STUN (Simple Traversal of UDP through NATs (Network Address Translation))

STUN, defined in RFC 3489 (replaced by RFC 5389), assists devices behind a NAT firewall or router with their packet routing.

enables a device to find out its public IP address and the type of NAT service its sitting behind

By querying a STUN server with a known public address, the STUN client learns the public IP and port address that were allocated by this client’s) NAT.

operates on TCP and UDP port 3478
uses DNS SRV records to find STUN servers attached to a domain. The service name is _stun._udp or _stun._tcp
Unfortunately, it is not (yet) widely supported by VOIP devices

Note: The STUN RFC states: This protocol is not a cure-all for the problems associated with NAT.

Open source STUN servers - see http://www.voip-info.org/wiki/view/STUN Links to an external site..

Slide Notes

J. Rosenberg, J. Weinberger, C. Huitema, and R. Mahy, “Simple Traversal of UDP through NATs (STUN)”, RFC 3489, March 2003, Obsoleted by RFC 5389 http://www.ietf.org/rfc/rfc3489.txt Links to an external site.

J. Rosenberg, R. Mahy, P. Matthews, and D. Wing, “Session Traversal Utilities for NAT (STUN)”, Internet Request for Comments, RFC Editor, RFC 5389 (Proposed Standard), ISSN 2070-1721, October 2008, http://www.rfc-editor.org/rfc/rfc5389.txt Links to an external site.

Transcript

[slide373] STUN. STUN basically works by having a set of well-known addresses. We can look up DNS service records, so we can find the STUN servers, and then off it goes and does whatever it's going to do. So there are a number of people who run publicly available STUN servers to help people out. You can follow that URL and you can find a set of them.