turn server

From wikipedia; Traversal Using Relays around NAT (TURN) is a protocol that assists in traversal of network address translators (NAT) or firewalls for multimedia applications. It may be used with the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). It is most useful for clients on networks masqueraded by symmetric NAT devices. TURN does not aid in running servers on well known ports in the private network through a NAT; it supports the connection of a user behind a NAT to only a single peer, as in telephony, for example.

So a turn server is needed to allow end to end communication where public IP communication end points are obfuscated, such as where local IP address are behind NAT. To primary purpose of NAT is to increase the effective usability of IPv4 which has limited available public addresses by using a designated ranges of local IPv4 addresses that that do not have direct public addressability. The local addresses can only be publicly accessed via a local router that performs NAT, subject to firewall rules. It is claimed that the obfuscation of the local IP addresses provide additional security. This was not the primary purpose of NAT and is at best a secondary benefit. I believe that NAT provides minimal security benefits. The key security is the firewall setup which does not allow unsolicited access to the local area network address space. Interestingly IPv6 is not limited by address space available and hence does not require NAT for this reason. If NAT is not used with IPv6 LAN then the local address area is directly accessible from the public network, subject to the router and firewall setup. In this case a TURN server would not be required. NAT can still be used with IPv6 if wanted, in which case the TURN server would be required.

  • /app/www/public/data/pages/docker_notes/turnserver.txt
  • Last modified: 2024-04-01 Mon wk14 10:52
  • by baumkp