT devices. SIP headers as Contact or Via or SDP data contain IP addresses and port numbers that are only valid in the context of the LAN. That's because SIP has to be helped by other mechanisms in order to fill correctly the headers of the protocol. Other VoIP protocols as the proprietary IAX2 from asterisk can traverse NAT without these problems but you only can take advantage from it if you have an asterisk server or you can install it in a public location.

Anyway, let's suppose that you must use SIP. In this case is necessary to use NAT traversal protocols. STUN protocol uses an external server to find out the public address and port of a devece behind NAT

As you can see in The STUN Protocol and VoIP – Part 1

The main purpose of the STUN protocol is to enable a device running behind a NAT device to discover its public IP and what type of NAT is running on the gateway it is connected to. It also enables the device connected behind a gateway to discover the port translation done by the gateway itself (NAT); i.e. which port other devices can use to connect to it from outside the network. Note that gateways and routers do not always make port translations; it depends on the type of NAT they are running and how it is configured. E.g. a full cone NAT configuration does not translate ports.

So, for the question about if STUN is necessary in the public server, the answer is no. It helps the client behind a NAT to find out their public adress and port in order to put the correct data in the SIP headers.

But... simmetrical NAT is a kind of NAT where devices translate a pair (private IP, private port) to different pairs (public IP, public port), depending on the external server. The device (router) is able to change, at least the public port in each connection, so, it is not worth acquiring the information from the STUN server because the real connection with the other party in the call is going to use other ports. Simmetrical NAT must be traversed through other protocols as TURN

J.M. Robles
  • 865
  • 6
  • 9
  • Technically, NAT only changes the network addresses. If you change the ports, too, that is called NAPT. See _[RFC 2663, IP Network Address Translator (NAT) Terminology and Considerations](https://tools.ietf.org/html/rfc2663)_, which says, "_There are two variations to traditional NAT, namely Basic NAT and NAPT (Network Address Port Translation)._" – Ron Maupin Oct 27 '17 at 16:19
  • Thank you for your clarification. I totally agree with you. I should have used NAPT rather than NAT in this case. Anyway, the question mentions symmetryc NAT, IMHO there is little room for doubts that devices involved change public source ports in connections to the same destination public port. – J.M. Robles Oct 27 '17 at 16:34
  • Amazing answer! Thank you. Only a question, does that mean the SIP responses will be received by the gateway instead of the actual client? So a port forwarding must be done inside the gateway as well. Am I right? – aderchox Sep 09 '20 at 07:04