Does hole punching require a UDP rendezvous server Or could it be a TCP one?

Solution 1:

I know this question is almost two years old, but it has no answers, so I thought I'd chime in with a way to handle this.

This is actually something that works with UDP only because it is stateless, and will not work with TCP. Your described setup with a TCP connection to a third "control" server is actually the perfect setup for this. We'll call the parties here "User A", "User B", and "Control". Here's how this works:

• User A and User B establish a TCP connection to Control. Once established, both users send to Control a port on which they can be contacted. We'll call User A's "Port X" and User B's "Port Y".
• Control shares the port information of User A with User B, and vice-versa.
• User A sends a UDP packet from Port X to User B on Port Y. User B's firewall will of course reject this packet.
• User B sends a UDP packet from Port Y to User A on Port X. User A's firewall will forward this port internally to User A, because User A's firewall just saw a packet leave User A through it out Port X and to User B on Port Y (and because it's UDP, it has no idea that it was rejected), so it assumed that a packet coming from User B on Port Y to User A on Port X is a response packet, so it lets it through.
• User A sends another UDP packet from Port X to User B on Port Y, and it is also allowed through User B's firewall for the same reason.
• Users A and B can now send UDP packets back and forth, and Control's participation is no longer needed.