UDP hole punching support in Bifrost

[UkolovaOlga]


Proposed initially by @prdn



Description



UDP hole punching protocol allows you to bypass the firewalls, and open port connections from behind - like in home environment or behind ISPs firewalls. The protocol is used by many projects, for example, in case you have a Rapsberry Pi at home and you would like to set up a bitcoin or any other nodes on it, you can use the technology to do that. 


This is important since RGB and other LNP/BP projects that require P2P communications outside of LN node connectivity, will leverage the Lightning Network protocol instead of building its custom P2P one. We are planing to use BOLT-8 and BOLT-1 for transfer, framing, authentication and other layers; it’s important to note that they will be used outside of the Lightning Network scope, with different port numbers. In this regard, it will be important to make a self-hosted RGB server used by RGB wallet accessible for cases when you have a home node on Rapsberry Pi. And that is where UDP hole punching can be useful.

Question to address


We need to understand more about the technology and whether it can be combined with Tor: are they complimentary or the problem is already solved by Tor itself?



[Kixunil]

I know a bit about this topic, tried it a few years ago. I'm going to compare it to Tor:

• UDP hole punching was specifically designed to bypass NAT and some stupid firewalls (inteligent firewalls could conceivably detect it), Tor hidden services were specifically designed for anonymity, so bypassing NAT/firewalls seems to be a coincidence rather than primary intention.
• A node using UDP hole punching is not anonymous
• Communication using UDP hole punching is not slowed down as much as Tor. I don't remember the specifics, but the UDP packet headers should be the only overhead.
• UDP hole punching does not provide any encryption or authentication on its own, Tor does.

To say it differently, if both features were implemented with some scheme to encrypt UDP traffic, then the guidelines for node operators would say this:

• Use UDP hole punching if you don't care about anonymity and need speed
• Use Tor if you require anonymity and don't need speed
• If you need both anonymity and speed, you're out of luck

[St333p]

So if I understand correctly UDP hole punching would make sense in the context of a node (say raspberry) talking to a client (say android smartphone) while both are in a home network?!? In this case no anonymity required and speed is very well appreciated.

Then I can see it might make sense to have it implemented, although I agree with the general statement that I heard a few times during the call: "we use Tor if we can".

[Kixunil]

@St333p hole punching isn't needed at all if both devices are in the same network.

[St333p]

Never mind, you're right. Sorry for the dumb comment.

[Kixunil]

No problem. :)

[dr-orlovsky]

@Kixunil am I correct that you can't use UDP with Tor (without some wired stuff)? If yes, in cases when you need UDP with NAT/firewall passing and do not need anonymity for your IP, you will benefit from UDP hole punching

[Kixunil]

According to https://www.whonix.org/wiki/Transporting_UDP_Tunnels_over_Tor UDP over Tor is not natively possible and even with VPN tricks it greatly degrades performance.

Correct, UDP hole punching is useful for people who don't need anonymity and need to bypass NAT/firewall.

FWIW these two are not related, they just happen to be used for bypassing NATs.