ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Understanding STUN???

    Scheduled Pinned Locked Moved Solved IT Discussion
    25 Posts 5 Posters 987 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JasGot @travisdh1
      last edited by

      @travisdh1 said in Understanding STUN???:

      @jasgot said in Understanding STUN???:

      @travisdh1 said in Understanding STUN???:

      You'll need to open network ports to the UniFi controller on the firewall it sits behind.

      Except I'm not certain I even want STUN. If it does not provide a required component for these APS to work (they are working without it now) , I'll likely to leave those ports closed on the controller side.

      That's the thing, they'll work in the current configuration, but you can't update any settings.

      How so? I can make all kinds of changes and even open a debug terminal to it without STUN working.

      travisdh1T scottalanmillerS 2 Replies Last reply Reply Quote 0
      • travisdh1T
        travisdh1 @JasGot
        last edited by

        @jasgot said in Understanding STUN???:

        @travisdh1 said in Understanding STUN???:

        @jasgot said in Understanding STUN???:

        @travisdh1 said in Understanding STUN???:

        You'll need to open network ports to the UniFi controller on the firewall it sits behind.

        Except I'm not certain I even want STUN. If it does not provide a required component for these APS to work (they are working without it now) , I'll likely to leave those ports closed on the controller side.

        That's the thing, they'll work in the current configuration, but you can't update any settings.

        How so? I can make all kinds of changes and even open a debug terminal to it without STUN working.

        Then that makes no sense to me. If the setup is as you describe in your initial post, then there has to be some way they are communicating through both firewalls.

        J 1 Reply Last reply Reply Quote 1
        • J
          JasGot @travisdh1
          last edited by

          @travisdh1 said in Understanding STUN???:

          Then that makes no sense to me. If the setup is as you describe in your initial post, then there has to be some way they are communicating through both firewalls.

          Four APs -> Comcast Cable Modem -> Internet -> Comcast Cable Modem -> Firewall/Router -> Network Controller

          The Four APs have a 10.1.10.x address behind the cable modem
          The Network Controller has a 192.168.1.x address behind a router with a public IP.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @JasGot
            last edited by

            @jasgot said in Understanding STUN???:

            Also, is STUN so APs behind NAT can talk to other APs behind the SAME NAT?

            No, they don't communicate with each other at all. If they did, it would be LAN communications.

            1 Reply Last reply Reply Quote 1
            • scottalanmillerS
              scottalanmiller @JasGot
              last edited by

              @jasgot said in Understanding STUN???:

              I am getting STUN errors on the APs, but I'm not sure if I need to worry about it.

              The APs themselves have STUN errors? I've never seen that. Can you show the error?

              J 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @JasGot
                last edited by

                @jasgot said in Understanding STUN???:

                I am trying to understand what STUN does.

                STUN is used to coordinate exposed services that lack open, forwarded ports, behind NAT and/or public IP addresses assigned to them. The most common examples are for things like SIP phones to be able to coordinate their UDP ports with the server as they cannot connect directly.

                STUN is only for communications protocols in theory (but anything COULD use it.) It's used with SIP phones, WebRTC, etc.

                1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @JasGot
                  last edited by

                  @jasgot said in Understanding STUN???:

                  I have some UniFi APs out in the wild behind a NAT device, and I have a Network Controller in an office behind a NAT device.

                  You have a Unifi controller that does not have ports forwarded to it? I don't think that that is even possible. STUN won't help there. STUN doesn't bypass the firewall, it just moves port info around where it is needed. Unifi Controllers have to be published.

                  J 1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @JasGot
                    last edited by

                    @jasgot said in Understanding STUN???:

                    Except I'm not certain I even want STUN. If it does not provide a required component for these APS to work (they are working without it now) , I'll likely to leave those ports closed on the controller side.

                    It does nothing with APs or networking gear in general. If you are putting STUN on the APs, it is likely something that they publish as a service rather than use themselves.

                    The use of STUN does not have anything to do with which ports get opened.

                    1 Reply Last reply Reply Quote 0
                    • J
                      JasGot @scottalanmiller
                      last edited by

                      @scottalanmiller said in Understanding STUN???:

                      The APs themselves have STUN errors? I've never seen that. Can you show the error?

                      The errors are listed in the controller.

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • J
                        JasGot @scottalanmiller
                        last edited by

                        @scottalanmiller said in Understanding STUN???:

                        You have a Unifi controller that does not have ports forwarded to it?

                        It does, just not the STUN port.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @JasGot
                          last edited by

                          @jasgot said in Understanding STUN???:

                          @travisdh1 said in Understanding STUN???:

                          @jasgot said in Understanding STUN???:

                          @travisdh1 said in Understanding STUN???:

                          You'll need to open network ports to the UniFi controller on the firewall it sits behind.

                          Except I'm not certain I even want STUN. If it does not provide a required component for these APS to work (they are working without it now) , I'll likely to leave those ports closed on the controller side.

                          That's the thing, they'll work in the current configuration, but you can't update any settings.

                          How so? I can make all kinds of changes and even open a debug terminal to it without STUN working.

                          Right, because the APs reach out to the controller. They are not audio/visual equipment so they can't use STUN. They have single communications channels to their controller. It's just HTTPS, nothing more. HTTPS can't use STUN and has no need for it.

                          STUN Is used with SIP + RDP because it is three connections that have to act as one. STUN helps to coordinate them.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @JasGot
                            last edited by

                            @jasgot said in Understanding STUN???:

                            @scottalanmiller said in Understanding STUN???:

                            You have a Unifi controller that does not have ports forwarded to it?

                            It does, just not the STUN port.

                            I don't think Unifi offers STUN services anyway.

                            J 1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @JasGot
                              last edited by

                              @jasgot said in Understanding STUN???:

                              @scottalanmiller said in Understanding STUN???:

                              The APs themselves have STUN errors? I've never seen that. Can you show the error?

                              The errors are listed in the controller.

                              Can you show them?

                              1 Reply Last reply Reply Quote 0
                              • J
                                JasGot @scottalanmiller
                                last edited by

                                @scottalanmiller said in Understanding STUN???:

                                I don't think Unifi offers STUN services anyway.

                                3ee39702-cd8c-489d-906c-053a3815f438-image.png

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @JasGot
                                  last edited by

                                  @jasgot apparently Unifi uses STUN for some UDP traffic stuff in some cases. None of the normal stuff, must be log shipping which is a communications channel. They recommend having the port opened and forwarded. But it shouldn't cause problems. They noted that they only added the warning recently so it might have always had the issue without reporting it previously.

                                  J DashrenderD 2 Replies Last reply Reply Quote 2
                                  • J
                                    JasGot @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Understanding STUN???:

                                    They noted that they only added the warning recently so it might have always had the issue without reporting it previously.

                                    Okay. Sounds like I can just ignore it. I would like to be able to turn off the warning, though!

                                    scottalanmillerS 1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @JasGot
                                      last edited by

                                      @jasgot said in Understanding STUN???:

                                      @scottalanmiller said in Understanding STUN???:

                                      They noted that they only added the warning recently so it might have always had the issue without reporting it previously.

                                      Okay. Sounds like I can just ignore it. I would like to be able to turn off the warning, though!

                                      Yeah, very ignorable. But... why not just open the port and make it go away?

                                      J 1 Reply Last reply Reply Quote 0
                                      • J
                                        JasGot @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in Understanding STUN???:

                                        Yeah, very ignorable. But... why not just open the port and make it go away?

                                        That was a good idea. It worked. Now I won't stress because something is less than perfect.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                                        • scottalanmillerS
                                          scottalanmiller @JasGot
                                          last edited by

                                          @jasgot said in Understanding STUN???:

                                          @scottalanmiller said in Understanding STUN???:

                                          Yeah, very ignorable. But... why not just open the port and make it go away?

                                          That was a good idea. It worked. Now I won't stress because something is less than perfect.

                                          LOL

                                          1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in Understanding STUN???:

                                            @jasgot apparently Unifi uses STUN for some UDP traffic stuff in some cases. None of the normal stuff, must be log shipping which is a communications channel. They recommend having the port opened and forwarded. But it shouldn't cause problems. They noted that they only added the warning recently so it might have always had the issue without reporting it previously.

                                            If by recently they mean 3 years ago, then I guess that was recent.. I've been having those errors for what seems like ages.

                                            dbeatoD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post