Enable P2P

  • Is there anything I can do to improve the chances of P2P apps establishing direct connections without compromising security? I'm interested in video conferencing in particular. (Skype, FB Messenger, Google Hangouts, etc.) I have the default firewall settings (block inbound, pass outbound). I have IPv6 active also. I know port forwarding would be one option, but I'm interested in things that don't have to be configured on a case by case basis. I know pfSense acts as a symmetric NAT for v4 traffic which prevents (I think?) hole punching, but would v6 apps be able to hole punch? Thanks for any input.

  • UPnP?

  • Hole punching should work for UDP. Client A wants to talk to Client B. Client A sends a packet at Client B, then tells 3rd-party server to tell Client B to send a packet back. Even though Client B never got the first packet, it responded as if it did and establishes a UDP state.

    Holy punching does required a 3rd-party discovery/registry service. That 3rd -party could just be another node in the swarm that has proper port forwarding.

    TCP, not so much. TCP uses a random starting sequence number that is controlled by the OS. No way for a client to know it or to set it. If they could do both, then it would be possible.

Log in to reply