TCP Hole Punch (NAT Traversal) Library or something?

TobiHeidi picture TobiHeidi · Mar 14, 2010 · Viewed 27.4k times · Source

I want to do TCP Hole Punching (NAT Traversal) in C#. It can be done with a rendezvous server if needed. I found http://sharpstunt.codeplex.com/ but can not get this to work. Ideally i need some method which i give a Port Number (int) as parameter that after a call to this method is available ("Port Forwarded") at the NAT. It would be also OK if the method just returns some port number which is then available at the NAT. Has anybody done this in C# ? Can you give me working examples for sharpstunt or something else?

Answer

SilverX picture SilverX · Jun 4, 2011

In each network scenario, TCP hole punching operates in a similar way to UDP hole punching. For example, if two peers A and B are behind different NATs, each peer’s first SYN packet sent to the other peer opens up a hole associated with its public address in its respective NAT. If A’s first SYN packet to B reaches B’s NAT before B’s first SYN packet to A reaches B’s NAT, B’s NAT considers A’s SYN packet unsolicited and drops it. However, subsequently B’s first SYN packet can travel through A’s NAT successfully because A’s NAT recognises B’s public address as the destination of the outgoing session that A has initiated.

So yes. It's possible to TCP holepunch. I don't see why anyone would think otherwise.

Also, could you not create this type of bahaviour manually? It doesn't need to depend on any specific protocol as long as the steps are the same to gather all of the required information.

In general, TCP hole punching (3.2.1) proceeds as follows:

Clients: A, B Server: S

• A uses its connection with S to ask S for a connection with B. • S replies to A with B’s private and public addresses, and simultaneously sends A’s addresses to B.

• A and B asynchronously make outgoing connection at- tempts (send SYN packets) to each other’s public and private addresses, from the same port that they used to register with S. At the same time, they listen for TCP incoming connection attempts on their local TCP ports.

• A and B wait for a SYN-ACK response to their out- going SYN packets, or an incoming connection request (SYN packet). If a connection fails, the peer can retry it up to a maximum timeout period.

• Once the three-way handshake process has completed, the peers authenticate each other. If the authentica- tion fails, the peers close that connection and wait until another connection is successfully authenticated. The first successfully authenticated connection will be used to transfer TCP data.

(I know this isn't much of an answer but there wasn't enough room for a comment).