The STUN (Session Traversal Utilities for NAT) protocol allows Network Address Translators [NATs]) clients—such as IP phones behind a firewall – to place calls to a VoIP provider located outside their local network.

A STUN server helps clients discover their public IP address, the type of NAT they’re behind, and the external port assigned by the NAT to a specific local port. This data is used to set up UDP communication between the client and the VoIP provider to establish the call. STUN is defined in RFC 8489.

STUN servers listen on UDP port 3478. They also prompt clients to run tests on alternate IP addresses and ports, as STUN servers typically have two IPs. The RFC clarifies that the specific ports and IPs used may vary.

The current version of STUN is defined in RFC 8489. It replaces RFC 5389, which had already introduced the name “Session Traversal Utilities for NAT.” Before that, the protocol was known as “Simple Traversal of UDP through NATs,” defined in RFC 3489, which became obsolete in October 2008.