On Tue, Apr 25, 2006 at 10:55:44PM +0200, Thomas King wrote: > On Monday 24 April 2006 21:18, Matthew Toseland wrote: > > On Fri, Apr 21, 2006 at 09:43:37PM +0100, Michael Rogers wrote: > > Right. We do need ARKs or something similar so that your other peers can > > learn your new IP address of course; that is well up the todo list. But if > > all your peers are on the same ISP and are NATted and the ISP recycles > > your IP every night, you're in trouble.
> Okay, but this is independent of STUN, isn't it? STUN would allow you to discover your IP address by talking to a DNS-provided STUN server, and is therefore a good idea, provided that loads of other apps also use STUN, and provided that it is generally available. UP&P has two main issues. One is that it is insecure on a LAN. The other is that Win XP SP2 blocks it. If it is nonetheless widely used, then we should support it as it can not only discover your IP but also forward the UDP port. > > > > UPnP, on the other hand, sounds useful - LimeWire contains a Java > > > implementation so that might be a good starting point. > > > > I believe there are UP&P implementations out there... the question is, > > is UP&P widely used and widely available? If so we should certainly > > support it. > I think a large share of the users are already using UPnP in their home > network to easily configure their NATs. However, I do not have a study to > give you exact figures. > I checked a few applications and at least Gaim, Ekiga, Windows-Messenger, > Emulemorph and PacPhone support UPnP (in addition, I think almost all P2P > tools support UPnP, e.g. BitTornado and Azureus). Hmm. Even though Win XP SP2 by default blocks it? > > I agree, UPnP may be a security risk in a few scenarios. However, I believe > it > would highly improve the usability of the software because a lot of users > experience problems using freenet behind a NAT. > What do you think about this approach: > STUN determines the type of internet connection used by the user. If the user > is behind a NAT she will be asked if she is at her home network or if she > uses an untrusted network. If the users tells us that she is at home we use > UPnP to configure her router, otherwise (and this will be default after a > short timeout) UPnP will not be used. STUN on its own would be a substantial improvement (obviously there needs to be an option to turn it off... possibly under an "advanced paranoid options" page in the installer). UP&P would be even better (especially for opennet, and people on dyndns who don't have a non-NATted peer), but we need to ask the user whether they are on an insecure LAN, and there remain nagging questions as to its viability if the only way to make it work is to ask the user to reconfigure the Windows Firewall to not block it. > > > > Cheers, > > > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060425/281a77a3/attachment.pgp>
