π UDP Hole Punching π
Yusuke punches a hole right through your NAT
Disclaimer: This is not a production ready chat application. While it does create AES encrypted connections client <-> client
and client <-> server
, this code has not been audited or tested by any security specialists. This is simply an exercise for me to learn more about P2P networking and technologies as well as provide some examples of the technologies in use for others who are interested in learning. Additionally, the udp client does not implement a protocol that ensures the successful delivery of messages and so some will be lost over spotty connections.
Preview
Click the above image to watch a youtube video of the chat app in action. The terminal in the top right hand corner is SSHed into a VPS which runs the rendezvous server. The terminal in the bottom right is the terminal UI. The web app on the left is the GUI.
Install
go get github.com/wilfreddenton/udp-hole-punching
Usage
1. Setup rendezvous server
The main package is the rendezvous server. Find a VPS or something to host it on. You can run everything locally but it won't really be testing whether or not hole punching works because it's on the same machine. Make sure that the server has TCP and UDP ports open to incoming traffic from 0-65535.
To run it:
go install
- udp-hole-punching
2. Adjust UI settings
There are two UIs that you can use gui
which is a web UI and term-ui
which is a terminal UI. You can use any combination of UIs.
Before you use one you should open the main.go
file and switch the serverTCPIP
and serverUDPIP
constants to the IP address of your rendezvous server (no port).
To run the web UI
cd gui/ui
npm install
npm run build
cd ..
go install
gui
if your rendezvous server is running on locally orgui -serverIP=<server IP here>
- point your browser to
localhost:8000
To disconnect and start a new chat simply refresh.
To run the terminal UI
cd term-ui
go install
term-ui
if your rendezvouse server is running locallyterm-ui -serverIP=<server IP here>
To disconnect and start a new chat ctrl-c
to exit the program and run it again.
3. Find a friend
If not a friend then get access to a computer behind a different router and set up a client on there.
4. Test it out
Run the clients and provide the PeerID of one client to the other client and if the network topology permits hole punching then you will establish an encrypted connection between the clients.
Architecture
- Both clients register themselves using their ID with the rendezvous server
- Client A makes an "establish" request to the rendezvous server sending the
ID
of the peer it would like to being communicating with - Upon receiving the "establish" request from client A and verifying that both client A and the requested peer, client B, have registered, the server sends an "establish" response back to client A as well as client B informing the peers of each other's information.
- The peers can now send requests directly to each other with the information they've received from the rendezvous server. They create this connection using the hole-punching algorithm described in reference 1.
Simplification of the algorithm
To make the implementation of hole punching a little simpler, the clients to not attempt to connect to each other's private IP addresses. Clients that are behind the same NAT will still be able to connect but they will do so with public IP addresses and not private ones. The routers I have tested seemed to understand that the peers were on it's local network and facilitated the connection without going to the outside internet.