tools stun-client—Discover the local device's external IP address when that device is located behind a NAT device. This command obtains a port mapping for the device and optionally discovers properties about the Network Address Translator (NAT) between the local device and a server. This command is similar to a standard Linux stun, stunc, and stun-client commands.
Device discovery is done using the Session Traversal Utilities for NAT (STUN) protocol, which is defined in RFC 5389.
tools stun-client [options options] server (domain-name | ip-address) [port port-number] [vpn vpn-id]
tools stun-client help
- Command Help
Display all the command options.
- Command Options
- options options
See the Example Output below for a list of all the tools stun-client command options.
- Remote STUN Server
- server (domain-name | ip-address) [port port-number]
Remote server to attach to, and port to use to reach the server. The default port number for UDP and TCP is 3478.
- Specific VPN
- vpn vpn-id
Run the command in a specific VPN.
Default: VPN 0
The output is self explanatory.
Perform a generic basic binding STUN test against Googles STUN server:
vEdge# tools stun-client vpn 0 options "--mode basic stun.l.google.com 19302" stunclient --mode basic stun.l.google.com 19302 in VPN 0 Binding test: success Local address: 184.108.40.206:56485 Mapped address: 220.127.116.11:56485
Perform a full test to detect NAT type against Google's STUN server:
vEdge# tools stun-client vpn 0 options "--mode full stun.l.google.com 19302" stunclient --mode full stun.l.google.com 19302 in VPN 0 Binding test: success Local address: 18.104.22.168:33760 Mapped address: 22.214.171.124:33760 Behavior test: success Nat behavior: Direct Mapping Filtering test: success Nat filtering: Endpoint Independent Filtering
Perform a full NAT detection test using UDP source port 12346 (the default DTLS/IPsec port) against Google's STUN server:
vEdge# tools stun-client vpn 0 options "--mode full --localport 12346 stun.l.google.com 19302" stunclient --mode full --localport 12346 stun.l.google.com 19302 in VPN 0 Binding test: success Local address: 126.96.36.199:12346 Mapped address: 188.8.131.52:12346 Behavior test: success Nat behavior: Direct Mapping Filtering test: success Nat filtering: Endpoint Independent Filtering
Display help for the tools stun-client command:
Viptela# tools stun-client help ... The following options are supported: --mode MODE --localaddr INTERFACE --localport PORTNUMBER --family IPVERSION --protocol PROTO --verbosity LOGLEVEL --help --mode (basic | full) "basic" mode is the default and indicates that the client should perform a STUN binding test only. "full" mode indicates that the client should attempt to diagnose NAT behavior and filtering methodologies if the server supports this mode. The NAT filtering test is supported only for UDP. --localaddr INTERFACE or IPADDRESS Name of an interface (such as "eth0") or one of the available IP addresses assigned to a network interface present on the host. The interface chosen is the preferred address for sending and receiving responses with the remote server. The default is to let the system decide which address to send on and to listen for responses on all addresses (INADDR_ANY). --localport PORTNUM PORTNUM is a value between 1 to 65535. It is the UDP or TCP port that the primary and alternate interfaces listen on as the primary port for binding requests. If not specified, the system randomly chooses an available port. --family IPVERSION IPVERSION is either "4" or "6" to specify the usage of IPv4 or IPv6. The default value is "4". --protocol (udp | tcp) "udp" is the default. --verbosity LOGLEVEL Set the logging verbosity level. 0 is the default, for minimal output and logging). 1 shows slightly more, and 2 and higher show even more. EXAMPLES stunclient stunserver.org 3478 Perform a simple binding test request with the server, listening at "stunserver.org". stunclient --mode full --localport 9999 184.108.40.206 Perform a full set of UDP NAT behavior tests from local port 9999 to the server, listening at IP address 220.127.116.11 (port 3478). stunclient --protocol tcp stun.selbie.com Performs a simple binding test using TCP to server, listening on the default port of 3478 at stun.selbie.com.
Command introduced in Viptela Software Release 16.2.
See the Configuring Interfaces article for your software release.