[Correction] nat traversal
Closed this issue · 5 comments
Hi,
I am using wireguard because it allows for an easy setup with NAT traversal,
probided I have a wireguard endpoint that serves as central point.
The services you list almost all show no "nat traversal" support but the ones supporting it are somehow doing the same thing: they rely on another server.
I thin kit is misleading. Wireguard can go through bad 4G mobile firewalled networks all right, provided there is a server somewhere with a fix IP.
I am not sure what exactly you mean with Nat-Traversal, but in this context it only describes if that project can somehow establish a connection between 2 peers which are behind NAT.
I believe the "central point" topology you mention doesnt really match this definition as the 2 peers dont actually have a direct connection between eachother.
Of course you can route packets over a relay, but you still havent traversed NAT by this definition (which is closer to "hole-punching" than "traversal" alone)
Granted, the defintion could be updated to include that these peers have a direct connection. But i think the mention of "NAT hole-punching" makes it clear what is meant.
Indeed, and wireguard can do that if the NAT is properly configured, no ?
Others like netguard rely on a third-party central point (a STUN or a TURN server), so they don't really fit in the definition ?
Wireguard could do that, if you used static IPs on both peers. When the IP is changing, you need someone to keep track, like using STUN.
This is how i understand the definition here: When the project allows you to take at least 2 peers with potential dynamic IPs, behind NAT and connect them directly toeachother (however that may happen), it checks this box.
Granted, wireguard can do dynamic IP clients/NAT traversal (using PersistentConnection, works very well) but endpoints need to have a static IP.
I agree with the above discussion.
NAT traversal should, perhaps, be NAT hole-punching. Can two peers with unknown/dynamic IP:PORT establish a direct wireguard connection reliably? This is nearly always going to by getting up-to-date endpoint information from some other member of the network or a control server.
A wireguard connection routed via a central server is a hub and spoke model and therefore not a mesh.