wireguard-tools/contrib/nat-hole-punching
Greg Kroah-Hartman 01d00bc035 global: add SPDX tags to all files
It's good to have SPDX identifiers in all files as the Linux kernel
developers are working to add these identifiers to all files.

Update all files with the correct SPDX license identifier based on the license
text of the project or based on the license in the file itself.  The SPDX
identifier is a legally binding shorthand, which can be used instead of the
full boiler plate text.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Modified-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-12-09 22:29:28 +01:00
..
README examples: add nat-hole-punching 2016-08-24 15:47:31 +02:00
nat-punch-client.c global: add SPDX tags to all files 2017-12-09 22:29:28 +01:00
nat-punch-server.c global: add SPDX tags to all files 2017-12-09 22:29:28 +01:00

README

== NAT Hole Punching Example ==

This code should never be used, ever. But, it's a nice demonstration of how
to punch holes and have two NAT'd peers talk to each other.

Compile with:
    $ gcc nat-punch-client.c -o client -lresolv
    $ gcc nat-punch-server.c -o server


Server is 1.2.3.4 and is on the public internet accepting UDP:49918.
Client A is NAT'd and doesnt't know its IP address.
Client B is NAT'd and doesnt't know its IP address.


Server runs:
   $ ./server

Client A runs:
   # ip link add wg0 type wireguard
   # ip addr add 10.200.200.1 peer 10.200.200.2 dev wg0
   # wg set wg0 private-key ... peer ... allowed-ips 10.200.200.2/32
   # ./client 1.2.3.4 wg0
   # ping 10.200.200.2

Client B runs:
   # ip link add wg0 type wireguard
   # ip addr add 10.200.200.2 peer 10.200.200.1 dev wg0
   # wg set wg0 private-key ... peer ... allowed-ips 10.200.200.1/32
   # ./client 1.2.3.4 wg0
   # ping 10.200.200.1

And voila! Client A and Client B can speak from behind NAT.



-----
Keep in mind that this is proof-of-concept example code. It is not code that
should be used in production, ever. It is woefully insecure, and is unsuitable
for any real usage. With that said, this is useful as a learning example of
how NAT hole punching might work within a more developed solution.