Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

tools stun-client

tools stun-client—Discover the local device's external IP address when that device is located behind a NAT device. This command obtains a port mapping for the device and optionally discovers properties about the Network Address Translator (NAT) between the local device and a server. This command is similar to a standard Linux stun, stunc, and stun-client commands.

Device discovery is done using the Session Traversal Utilities for NAT (STUN) protocol, which is defined in RFC 5389.

Command Syntax

tools stun-client [options options] server (domain-name | ip-address) [port port-number] [vpn vpn-id]
tools stun-client help

Options

Command Help
help
Display all the command options.
Command Options
options options
See the Example Output below for a list of all the tools stun-client command options.
Remote STUN Server
server (domain-name | ip-address) [port port-number]
Remote server to attach to, and port to use to reach the server. The default port number for UDP and TCP is 3478.
Specific VPN
vpn vpn-id
Run the command in a specific VPN.
Default: VPN 0

Output Fields

The output is self explanatory.

Example Output

Perform a generic basic binding STUN test against Googles STUN server:

vEdge# tools stun-client vpn 0 options "--mode basic stun.l.google.com 19302"
stunclient --mode basic stun.l.google.com 19302 in VPN 0
Binding test: success
Local address: 50.247.64.109:56485
Mapped address: 50.247.64.109:56485

Perform a full test to detect NAT type against Google's STUN server:

vEdge# tools stun-client vpn 0 options "--mode full stun.l.google.com 19302"
stunclient --mode full stun.l.google.com 19302 in VPN 0
Binding test: success
Local address: 50.247.64.109:33760
Mapped address: 50.247.64.109:33760
Behavior test: success
Nat behavior: Direct Mapping
Filtering test: success
Nat filtering: Endpoint Independent Filtering

Perform a full NAT detection test using UDP source port 12346 (the default DTLS/IPsec port) against Google's STUN server:

vEdge# tools stun-client vpn 0 options "--mode full --localport 12346 stun.l.google.com 19302"
stunclient --mode full --localport 12346 stun.l.google.com 19302 in VPN 0
Binding test: success
Local address: 50.247.64.109:12346
Mapped address: 50.247.64.109:12346
Behavior test: success
Nat behavior: Direct Mapping
Filtering test: success
Nat filtering: Endpoint Independent Filtering

Display help for the tools stun-client command:

Viptela# tools stun-client help
...
The following options are supported:
    --mode MODE
    --localaddr INTERFACE
    --localport PORTNUMBER
    --family IPVERSION
    --protocol PROTO
    --verbosity LOGLEVEL
    --help

--mode (basic | full)
"basic" mode is the default and indicates that the client should perform a STUN binding test
only. "full" mode indicates that the client should attempt to diagnose NAT behavior and
filtering methodologies if the server supports this mode. The NAT filtering test is supported
only for UDP.

--localaddr INTERFACE or IPADDRESS
Name of an interface (such as "eth0") or one of the available IP addresses assigned to a
network interface present on the host. The interface chosen is the preferred address for
sending and receiving responses with the remote server. The default is to let the system decide
which address to send on and to listen for responses on all addresses (INADDR_ANY).

--localport PORTNUM
PORTNUM is a value between 1 to 65535. It is the UDP or TCP port that the primary and
alternate interfaces listen on as the primary port for binding requests. If not specified, the
system randomly chooses an available port.

--family IPVERSION
IPVERSION is either "4" or "6" to specify the usage of IPv4 or IPv6. The default value is "4".

--protocol (udp | tcp)
"udp" is the default.

--verbosity LOGLEVEL
Set the logging verbosity level. 0 is the default, for minimal output and logging). 1 shows
slightly more, and 2 and higher show even more.

EXAMPLES

stunclient stunserver.org 3478
    Perform a simple binding test request with the server, listening at "stunserver.org".

stunclient --mode full --localport 9999 12.34.56.78
    Perform a full set of UDP NAT behavior tests from local port 9999 to the server, listening
    at IP address 12.34.56.78 (port 3478).

stunclient --protocol tcp stun.selbie.com
    Performs a simple binding test using TCP to server, listening on the default port of 3478
    at stun.selbie.com.

Release Information

Command introduced in Viptela Software Release 16.2.

Additional Information

See the Configuring Interfaces article for your software release.

  • Was this article helpful?