What Is a STUN Server?

STUN servers help your browser discover its public IP address, which is essential for establishing peer-to-peer WebRTC video connections.

A STUN (Session Traversal Utilities for NAT) server helps your browser discover its public IP address so it can establish peer-to-peer video connections with other users. It's a critical piece of the WebRTC infrastructure that makes browser-based video chat possible.

Why STUN Servers Are Needed

Most internet users sit behind a router (NAT — Network Address Translation). Your device has a local IP address (like 192.168.1.5), but the outside internet sees your router's public IP address. The problem: your browser doesn't inherently know what its public IP address is.

For two browsers to establish a direct peer-to-peer connection (as required for WebRTC video chat), both need to know their own public addresses so they can tell the other peer where to send data. This is where STUN servers come in.

How STUN Works

The process is surprisingly simple:

  1. Your browser sends a request to the STUN server — "What's my public IP address?"
  2. The STUN server looks at the incoming packet and sees the public IP address and port that the router assigned
  3. The STUN server responds — "You appear to be at [public IP]:[port]"
  4. Your browser now knows its public address and can share it with the other peer through the signaling server

Think of it like calling a friend and asking "What number am I calling from?" — you might not know your own public phone number, but the person you call can see it on their caller ID.

STUN in the WebRTC Flow

In a random video chat session on platforms like Glimr:

  1. You click "Start" and get matched with someone
  2. Both browsers query a STUN server to discover their public addresses
  3. These addresses become ICE candidates — potential connection paths
  4. Browsers exchange candidates through the platform's signaling server
  5. Browsers attempt to connect directly using the discovered addresses
  6. If successful, video flows peer-to-peer

STUN Server Limitations

STUN works for the majority of users (roughly 80-90%), but it fails when a user is behind a symmetric NAT. Symmetric NAT assigns different public ports for different destinations, meaning the port STUN discovered doesn't work for connecting to the peer.

When STUN fails, the system falls back to a TURN server, which relays the connection through an intermediary. This is part of the ICE (Interactive Connectivity Establishment) framework — try direct connection first, fall back to relay if needed.

Public STUN Servers

STUN servers are lightweight and free to operate. Google provides widely-used public STUN servers:

  • stun:stun.l.google.com:19302
  • stun:stun1.l.google.com:19302

These handle millions of STUN queries daily and are used by countless WebRTC applications. Most random video chat platforms use these or similar public STUN servers.

STUN vs TURN

| Feature | STUN | TURN | |---------|------|------| | Purpose | Discover public IP | Relay media when direct connection fails | | Data path | Direct peer-to-peer after discovery | Media routed through TURN server | | Bandwidth cost | Minimal (small request/response) | High (all media passes through) | | Success rate | ~80-90% of users | ~100% (fallback for remaining users) | | Latency impact | None (just discovery) | Added latency from relay hop |

Both STUN and TURN are essential components of reliable WebRTC video chat. STUN handles the common case cheaply; TURN handles the edge cases that STUN can't solve.

Definition

Session Traversal Utilities for NAT — a server that helps devices behind NAT (routers) discover their public IP address and port, enabling peer-to-peer connections.

Category: Technology