Maybe success rates are higher with UDP – I don’t know. But it certainly works to hole punch with TCP as well. If you’re lucky you can even run into a rare condition called ”TCP simultaneous open”, where both sides believe they are the dialer.

▲

embedding-shape 21 hours ago | parent | next [-]

> where both sides believe they are the dialer.

First time I've heard about this, and went looking for more. Came across https://news.ycombinator.com/item?id=5969030 (95 points - July 1, 2013 - 49 comments) that had bunch of background info + useful discussions.

▲

api 21 hours ago | parent | prev [-]

It can be done, but it's less reliable and also requires the ability to forge packets that is not allowed on all platforms. So it's hard to use in any production application if you want it to run in user space, on Windows, or on mobile.

	▲	klabb3 18 hours ago \| parent [-]
		No I don’t think it does. But I am using it in user space[1] successfully with no packet forging. I believe the outbound attempt (SYN) creates a mapping, and even if that conn is blocked on the other end, the inbound conn (SYN but in the other direction) is allowed. Again, maybe packet forging is needed for some routers/middleboxes/firewalls, since careful inspection would show that the conns are technically independent. If you have any details about this, please let me know! (Networking is difficult to test.) 1: https://payload.app/