Glossary entry

STUN

Session Traversal Utilities for NAT

In a nutshell

A lightweight protocol that lets a peer behind a NAT discover its own public IP address, so it can advertise that address to the other side of a WebRTC call.

STUN is a single-purpose protocol: a peer sends a STUN request to a public server, and the server replies with whatever IP address and port the request came from. That reflected address is the peer's public mapping, and it's the one the other peer needs to know in order to connect.

STUN solves the most common case — a peer behind a single, well-behaved NAT — at almost no cost. The server doesn't carry media, it doesn't carry signaling, it just answers a small UDP packet with a small UDP packet. Public STUN servers run by Google and Cloudflare are free to use, which is why almost every WebRTC tutorial assumes you have one.

What STUN doesn't solve is symmetric NAT, where the public mapping changes depending on the destination. Two peers behind symmetric NATs can't connect directly even after STUN, which is why every production WebRTC stack also configures a TURN server as a fallback.

Where this term comes up

Engineering15 min read

WebRTC Architecture Explained for Beginners: SDP, ICE, STUN/TURN, and Signaling

A beginner-friendly engineering deep-dive into WebRTC — how video calling actually works under the hood, what SDP and ICE do, why you need a signaling server even though it's peer-to-peer, and the seven production mistakes that quietly break video apps.

Read article

Related terms

ICETURNWebRTC

Previous

State vector

Next

Tombstone

Browse the full glossary

19 terms covering CRDTs, WebRTC, JWTs, and the rest of the catalogue.

All glossary entries →