P2P Connectivity

NAT hole punching

Ouisync supports connections between two arbitrary peers Alice and Bob, each behind their own NAT under the following configurations:

Alice \ Bob	Public	Open	Closed	Private
Public	✅	✅	✅	✅
Open	✅	✅	✅	✅
Closed	✅	✅	✅	❌
Private	✅	✅	❌	❌

Unles specified otherwise, all terms are used as defined in RFC-4787.

Public: an open server accepting connections from anyone: signals either the absence of a NAT (e.g. a routable IP address) or a port forwarded statically (by the router administrator), automatically via IGDP, NAT-PMP or PCP, or implicitly by a very permissive firewall. Corresponds to Endpoint-Independent Mapping with Endpoint-Independent Filtering
Open: the configuration recommended by RFC-4787 for NATs that actively encourage peer to peer communication: Endpoint-Independent Mapping and Address-Dependent Filtering
Closed: a very common configuration in home networks that differs from the above by not being able to connect to the more private NATs described below. Combines Endpoint-Independent Mapping with Address and Port-Dependent Filtering
Private: common in corporate and / or mobile networks, this type of configuration is not friendly to peer-to-peer applications and can only connect to a Public or Open peer. Corresponds to either Address-Dependent Mapping or Address and Port-Dependent Mapping with arbitrary filtering behavior, though usually the same or even more restrictive than mapping

we do not and probably never will support non-deterministic NATs, nor NATs that perform port overloading
we do not currently support multi-layer NATs; if you deploy your own NAT, it is your responsibility to ensure connectivity
NAT-PMP and PCP are not currently implemented, so your CGNAT mileage may vary
while not strictly required, hairpinning is strongly recommended as a failsafe alternative for local discovery