Solved Understanding STUN???

scottalanmiller

@jasgot said in Understanding STUN???:

I am getting STUN errors on the APs, but I'm not sure if I need to worry about it.

The APs themselves have STUN errors? I've never seen that. Can you show the error?

scottalanmiller

@jasgot said in Understanding STUN???:

I am trying to understand what STUN does.

STUN is used to coordinate exposed services that lack open, forwarded ports, behind NAT and/or public IP addresses assigned to them. The most common examples are for things like SIP phones to be able to coordinate their UDP ports with the server as they cannot connect directly.

STUN is only for communications protocols in theory (but anything COULD use it.) It's used with SIP phones, WebRTC, etc.

scottalanmiller

@jasgot said in Understanding STUN???:

I have some UniFi APs out in the wild behind a NAT device, and I have a Network Controller in an office behind a NAT device.

You have a Unifi controller that does not have ports forwarded to it? I don't think that that is even possible. STUN won't help there. STUN doesn't bypass the firewall, it just moves port info around where it is needed. Unifi Controllers have to be published.

scottalanmiller

@jasgot said in Understanding STUN???:

Except I'm not certain I even want STUN. If it does not provide a required component for these APS to work (they are working without it now) , I'll likely to leave those ports closed on the controller side.

It does nothing with APs or networking gear in general. If you are putting STUN on the APs, it is likely something that they publish as a service rather than use themselves.

The use of STUN does not have anything to do with which ports get opened.

JasGot

@scottalanmiller said in Understanding STUN???:

The APs themselves have STUN errors? I've never seen that. Can you show the error?

The errors are listed in the controller.

JasGot

@scottalanmiller said in Understanding STUN???:

You have a Unifi controller that does not have ports forwarded to it?

It does, just not the STUN port.

scottalanmiller

@jasgot said in Understanding STUN???:

@travisdh1 said in Understanding STUN???:

@jasgot said in Understanding STUN???:

@travisdh1 said in Understanding STUN???:

You'll need to open network ports to the UniFi controller on the firewall it sits behind.

Except I'm not certain I even want STUN. If it does not provide a required component for these APS to work (they are working without it now) , I'll likely to leave those ports closed on the controller side.

That's the thing, they'll work in the current configuration, but you can't update any settings.

How so? I can make all kinds of changes and even open a debug terminal to it without STUN working.

Right, because the APs reach out to the controller. They are not audio/visual equipment so they can't use STUN. They have single communications channels to their controller. It's just HTTPS, nothing more. HTTPS can't use STUN and has no need for it.

STUN Is used with SIP + RDP because it is three connections that have to act as one. STUN helps to coordinate them.

scottalanmiller

@jasgot said in Understanding STUN???:

@scottalanmiller said in Understanding STUN???:

You have a Unifi controller that does not have ports forwarded to it?

It does, just not the STUN port.

I don't think Unifi offers STUN services anyway.

scottalanmiller

@jasgot said in Understanding STUN???:

@scottalanmiller said in Understanding STUN???:

The APs themselves have STUN errors? I've never seen that. Can you show the error?

The errors are listed in the controller.

Can you show them?

JasGot

@scottalanmiller said in Understanding STUN???:

I don't think Unifi offers STUN services anyway.

scottalanmiller

@jasgot apparently Unifi uses STUN for some UDP traffic stuff in some cases. None of the normal stuff, must be log shipping which is a communications channel. They recommend having the port opened and forwarded. But it shouldn't cause problems. They noted that they only added the warning recently so it might have always had the issue without reporting it previously.

JasGot

@scottalanmiller said in Understanding STUN???:

They noted that they only added the warning recently so it might have always had the issue without reporting it previously.

Okay. Sounds like I can just ignore it. I would like to be able to turn off the warning, though!

scottalanmiller

@jasgot said in Understanding STUN???:

@scottalanmiller said in Understanding STUN???:

They noted that they only added the warning recently so it might have always had the issue without reporting it previously.

Okay. Sounds like I can just ignore it. I would like to be able to turn off the warning, though!

Yeah, very ignorable. But... why not just open the port and make it go away?

JasGot

@scottalanmiller said in Understanding STUN???:

Yeah, very ignorable. But... why not just open the port and make it go away?

That was a good idea. It worked. Now I won't stress because something is less than perfect.

scottalanmiller

@jasgot said in Understanding STUN???:

@scottalanmiller said in Understanding STUN???:

Yeah, very ignorable. But... why not just open the port and make it go away?

That was a good idea. It worked. Now I won't stress because something is less than perfect.

LOL

Dashrender

@scottalanmiller said in Understanding STUN???:

@jasgot apparently Unifi uses STUN for some UDP traffic stuff in some cases. None of the normal stuff, must be log shipping which is a communications channel. They recommend having the port opened and forwarded. But it shouldn't cause problems. They noted that they only added the warning recently so it might have always had the issue without reporting it previously.

If by recently they mean 3 years ago, then I guess that was recent.. I've been having those errors for what seems like ages.

dbeato

@dashrender said in Understanding STUN???:

@scottalanmiller said in Understanding STUN???:

@jasgot apparently Unifi uses STUN for some UDP traffic stuff in some cases. None of the normal stuff, must be log shipping which is a communications channel. They recommend having the port opened and forwarded. But it shouldn't cause problems. They noted that they only added the warning recently so it might have always had the issue without reporting it previously.

If by recently they mean 3 years ago, then I guess that was recent.. I've been having those errors for what seems like ages.

Correct, this has been there for ages now. STUN errors are common on Cloud Controllers which is all we have.