TURN and STUN protocols for WEB RTC

What is the TURN protocol?


TURN(Traversal Using Relays around NAT) is a protocol that assists in traversal of NAT(network address translators) or firewalls for multimedia applications, it supports the connection of a client behind a NAT to only a single peer, as in telephony. TURN servers do not help in running servers on well known ports in the private network.

TURN is specified by RFC 8656.


The process begins when a user wants to connect to a peer for a data transaction, but can’t due to both client and peer being behind respective NATs. If STUN is not an option because one of the NATs is symetric, TURN must be used.


What is the STUN protocol?


STUN stands for Simple Traversal of User Datagram through Network Address Translators(NAT). The protocol is used to resolve the public IP of a device running behind a NAT, it provides a tool for hosts to discover the presence of a network address translator, and to discover the mapped, usually public Internet Protocol address and port number that the NAT has allocated for your application.


The protocol starts when the user sends a request to a STUN server on the internet, the STUN server responds with a success response that contains the IP and port of the user. The results is obscured through exclusive or(XOR) mapping to avoid translation of the packet content by application layer gateways.


Difference between the two protocols


STUN server is there to help a peer discover information about its public IP and to open up firewall ports, the problem this is addressing is that devices behind NAT routers within small private networks, NAT allows outgoing requests and their response, but block any other incoming requests. STUN servers are a temporary middleman to make requests to, which opens a port on the NAT device to allow the response to come back.


TURN server is a relay in a publicaly accessible location, in case a peer to peer connection is not possible, there are still cases where hole punching is unsuccessful, because of restrictive firewalls, in cases like these the two peers cannot connect 1 on 1 directly and because of this their traffic is relayed through a TURN server, which is a 3rd party server that both peers can connect to unrestrictedly.