Peer to peer connection without port forwarding

CabalCrow · December 5, 2024, 8:49pm

I wrote a long devlog/guide on how to establish peer to peer connection between players without them needed to port forward.

https://blog.crowsneststudio.org/posts/nat/

It is not directly related to godot, but it showcases some gdscript examples. In general it is more engine agnostic. That being said I thought it was a good idea to post it here as godot does not have guides dedicated to NAT traversal, so I figured it would be of help to people using godot.

gertkeno · December 5, 2024, 10:12pm

Open a terminal on each machine and run:
machine1: $ nc -ul 9999
machine2: $ nc -ul 9998
Here 9999 and 9998 are the ports that you want to hole punch on each machine - for machine1 we are hole punching 9999, for machine2 we are hole punching 9998. The ports in question can be the same on both machines. This command would start listening for packets on the specified port.

Send a packet to each other on another terminal via:
machine1: $ echo 'hole punched' | nc -4u 123.123.123.123 9998 -p 9999
machine2: $ echo 'hole punched' | nc -4u 213.213.213.213 9999 -p 9998

I’m surprised this works, I thought you needed UPnP to hole punch, is this a feature of UDP? I wish I knew anything about ipv6 as my ipv4 knowledge is that local networks are often very locked down without UPnP and a standard firewall.

CabalCrow · December 5, 2024, 10:17pm

UPnP does not hole punch - it straight up opens a port that ANYONE can join to. It is basically an automatic port forwarding. The trick is UPnP would also close the port afterwards. Hole punching opens a port to a specific IP:PORT depending on your NAT type - I explain the theory around it here: War on NAT, or how to let your players connect without port forwarding
And here is the explanation on how different NAT types behave: War on NAT, or how to let your players connect without port forwarding
You can also check the link in the footnotes on the STUN server documentation for more information on them.

As for ipv6 - it is not really much different in terms of the method - you just punch a hole in the ipv6 space rather than ipv4. Obviously both users have to have ipv6 access. Really the main difference is that ipv6 does not really suffer from NAT issues, except if the user makes this specifically with their router - but that would mean they know what they are doing and are doing it intentionally. For example it could be for security, but then they shouldn’t be expecting to play peer to peer games. The other difference with ipv6 is that really in there you are not actually punching a hole in the router most of the time - you are actually punching a hole in the firewall. Technically with ipv6 you could also achive a similar thing by just changing the firewall settings to allow the game.