What is TURN?
TURN (Traversal Using Relays around NAT) is a protocol that assists in traversing Network Address Translators (NATs) or firewalls in order to facilitate peer-to-peer communications. It is an extension of the STUN (Session Traversal Utilities for NAT) protocol and is defined in RFC 8656 ↗.
Just like you would use a web browser or cURL to use the HTTP protocol, you need to use a tool or a library to use TURN protocol in your application.
Most users of TURN will use it as part of a WebRTC library, such as the one in their browser or part of Pion ↗, webrtc-rs ↗ or libwebrtc ↗.
You can use TURN directly in your application too. Pion ↗ offers a TURN client library in Golang, so does webrtc-rs ↗ in Rust.
-
NAT (Network Address Translation): A method used by routers to map multiple private IP addresses to a single public IP address. This is commonly done by home internet routers so multiple computers in the same network can share a single public IP address.
-
TURN Server: A relay server that acts as an intermediary for traffic between clients behind NATs. Cloudflare Calls TURN service is a example of a TURN server.
-
TURN Client: An application or device that uses the TURN protocol to communicate through a TURN server. This is your application. It can be a web application using the WebRTC APIs or a native application running on mobile or desktop.
-
Allocation: When a TURN server creates an allocation, the TURN server reserves an IP and a port unique to that client.
-
Relayed Transport Address: The IP address and port reserved on the TURN server that others on the Internet can use to send data to the TURN client.
- A TURN client sends an Allocate request to a TURN server.
- The TURN server creates an allocation and returns a relayed transport address to the client.
- The client can then give this relayed address to its peers.
- When a peer sends data to the relayed address, the TURN server forwards it to the client.
- When the client wants to send data to a peer, it sends it through the TURN server, which then forwards it to the peer.
TURN works similar to a VPN (Virtual Private Network). However TURN servers and VPNs serve different purposes and operate in distinct ways.
A VPN is a general-purpose tool that encrypts all internet traffic from a device, routing it through a VPN server to enhance privacy, security, and anonymity. It operates at the network layer, affects all internet activities, and is often used to bypass geographical restrictions or secure connections on public Wi-Fi.
A TURN server is a specialized tool used by specific applications, particularly for real-time communication. It operates at the application layer, only affecting traffic for applications that use it, and serves as a relay to traverse NATs and firewalls when direct connections between peers are not possible. While a VPN impacts overall internet speed and provides anonymity, a TURN server only affects the performance of specific applications using it.
TURN is often valuable in scenarios where direct peer-to-peer communication is impossible due to NAT or firewall restrictions. Here are some key benefits:
-
NAT Traversal: TURN provides a way to establish connections between peers that are both behind NATs, which would otherwise be challenging or impossible.
-
Firewall Bypassing: In environments with strict firewall policies, TURN can enable communication that would otherwise be blocked.
-
Consistent Connectivity: TURN offers a reliable fallback method when direct or NAT-assisted connections fail.
-
Privacy: By relaying traffic through a TURN server, the actual IP addresses of the communicating parties can be hidden from each other.
-
VoIP and Video Conferencing: TURN is crucial for applications like Voice over IP (VoIP) and video conferencing, ensuring reliable connections regardless of network configuration.
-
Online Gaming: TURN can help online games establish peer-to-peer connections between players behind different types of NATs.
-
IoT Device Communication: Internet of Things (IoT) devices can use TURN to communicate when they’re behind NATs or firewalls.