Session Traversal Utilities for NAT (STUN) (original) (raw)

What is STUN?

Session Traversal Utilities for NAT (STUN) is a standardized set of methods, including a network protocol, for NAT traversal of Network address transalation (NAT) gateways in applications of real-time voice, video, messaging, and other interactive communications.

STUN is a tool used by other protocols, such as Interactive Connectivity Establishment (ICE), the Session Initiation Protocol (SIP) , and WebRTC. It provides a tool for hosts to discover the presence of a network address translator, and to discover the mapped, usually public, Internet Protocol (IP) address and port number that the NAT has allocated for the application's User Datagram Protocol (UDP) flows to remote hosts. The protocol requires assistance from a third-party network server (STUN server) located on the opposing (public) side of the NAT, usually the public Internet.

For More Information see Session Traversal Utilities for NAT (STUN).

**Why do we need STUN?

Simply put, we use STUN as a tool to help clients determine their public IP address so that they can connect to each other and the Sametime Meeting Server to send and receive Audio and Video data.

If your deployment of Meetings is all internal and there are is no NAT or Firewalls between the users and the server - then you may not need to use STUN.

If you deployment also consists of users external to your network, like people working from home, then you will likely need a STUN server to help negotiate the Audio and Video sessions.

**Default Configuration

By default, the Sametime MeetingServer is configured to use the Google Public STUN Servers.

For Docker, this information is configured in the '.env' file like this:

# STUN servers used to discover the server's public IP.
JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302

For Kubernetes, this information is configured in the 'hem/values.yaml' file like this:

jvbStunServers: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302

In both cases, this configuration is telling the server to use these STUN servers:

stun.l.google.com
stun1.l.google.com
stun2.l.google.com

Using UDP port 19302.

It is important to note that if the server (or clients) is unable to reach the configured STUN servers, n-way meetings will not work properly. When planning your deployment, make sure that the STUN servers are available over the network.

**Optional Configuration(s)

If you already have a STUN server in your environment or wish to use an alternative public STUN server, simply update the appropriate settings above before you deploy the server. It can be modified post deployment as well. For more information on this, seeConfiguring alternate STUN servers.

If your deployment does not require the use of STUN, then you can disable this by simply commenting out the appropriate line in either the .env or values.yaml file and installing the server.