javanetwork-programmingtcpp2pnat-traversal

How would I locate the correct IP address of another computer on my LAN which is not publicly accessible?

I am writing a distributed Java app, but the networking side of things is stumping me. For some reason it's not working correctly. I think it's because the IP address I get through ipconfig /all is not accessible from outside the LAN. I appreciate any tips or advice.

Solution

  • Overview

    You need what is commonly-known as "NAT Traversal", or ICE. There are two primary protocols used on the internet today TCP and UDP. TCP sockets carry a significant amount of session state information in them; consequently it is a significantly more difficult protocol to use for P2P than UDP.

    UDP Tunneling

    The following list is a simplified outline of the more general STUN Protocol (RFC 5389) that you could use to implement a P2P service based on UDP NAT Traversal...

    1. Deploy a UDP server with a public address and start listening for UDP packets from your clients. Clients will embed their private IP address inside the UDP packets sent to your server; it would be a good idea to implement some form of authentication to ensure you are getting connections from a valid client (instead of some random packet scanner).
    2. The server reads how their private IP address has been translated into a public IP address from the UDP Datagrams.
    3. If you want to make connections between specific users, also embed this information inside packets sent from the clients to your server; your server will implement a username directory to associate client UDP socket information with usernames (that peers will try to connect to).
    4. Your UDP server should send the corresponding information back to the other relevant peer(s).
    5. Now, peers can communicate directly by sending UDP datagrams to these translated addresses; these packets will go through client NAT devices in the path as long as the UDP ports in question are allowed and the delay introduced by this protocol does not trigger state timeouts in the NAT devices.

    After you have established UDP connectivity, you could form an UDP SSL VPN between the two clients using something like OpenVPN; this would give you a trivial channel to initiate a TCP connection between the clients. However, there are non-trivial security and trust issues to consider in this connectivity model; it is unlikely to be useful between random users on the internet.

    TCP

    If TCP connectivity is required, I suggest looking at this internet draft, MMUSIC-ICE-TCP: TCP Candidates with Interactive Connectivity Establishment (ICE)