This is an automated archive.
The original was posted on /r/homenetworking by /u/Chomosuke123 on 2023-08-07 18:10:32+00:00.
Hello,
Reading tailscale’s documentation about how they allow peer to peer connection through UDP hole punching, there is something I don’t understand : tailscale uses wireguard, so the server to which we want to connect needs to listen on a certain port. Let’s say the client wants to connect to the server, but the server is behind a NAT, with no port forwarding. Then, tailscale uses STUN servers, and with the ip + port information, can do UDP hole punching to let the client connect to the server behind the firewall. However, this peer to peer connection only works on this particular random port, and doesn’t connect the client to the listening wireguard port ? One solution would be that they use iptables which redirects the higher ports to the wireguard ports, but I don’t think that it’s the case because it seems really impractical…
How do they manage to do this ? Is there something I don’t understand ?