coreybrett last edited by
Is there anything I can do to improve the chances of P2P apps establishing direct connections without compromising security? I'm interested in video conferencing in particular. (Skype, FB Messenger, Google Hangouts, etc.) I have the default firewall settings (block inbound, pass outbound). I have IPv6 active also. I know port forwarding would be one option, but I'm interested in things that don't have to be configured on a case by case basis. I know pfSense acts as a symmetric NAT for v4 traffic which prevents (I think?) hole punching, but would v6 apps be able to hole punch? Thanks for any input.
Nullity last edited by
Harvy66 last edited by
Hole punching should work for UDP. Client A wants to talk to Client B. Client A sends a packet at Client B, then tells 3rd-party server to tell Client B to send a packet back. Even though Client B never got the first packet, it responded as if it did and establishes a UDP state.
Holy punching does required a 3rd-party discovery/registry service. That 3rd -party could just be another node in the swarm that has proper port forwarding.
TCP, not so much. TCP uses a random starting sequence number that is controlled by the OS. No way for a client to know it or to set it. If they could do both, then it would be possible.