STUN or "whatever" server with GenieACS

Might this be related to this part from the spec:

The ACS MUST send UDP Connection Request messages from the same source IP address and port as the STUN server.

Check out this thread for some context: https://github.com/genieacs/genieacs/pull/217

So as far as I can tell, you have two options:

1- Install the STUN service the same server where Genie is installed and configure Genie to bind to the same source port as the STUN service. To allow two processes to bind to the same port you need your STUN software to support SO_REUSEADDR. To configure the source port that Genie binds to, use the config ‘cwmp.udpConnectionRequestPort’ v1.2 or ‘UDP_CONNECTION_REQUEST_PORT’ in v1.1.

2- Use this particular STUN server implementation: STUN Client and Server download | SourceForge.net. This implements a special relay feature (the ‘-m’ flag) that I haven’t seen implemented elsewhere. With this it’s not necessary for STUN and Genie to be on the same server (and none of that port reuse business). But as jselbie commented in the thread linked above, it’s prone to DOS attacks.

3 Likes