Those of you who are using VoIP clients on their PCs or smart phones know that there are a plethora of settings which can be changed. If you’re just starting out in the VoIP world, most of these parameters will be unknown to you and I suggest that you don’t fiddle with them for fear of breaking something. Many VoIP clients these days try to automatically configure themselves depending on the network that you use and manually changing something might disturb this delicate balance. These precautions are necessary because VoIP is not standardized throughout the world and each situation is slightly different requiring a unique configuration.
If you know what you’re doing however or are experiencing problems with using VoIP, you might want to experiment with some of the configurations to try and improve the situation. One item you will most likely find in your settings screen is the STUN server. To understand what this does, it’s important that you understand the problems that VoIP has sitting behind a NAT firewall. A NAT firewall doesn’t allow external devices to connect directly to the clients sitting behind it. It hides their internal IP addresses from the outside world both for security reasons and because public IP addresses are scarce. VoIP however is a P2P protocol – meaning that for the call to continue, both clients have to be in direct contact with each other. For this to happen, each client has to be aware of the external IP address and port at which the other is reachable. But clients sitting behind a NAT firewall do not themselves know what port has been assigned to them by the router.
With each client in ignorance, there’s no way for either one to find out the external address and port at which the other can be reached. An STUN server tries to supply this information. The VoIP client sends a message to the STUN server at the specified IP address which you supplied in the configuration settings. It responds with the external IP address and port that it sees the message coming from and is therefore the address at which the VoIP client is directly reachable sitting behind the NAT. There are some setups known as symmetric NATs that change the external IP address and port of every client depending on the IP address it’s connecting to. The STUN server setup doesn’t work at all for this kind of network topology. There is another kind of setup known as an outbound NAT that also presents serious problems for any STUN mechanism. There are other protocols to deal with these situations. The ICE methodology is one such example.
Regardless, the STUN setup is a useful one in many situations and should be used whenever possible.