How to make calls through firewalls using NAT traversal?

This article is a detailed guide about NAT traversal technologies in relation with Ozeki VoIP SIP SDK. After reading through this page you will be fully familiar with all the essential terms concerning NAT traversal methods and what you will need for creating your own solution using Ozeki VoIP SIP SDK.

Figure 1 - VoIP NAT traversal

What is NAT traversal?

NAT traversal is a general term for techniques that establish and maintain Internet protocol connections traversing network address translation (NAT) gateways. Network address translation breaks end-to-end connectivity. Intercepting and modifying traffic can only be performed transparently in the absence of secure encryption and authentication. NAT traversal techniques are typically required for client-to-client networking applications, especially peer-to-peer and Voice over IP (VoIP) deployments. Many techniques exist, but no single method works in every situation since NAT behavior is not standardized.

Many NAT traversal techniques require assistance from a server at a publicly-routable IP address. Some methods use the server only when establishing the connection, while others are based on relaying all data through it, which adds bandwidth costs and increases latency, detrimental to real-time voice and video communications.

  • Session Traversal Utilities for NAT (STUN) is a standardized set of methods, including a network protocol, used in NAT traversal for applications of real-time voice, video, messaging, and other interactive IP communications. STUN is an acronym for Session Traversal Utilities for NAT, and is documented in RFC 5389.
  • Traversal Using Relays around NAT (TURN) is a protocol that allows for an element behind a Network address translator (NAT) or firewall to receive incoming data over TCP or UDP connections. It is most useful for elements behind symmetric NATs or firewalls that wish to be on the receiving end of a connection to a single peer. TURN does not allow for users to run servers on well known ports if they are behind a NAT; it supports the connection of a user behind a NAT to only a single peer.
  • Interactive Connectivity Establishment (ICE) is a technique used in computer networking involving network address translators (NATs) in Internet applications of Voice over Internet Protocol (VoIP), peer-to-peer communications, video, instant messaging and other interactive media. In such applications, NAT traversal is an important component to facilitate communications involving hosts on private network installations, often located behind firewalls.

All these NAT traversal technologies are supported in Ozeki VoIP SIP SDK you only need to choose the suitable one for your needs.

The following program code uses the background support of Ozeki VoIP SIP SDK, therefore you will need to download and install the SDK on your computer before starting to use the program code. You will also need to have Visual Studio 2012 or compatible IDE and .NET Framework installed on your system, as the program code below is written in C# language.

How to work with NAT traversal using C#?

The NAT traversal settings can be handled by defining a NatConfiguration object that is defined in the Ozeki.Network.Nat namespace. The NatConfiguration needs a NatTraversalMethod as a basic parameter and it can get the information about the STUN or TURN server to use.

Code 1 shows the definition of three possible NatConfiguration objects. The first one does not uses NAT traversal, it can only used for LAN communication phone line definitions. The second one uses TURN traversal with a Turn server set by giving the server IP as string. The third NatConfiguration is set for Stun traversal and defines the Stun server with a NatRemoteServer object by giving the server IP and the username and password to use.

When the NAT traversal is set to None, there is no need for server definition, but you will be able to communicate only on the local area network.
In the case of the TURN and STUN traversal, you can define the Turn or Stun server to use. The server definition can be done by only setting the IP address (if there is no specified username and password to be set) or by defining a full NatRemotServer object. The NatRemoteServer can also be initialized by only adding the IP as parameter though. You can use any of these setting variations with both TURN and STUN settings.
If you just set the type of the NAT traversal, without any server information, the SDK will try to detect the server's address automatically.

NatConfiguration natConfig1 = new NatConfiguration(NatTraversalMethod.None);
NatConfiguration natConfig2 = new NatConfiguration(NatTraversalMethod.STUN, "", false);
NatConfiguration natConfig3 = new NatConfiguration("", false);

Code 1 - Three possible NAT configuration definition.

You can set to detect automatically which IP address we would like to use. If you set the configuration to "None", but you also set a NatRemoteServer object with the public IP, you will use the local address on the local network, and the public on others. You can set the detection to be automatically with this line:

NatConfiguration natConfig4 = new NatConfiguration();
natConfig4.AutoDetect = true;

The NAT configuration is needed for the phone line definition. The phone line is created for an already initialized softphone object by setting the SIP account and the NatConfiguration as parameters (Code 2).

The example code in Code 2 uses the above defined config1 configuration, but you can use any of them in the same way.

SIPAccount account = new SIPAccount(registrationRequired, displayName, userName, authenticationId, registerPassword, domainHost, domainPort);

PhoneLineConfiguration config = new PhoneLineConfiguration(account);
config.NatConfig = natConfig2;

phoneLine = softPhone.CreatePhoneLine(config);

Code 2 - Phone line definition with the NatConfiguration

You need to make sure that you have set the right NAT traversal with your own Stun or Turn server settings in the code and then, the two instructions that were shown in Code 1 and Code 2 do all you need for having the proper communication even when there is NAT between the two communicating programs.

This article introduced you the basic knowledge about NAT traversal technologies and showed how Ozeki VoIP SIP SDK can help you to fulfill your wishes about this topic. If you have read through this page carefully, you already have all the knowledge you need to start on your own solution.

As you are now familiar with all the terms concerning this topic, now it is time to take a step further and explore what other extraordinary solution Ozeki VoIP SIP SDK can provide to you.

Related Pages