So I’m working on a little assignment for my Highly Secure Systems paper, simple enough. Basically just a p2p communications platform on Android using RSA/ECC, Hashing and AES along with a public key authority. The entire project is quite simple, just a bit of work as long as all clients are on the same network. Communication across multiple NAT’s complicates things.
The obvious answers are either
A. Central server to pass all messages from client to client
Pro’s, Easy to implement, Con’s, security issues for clients, extra latency and limited by server’s throughput.
B. Force all clients to port forward to their device with a static IP
Pro’s, it works, Con’s too much work for clients, issues with multiple devices, needs static IP.
If anyone has any suggestions and can point me in the right direction, that would be great.
P.S., Using Java, don’t try to convince me to use another language, requirement for this paper.
I did a similar project, I didn’t have time to complete the NAT hole punching but the solution I used was that there was a central server that facilitated communications between the 2 peers. Things like what their external IPs were and what ports they were using. HERE they explain why even this might not be enough to punch the hole because the behavior of NATs aren’t standard. This SHOULD work but I never got that far.
It is possible for clients to automatically configure port-forwarding using UPnP. I’m not familiar with how this is done but a quick search revealed a whole bunch of resources. You can probably even find a finished Java library to do this for you.
Easiest thing to do would be to have a central service relay the data (making it not really p2p).
If you want real p2p, look into STUN - http://www.stunprotocol.org/ .
Also, if TCP is not a hard requirement, UDP tends to more successfully traverse firewalls - you may want to consider using it instead.
I was going to try a similar thing and project just to learn. I started looking into using bitorrents dht system but I have yet to start the project. Maybe not helpful to you but just an idea.
Thank you all for the suggestions. I now have a few different ways of tackling this issue. Good to see active developers on the forum these days too.
I recommend STUN as well.
it appears that more people tend to be waking into development roles on the forum, which is an awesome thing since we have a strong sysadmin presence. Rounds us off a bit.