blog

SEAN K.H. LIAO

TURN

Research project for June.

NATs and firewalls are the bane of peer 2 peer (p2p) connections.

terms:

TURN basics

base protocol, 3 different ways, control and data reuse the same socket pairs

Client              TURN Relay            Peer
  |                      |                  |
  |   UDP(TURN(data))    |     UDP(data)    |
  | -------------------> | ---------------> |
  |                      |                  |

Client              TURN Relay            Peer
  |                      |                  |
  |   TCP(TURN(data))    |     UDP(data)    |
  | -------------------> | ---------------> |
  |                      |                  |

Client              TURN Relay            Peer
  |                      |                  |
  | TCP(TLS(TURN(data))) |     UDP(data)    |
  | -------------------> | ---------------> |
  |                      |                  |
rfc6062, TCP to peer
Client              TURN Relay            Peer
  |                      |                  |
  |  TCP(TURN(control))  |                  |
  | -------------------> |                  |
  |   TCP(TURN(data))    |     TCP(data)    |
  | -------------------> | ---------------> |
  |                      |                  |

Client                 TURN Relay            Peer
  |                         |                  |
  | TCP(TLS(TURN(control))) |                  |
  | ----------------------> |                  |
  |  TCP(TLS(TURN(data)))   |     TCP(data)    |
  | ----------------------> | ---------------> |
  |                         |                  |

Forwarding

exposing a SOCKS5 interface

uses,

forwarding UDP

Proxy-Relay can also use TCP/TLS

Client                Proxy           TURN Relay         Peer
  |                     |                 |               |
  | TCP(SOCKS(control)) |                 |               |
  | ------------------> |                 |               |
  |   UDP(SOCKS(data))  | UDP(TURN(data)) |   UDP(data)   |
  | ------------------> | --------------> | ------------> |
  |                     |                 |               |
forwarding TCP

Proxy-Relay can also use TLS

Client                Proxy             TURN Relay          Peer
  |                     |                    |               |
  |                     | TCP(TURN(control)) |               |
  |                     | -----------------> |               |
  |   TCP(SOCKS(data))  |  TCP(TURN(data))   |   TCP(data)   |
  | ------------------> | -----------------> | ------------> |
  |                     |                    |               |

Reverse

Proxy Reverse - Relay can also use TCP/TLS

udp

Target     Proxy Reverse             TURN Relay       Proxy Server               Client
  |              |                        |                  |                     |
  |              | UDP(TURN(QUIC(hello))) | UDP(QUIC(hello)) |                     |
  |              | ---------------------> |----------------> |                     |
  |              |                        |                  | TCP(SOCKS(control)) |
  |              |                        |                  | <------------------ |
  |   UDP(data)  | UDP(TURN(QUIC(data)))  | UDP(QUIC(data))  |  UDP(SOCKS(data))   |
  | <----------- | <--------------------- | <--------------- | <------------------ |

tcp

Target     Proxy Reverse             TURN Relay       Proxy Server            Client
  |              |                        |                  |                  |
  |              | UDP(TURN(QUIC(hello))) | UDP(QUIC(hello)) |                  |
  |              | ---------------------> |----------------> |                  |
  |   TCP(data)  | UDP(TURN(QUIC(data)))  | UDP(QUIC(data))  | TCP(SOCKS(data)) |
  | <----------- | <--------------------- | <--------------- | <--------------- |

Problems