NCH Software Home
Home | Download | Support | Products | SiteMap

Making your Computer Accessible from the Public Internet

STUN


Below is a text transcription of the "STUN" video that is part of the Making your Computer Accessible from the Public Internet tutorial series for troubleshooting remote access to server-based applications.



If you are trying to make a computer accessible from the internet from a private local network, you may have heard STUN as a possible solution. STUN is only a solution if it is available within the application you are trying to make accessible from the Internet. If you look up STUN you will find it is an acronym for Simple Traversal of User Datagram Protocol Through Network Address Translators. That's an awful lot to digest, so we are going to try to break it down to explain what STUN does, how it would be used, and when it might solve a problem with connecting to a computer behind a router or firewall.

UDP

UDP is a common communication method in VoIP, streaming media, and games for its low overhead and ability to send broadcast messages to multiple destinations. Unfortunately, unlike TCP communication, which establishes an acknowledged connection between computers, the message is sent a single time and no connection is established. This means that when a message is sent to a computer on the public internet, the receiving computer may not be able to respond. This will often result in issues like losing the incoming audio for a VoIP phone call, or a game failing to connect to the server to start an online match.

NAT Routers

Most routers available today work as a Network Address Translator when a computer on the network request something from the internet. This is done by reformatting a request to appear as if it came directly from the router and keeping a table of where the response should be forwarded when it arrives.

Original request (PC –> Router)
[ From: Computer <192.168.1.100> ]
[ To: Internet <mysite.com> ]
[Request: Picture.jpg ]

Forwarded Request (Router –> Internet)
[ From: Router <192.168.1.1> ]
[ To: Internet <mysite.com> ]
[Request: Picture.jpg ]

Original Response (Internet –> Router)
[From: Internet <mysite.com> ]
[ To: Router <192.168.1.1> ]
[Response: Picture.jpg ]

Forwarded Response (Router –> PC)
[From: Internet <mysite.com> ]
[ To: Computer <192.168.1.100> ]
[Response: Picture.jpg ]

This model is great for web browsing and other activities that are initiated from inside the network, but what happens when we need someone on the internet to contact us? That's where STUN comes in to save the day.

How STUN works

STUN begins by opening a connection from the application's computer to a server that is on the public Internet, known as the STUN server. The application sends a message to the STUN server asking what address the STUN server would use to contact the computer where it is running. In other words, the application is asking "What address are you going to reach me at?" When the STUN server replies, the application then knows at which address the router will receive messages for it and uses this information to tell other computers on the Internet where it can be contacted. Every so often the computer will contact the STUN server again to guarantee that the connection stays open on the router. This is called a keep–alive request.

Original request (PC –> Router)
[ From: Computer <192.168.1.100>]
[ To: Internet <stunserver.com>]
[Request: What's my address?]

Forwarded Request (Router –> Internet)
[ From: Router <1.2.3.4:8888>]
[ To: Internet <stunserver.com>]
[Request: What's my address?]

Original Response (Internet –> Router)
[From: Internet <stunserver.com>]
[ To: Router <1.2.3.4:8888>]
[Response: 1.2.3.4:8888]

Forwarded Response (Router –> PC)
[From: Internet <stunserver.com>]
[ To: Computer <192.168.1.100>]
[Response: 1.2.3.4:8888]

This works for many routers, but some routers, called Symmetric NAT routers add a layer of security that prevents STUN from working. Symmetric NAT is very similar to regular NAT except that the router will only forward responses from the computer that the original request was sent to, making STUN fail in some cases. So if you get your address from stunserver.com, the only computer your Symmetric NAT will let send messages back to your computer will be stunserver.com. If you have a Symmetric NAT router you will most likely need to choose a different technique like uPNP or port forwarding to get your computer connected to the internet.

STUN details may be configured automatically in some programs and you may not be able to change them. Other programs may allow you to turn STUN on or off, while some may even let you select the STUN server you would like to use. The location of these settings will vary from program to program within tabs or menus such as connection, network, options, settings, SIP, or advanced.

After you've configured STUN within your application, you should be able to be contacted by and receive data from the outside Internet. If you find you are still having trouble with one–way (or non–existent) audio, you may need to try uPNP or port forwarding as an alternative to STUN.


Server-based Software Topics


IP Addresses
Router Issues & Port Forwarding
Firewall Configuration
STUN
Glossary of Terms

This page applies to:


BroadCam Video Streaming
BroadWave Audio Streaming
Express Invoice Invoicing
Express Accounts Accounting
Express Delegate Dictation Manager
Axon VoIP Based PBX
Express Talk VoIP Softphone
FlexiServer Staff Management
Inventoria Stock Control
IMS On-Hold Message Player
IVM Answering Attendant
Quorum Audio Conferencing
WebDictate Internet Dictation

Useful links
Download Software
Technical Support
Purchase Software
About NCH Software
Newsletter
Top | Uninstall | Privacy | Legal & EULA | Contact Us | Home
© NCH Software