Session Traversal Utilities for NAT (STUN)
The STUN protocol is currently has been rewritten with RFC 5389.
Originally, STUN (RFC 3489) was developed as a standalone solution for NAT traversal for several types of applications, including VoIP. However, practical experience found that the limitations of its usage in isolation made it impractical as a complete solution. There were too many NATs which didn't support hairpinning or which had address and port dependent mapping properties.
Consequently, STUN was revised:
Successor to RFC 3489 is RFC 5389 http://tools.ietf.org/html/rfc5389
The STUN protocol is currently has been rewritten with RFC 5389.
Changes to STUN Protocol
Originally, STUN (RFC 3489) was developed as a standalone solution for NAT traversal for several types of applications, including VoIP. However, practical experience found that the limitations of its usage in isolation made it impractical as a complete solution. There were too many NATs which didn't support hairpinning or which had address and port dependent mapping properties.
Consequently, STUN was revised:
- STUN now is not the standalone solution for NAT traversal, but rather it defines basic tools and mechanism for performing the traversal. The broader and most comprehensive solution for NAT traversal currently is ICE, which makes use of the new STUN protocol.
- now it is considered cutting-edge to NOT try to find out the type of NAT, and rather to discover the media path interactively using ICE. For SIP signaling, NAT traversal is being solved by the outbound draft.
- several older STUN attributes have been deprecated since STUN no longer serves the purpose to detect NAT type, and new attributes and request/indication types are introduced. Examples of deprecated STUN attributes: RESPONSE-ADDRESS, CHANGE-REQUEST, SOURCE-ADDRESS, CHANGED-ADDRESS, REFLECTED-FROM, and MAGIC-COOKIE.
- the new STUN also defines STUN usages, a mechanism to extend the STUN protocol. The STUN (draft) standard defines Binding Discovery and Binding usages. Other types of STUN usages include TURN.
- the new STUN now provides means to authenticate STUN requests and responses by using short-term or long-term credential.
Current Standard
Successor to RFC 3489 is RFC 5389 http://tools.ietf.org/html/rfc5389
Implementations
- PJNATH library from pjsip.org project is an Open Source NAT traversal library supporting ICE, STUN, and TURN.
- STUN & TURN Server - is an open source STUN & TURN Server (and client library), for UNIX/Linux platforms.
- Numb is a free STUN/TURN server.
- libnice is a free GLib based ICE (draft 19), STUN (both RFCs) and TURN (draft 11) client implementation