coturn VS pwnat

You're welcome! If this is for mission-critical or commercial use, you will want to invest in a good TURN server to ensure a reliable connection between peers. You can either self-host your own Coturn server or pay for a service like Twilio. But if this is just a hobby project, you can just use the free Open Relay Project.

NetBird and Netmaker are similar in their capabilities and mesh offering, the same goes for Tailscale, but if we compare technical implementations, Netbird relies on the ICE and STUN protocols to discover the best path for p2p connectivity between peers. These are open WebRTC protocols with battle-tested software around them. Similarly, we use TURN for securely relaying traffic, when a p2p connection isn't possible (hard NAT). This protocol also comes from the WebRTC world and has stable and popular implementations like Coturn.

There are several options available both self-hosted and cloud provided services. A self-hosted option is to use the open source COTURN project and running it for example on an EC2 instance on AWS. The quickest way to get this up and running is to spin up an EC2 instance (ubuntu) running a Docker engine. To install Docker engine:

What does this do better than coturn (https://github.com/coturn/coturn)?

Audio/video calls is a matter of setting up a TURN server (either coturn or eturnal are typically used) and then putting the info in the Prosody config so it can inform clients. There is a short guide on setting up coturn for Prosody and eturnal shouldn't be too different.

Wiretrustee uses TURN to relay traffic in case a direct peer-to-peer connection isn't possible (happens with carrier-grade NATs).

Basically yes. The difference would be that we are trying to use more open source technologies and libraries instead of implementing our own. For example pion/ice from the WebRTC project and coturn for STUN and TURN. Both ice and coturn are used to go around NAT. We lack a peer management system that will allow to add peers dynamically. Tailscale and Zero tier have it but not open sourced. We plan to implement such a system and open source it.

Coturn as TURN relay server

You can try this... https://samy.pl/pwnat/ not sure if it handles double nat, which is common these days, but might be worth trying.

pwnat - Punches holes in firewalls and NATs.

Why wouldn't they use a solution like https://samy.pl/pwnat/ this is a long solved problem that doesn't require uPnP.

In addition to this:

Carrier grade NAT ISPs sometimes have global scope ipv6s assigned, and if the other endpoint has ipv6 support, too, you can breakout easily using the assigned ipv6.

Rather than that I would recommend reading up on DNS exfiltration techniques and things like pwnat [1] that use faked SNMP reply packets that make routers think they forgot to let a data packet through for hop traces.

And if you have the time, I'd recommend to use websockets as a tunneling protocol because it's very flexible in its payload size. I wrote a detailed article that explains the WS13 protocol and all its quirks [2]

Additionally to that it's good to know the limitations of a SOCKS proxy, hence that's what most "easy to use" implementations provide. Spoiler: forget ipv6 via socks5 proxies. I also wrote a detailed article about its quirks [3]

[1] https://github.com/samyk/pwnat

[2] https://cookie.engineer/weblog/articles/implementers-guide-t...

[3] https://cookie.engineer/weblog/articles/implementers-guide-t...