Stun Server

While installing the latest version of XMeeting on my Mac a couple weeks ago, I started learning about stun servers.

First, a reminder that XMeeting is the open source H.323 desktop videoconferencing software for the Mac.

The new version allows you to select a stun server to get your H.323 software to work through a firewall.

I was very intrigued by this and here’s what I’ve found out so far. Mind you, I’m not a techie – so this is just my understanding so far. Please comment and correct me if I’m wrong!!

STUN stands for “simple traversal of UDP over NATs.” A NAT is network address translation, which is where you get those “outside/public” IPs and the internal ones that usually start with 10.something or 172.something. UDP is generally the streaming traffic of the videoconferencing – the audio and the video. Have you ever connected to a site and either you’re getting just a black screen or they’re getting just a black screen. Classic firewall symptoms!

You can read more about STUN on this VOIP (voice over IP) site. The basic gist tho’ is this:

  • It’s was new in 2005, and according to the comments on the VOIP site, it’s commonly supported by VOIP devices.
  • It doesn’t work through all types of firewalls. It works through all of them except those that use symmetric NAT (see the wikipedia article).

I tried it out in three situations. Behind our firewall at work (Novell Border Manager), worked like a charm! In one of my districts (I’m pretty sure behind a CISCO firewall), no luck. Behind my brother’s cable modem/wireless router combination at home, no luck – but it was a weird old router and he’s upgrading it.

I’m really curious if the vendors like Polycom and Tandberg will include this in their new versions of endpoint software, or if they have a good reason not to support it.

If H.323 VC could be as easy as installing software on your computer, adding some classroom quality audio tools, and working through a firewall as quick as stun server did at my work, I think H.323 VC could become more mainstream…..

What do you think? Have you experimented with any of this?

0 replies on “Stun Server”

  1. Hi Janine,

    Good blog 🙂

    I few points for you:

    1. STUN is a mechanism for SIP, the equivalent H.323 mechanism is a standard called H.460.18/19

    2. TANDBERG systems with the appropriate firewall traversal infrastructure are ‘that easy’ to set up today!

    3. TANDBERG supports some aspects of STUN in the TANDBERG VCS product today and will be expanding to full support for STUN/STUN relay throughout the product line in the future.

    We do believe in the future of SIP and absolutely support the firewall traversal technology and are very active on the committees within the standards group.

    All the best,

    Sean Lessman
    TANDBERG

  2. Thanks for that Sean! I do think, though, that it would be better for K12 schools for VC to be mainstream if you didn’t have to invest in the “infrastructure” as well. I think that cost and setup pain is partly why VC isn’t mainstream in K12 schools yet.

    I say setup pain because there are many little K12 districts that without the support of an educational service agency or similar support, won’t ever be able to afford the cost and have the technical knowledge to support it.

    That’s the view from here anyway!

  3. Wouldn’t it be great if the ISP’s could provide firewall traversal/gatekeeper services like they do with DNS today…? 🙂

    Sean Lessman
    TANDBERG

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.