Jump to content

To STUN or not to STUN


Recommended Posts

We're trying to make hosting multiplayer games less complex. Part of that is the potential removal of the option to host games in the multiplayer lobby without using STUN (https://gitea.wildfiregames.com/0ad/0ad/pulls/7002). Doing so would obviously break hosting for players who currently have to host without STUN, because hosting with STUN doesn't work. From my understanding of the code I believe the situation that hosting only works with STUN disabled doesn't exist though. However, as I might be wrong with that, I'd like to hear if there is anybody who can only successfully host games in the multiplayer lobby with a26 when STUN is disabled. If that's the case, I'd be interested in details about operating system, network setup and so on.

Link to comment
Share on other sites

I can host successfully with or without STUN, but I always host with STUN disabled. I have an Internet connection that is not carrier grade NAT and is not endpoint-dependent. I have the port forwarded at the router or else at the VPN endpoint. I also have the port opened in my firewall. Those are the only requirements in order to successfully host with STUN disabled. Operating system is not relevant, although I usually use Linux.

I think that there are several other users for whom hosting without STUN would work, since they have similar setups, although I think that they might be using UPnP instead of manually configuring port forwards. And, from looking at network traffic captures while connecting to some of their games, I have observed that nearly all of them happen to have STUN enabled unnecessarily. These users are the ones for whom all or nearly all users are able to connect. It would be interesting if they would test this hypothesis by temporarily disabling STUN and observing how many users can connect before and after changing that setting.

This article explains why things like carrier grade NAT disrupt STUN.

If we want to make hosting multiplayer games less complex then I think that we should support IPv6. Carrier grade NAT is increasingly common due to exhaustion of IPv4 address space. I think, though I haven't tested it, that supporting IPv6 would solve the problems that most people have with hosting and connecting.

I guess that you want to remove STUN for developer convenience because maintenance of the source code for the non-STUN code path is extra work. I want to keep the non-STUN codepath. I would be okay with manually configuring my public IP address in the settings window. Other software requires this, such as qBittorrent. However, still other software does not require this, such as Transmission. I think that Transmission uses a STUN server for querying the user's public IP address but not for initiating connections with clients. 0ad could use either of these methods to solve the problem, but I would prefer to give the user a choice.

There are advantages to disabling STUN when it's unnecessary for a hoster with correct network cofiguration. People have said that they are able to connect immediately to my games. I think that it's because the delays associated with UDP firewall hole punching are skipped when STUN isn't used for connecting. Another advantage of disabling STUN is that the hoster's firewall configuration can be tightened to only allow outbound traffic related to an already established connection, whereas STUN requires allowing new outbound traffic on a wide range of randomly selected ports.

Edited by Norse_Harold
Link to comment
Share on other sites

There are definitely many setups where hosting without STUN works just fine. What I'm interested in is if there is anybody where hosting without STUN works, but doesn't with STUN.

2 hours ago, Norse_Harold said:

People have said that they are able to connect immediately to my games. I think that it's because the delays associated with UDP firewall hole punching are skipped when STUN isn't used for connecting.

Technically that's not related to STUN, but unfortunately toggled by the same option as STUN in 0ad when hosting a game. I wouldn't be opposed to adding an option to toggle the hole punching, which is as you're suspecting what's causing some of the delay. What I'm interested in is removing the non-STUN code path for retrieving a hosts public IP address.

btw: a27 will already have a reduced delay thanks to https://code.wildfiregames.com/D5321

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...