According to How Tailscale works and How NAT traversal works by Tailscale, they apparently have some advanced and open source methods for punching through NATs without UPnP and NAT-PMP including people stuck behind CG-NAT.
What do you think about the possibility of using those techniques to increase the number of clients able to get direct connections instead of relying on relaying?
We’re already using holepunching to establish TCP/UDP connections, if possible. The only real difference is that Tailscale is pulling a few more tricks to deal with Endpoint-Dependent NATs.
Would you happen to know where in the code this is implemented? I’m interested in learning more about how SyncThing transfers files without needing a firewall’s permission.
The technique is known as hole punching and is well-known in P2P applications to traverse various firewall and NAT implementations. Syncthing implements it for both TCP and UDP where applicable.
There’s not that much “special” code to implement hole punching (except for STUN maybe), it’s mostly based on the idea that two devices dial each other on the same ports at the same time.