It's completely impossible if you simply don't have the necessary access. Not everybody can administer all firewalls upstream from them.

Nor can everyone control whether their connection supports v6, unfortunately.

▲

digiown 2 hours ago | parent [-]

Hole punching is a thing. Ports are not normally completely blocked. They allow replies, which can be exploited to do make a connection. Obviously this requires an out of band signaling mechanism. Tailscale does this, so does WebRTC, iirc.

See: https://tailscale.com/blog/how-nat-traversal-works

	▲	lxgr 2 hours ago \| parent [-]
		Yes, but I don't believe all firewalls support that, especially for TCP, and as you've mentioned, now you also need to maintain a handshaking mechanism. The complexity makes sense if you need to transport a lot of data peer-to-peer or the lowest possible latency, but if you don't, you might as well use that coordination server (which outbound-only clients are connecting to) for payload communication as well.