RFC 5389 - Session Traversal Utilities for NAT (STUN)
Published: October 2008
Status: Standards Track Protocol
Authors: J. Rosenberg (Cisco), R. Mahy (Unaffiliated), P. Matthews (Unaffiliated), D. Wing (Cisco)
Obsoletes: RFC 3489
Abstract
Session Traversal Utilities for NAT (STUN) is a protocol that serves as a tool for other protocols in dealing with Network Address Translator (NAT) traversal. It can be used by an endpoint to determine the IP address and port allocated to it by a NAT. It can also be used to check connectivity between two endpoints, and as a keep-alive protocol to maintain NAT bindings. STUN works with many existing NATs, and does not require any special behavior from them.
STUN is not a NAT traversal solution by itself. Rather, it is a tool to be used in the context of a NAT traversal solution. This is an important change from the previous version of this specification (RFC 3489), which presented STUN as a complete solution.
This document obsoletes RFC 3489.
Status of This Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Contents
- 1. Introduction
- 2. Evolution from RFC 3489
- 3. Overview of Operation
- 4. Terminology
- 5. Definitions
- 6. STUN Message Structure
- 7. Base Protocol Procedures
- 7.1 Forming a Request or an Indication
- 7.2 Sending the Request or Indication
- 7.2.1 Sending over UDP
- 7.2.2 Sending over TCP or TLS-over-TCP
- 7.3 Receiving a STUN Message
- 7.3.1 Processing a Request
- 7.3.2 Processing an Indication
- 7.3.3 Processing a Success Response
- 7.3.4 Processing an Error Response
- 8. FINGERPRINT Mechanism
- 9. DNS Discovery of a Server
- 10. Authentication and Message-Integrity Mechanisms
- 10.1 Short-Term Credential Mechanism
- 10.2 Long-Term Credential Mechanism
- 11. ALTERNATE-SERVER Mechanism
- 12. Backwards Compatibility with RFC 3489
- 12.1 Changes to Client Processing
- 12.2 Changes to Server Processing
- 13. Basic Server Behavior
- 14. STUN Usages
- 15. STUN Attributes
- 15.1 MAPPED-ADDRESS
- 15.2 XOR-MAPPED-ADDRESS
- 15.3 USERNAME
- 15.4 MESSAGE-INTEGRITY
- 15.5 FINGERPRINT
- 15.6 ERROR-CODE
- 15.7 REALM
- 15.8 NONCE
- 15.9 UNKNOWN-ATTRIBUTES
- 15.10 SOFTWARE
- 15.11 ALTERNATE-SERVER
- 16. Security Considerations
- 16.1 Attacks against the Protocol
- 16.2 Attacks Affecting the Usage
- 16.3 Hash Agility Plan
- 17. IAB Considerations
- 18. IANA Considerations
- 18.1 STUN Methods Registry
- 18.2 STUN Attribute Registry
- 18.3 STUN Error Code Registry
- 18.4 STUN UDP and TCP Port Numbers
- 19. Changes since RFC 3489
- 20. Contributors
- 21. Acknowledgements
- 22. References
- 22.1 Normative References
- 22.2 Informative References
Appendices
Related Resources
- Official RFC: RFC 5389
- RFC DataTracker: RFC 5389 DataTracker
- Errata: RFC Editor Errata
- Obsoletes: RFC 3489
- Updated by: RFC 8489
- Related RFCs:
- RFC 5766 (TURN - Traversal Using Relays around NAT)
- RFC 8445 (ICE - Interactive Connectivity Establishment)
- RFC 8489 (STUN Updated Version)