[tor-bugs] #34129 [Circumvention/Snowflake]: Use STUN to determine NAT behaviour of peers

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 13 19:04:46 UTC 2020 

#34129: Use STUN to determine NAT behaviour of peers
-------------------------------------+---------------------------
 Reporter:  cohosh                   |          Owner:  cohosh
     Type:  enhancement              |         Status:  assigned
 Priority:  Medium                   |      Milestone:
Component:  Circumvention/Snowflake  |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:                           |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:  Sponsor28
-------------------------------------+---------------------------

Comment (by cohosh):

 Replying to [ticket:34129 cohosh]:
 > - are there public STUN servers that support this feature?

 In starting to answer this question, I first set up my own STUN server
 using coturn (linked above). I'm running this just temporarily on a
 digital ocean droplet to test out the feature. The droplet has two IP
 addresses: one that was assigned to it and one floating IP that I've
 attached to the droplet.

 It didn't take much to set up, i just installed the debian package:
 {{{
 apt-get install coturn
 }}}
 and then edited the configuration file that's created at
 `/etc/turnserver.conf` to set the two listening IP addresses. This appears
 to be all that's required to add support for RFC 5780. I also disabled
 TURN so it's a STUN-only server.

 Because of how floating IP addresses with digital ocean, we'll have to use
 the floating IP as the main STUN address and leave the allocated IP as the
 additional address. I sent a STUN binding request to
 `174.138.112.125:3478` and got back a reply with the `OTHER-ADDRESS`
 attribute in the response (in addition to the usual `XOR-MAPPED-ADDRESS`)
 which shows that it supports the NAT behaviour discovery feature.

 Feel free to try it out.. I won't leave it up and running forever, just as
 long as we need to figure out how it works, find public STUN servers that
 have it, or work it into the broker for #25591.

 My next step will be to look at the pion STUN library and see whether they
 support this feature/how to use it for our purposes.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34129#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list