search

jselbie / stunserver

Version 1.2. This is the source code to STUNTMAN - an open source STUN server and client code by john selbie. Compliant with the latest RFCs including 5389, 5769, and 5780. Also includes backwards compatibility for RFC 3489. Compiles on Linux, MacOS, BSD, Solaris, and Win32 with Cygwin. Windows binaries avaialble from www.stunprotocol.org.
http://www.stunprotocol.org
Apache License 2.0
1.41k stars 347 forks source link

How to make stunserver differentiate between the listening IP and the external IP #53

Closed asbai closed 1 year ago

asbai commented 1 year ago

We have an AWS EC2 instance running stunserver. Its internal IP1 is 172.31.1.1, corresponding to the public (external) IP1 of 1.1.1.1 (BINAT), and internal IP2 is 172.31.2.2, corresponding to the public (external) IP2 of 2.2.2.2 (also through aws igw binat).

Now, using the command stunserver --mode full --primaryinterface 172.31.1.1 --altinterface 172.31.2.2, we can start the Stuntman server. However, due to its lack of awareness of its actual public (external) IP address, there are some issues when communicating with the STUN client. It requires the STUN client to send messages to the internal 172.31 subnet.

Is there any parameter that we haven't discovered yet, which can be used to inform stunserver of the external public IP addresses corresponding to its primary and secondary listening addresses?

Thanks :-)

jselbie commented 1 year ago

You want to set the "advertised addresses". There is a pair of parameters for that: --primaryadvertised and --altadvertised

Example:

stunserver --mode full --primaryinterface 172.31.1.1 --altinterface 172.31.2.2 --primaryadvertised 1.1.1.1 --altadvertised 2.2.2.2

On Tue, Sep 12, 2023 at 5:15 AM asbai @.***> wrote:

We have an AWS EC2 instance running stunserver. Its internal IP1 is 172.31.1.1, corresponding to the public (external) IP1 of 1.1.1.1 (BINAT), and internal IP2 is 172.31.2.2, corresponding to the public (external) IP2 of 2.2.2.2 (also through aws igw binat).

Now, using the command stunserver --mode full --primaryinterface 172.31.1.1 --altinterface 172.31.2.2, we can start the Stuntman server. However, due to its lack of awareness of its actual public (external) IP address, there are some issues when communicating with the STUN client. It requires the STUN client to send messages to the internal 172.31 subnet.

Is there any parameter that we haven't discovered yet, which can be used to inform stunserver of the external public IP addresses corresponding to its primary and secondary listening addresses?

Thanks :-)

— Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/53, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSFZV3DFNMCWUTS2ICNLX2BG47ANCNFSM6AAAAAA4UYIEIM . You are receiving this because you are subscribed to this thread.Message ID: @.***>

jselbie commented 1 year ago

stunserver --mode full --primaryinterface 172.31.1.1 --altinterface 172.31.2.2 --primaryadvertised 1.1.1.1 --altadvertised 2.2.2.2