pradt2 / always-online-stun

A list of publicly available STUN servers, refreshed every hour.
MIT License
568 stars 49 forks source link

Add support for stun over tcp #10

Closed Alozxy closed 2 years ago

Alozxy commented 2 years ago

Only a few servers support tcp protocol, for example, stun.mixvoip.com:3478. Hope to add a list of whether the server supports stun over tcp protocol. Thank you.

pradt2 commented 2 years ago

Hey, thanks for raising this, I will look into it in a week or two. I'm also happy to guide any contributions if you're up for it.

On a side note, what is your use case for TCP STUN servers? I've always thought of them as rather useless, since punching a TCP hole through NAT is very rarely successful these days. Do you need it purely for NAT detection in networks that ban UDP traffic?

Alozxy commented 2 years ago

Actually, I found a way to greatly increase the success rate of tcp traversal in full cone nat, with some additional measures. Use a client with a fixed local port to send packets to another server constantly (in this case is the stun client and the stun server), which will keep the nat mapping of the local port open. So, the external port is the equivalent of an open port on the public network. Using the REDIRECT target of iptables to forward inbound traffic to any other local port, which is also the equivalent of being exposed on the public network. UDP can certainly be used in this way, but it is more practical to expose a tcp port to the public network.

pradt2 commented 2 years ago

Hey, just to let you know that I haven't forgotten about your request, it's just that the STUN client I'm using doesn't support TCP, so I decided to build my own one, and it's taking some time

pradt2 commented 2 years ago

@Alozxy done