Creating a Tcp connection for clients behind NAT

It doesn't make much of a difference if you want to connect via a TURN relay server. The only difference is how TCP and UDP make the connection and nothing else.

There are a few big differences if you want to make a P2P connection.

If you are in the same network (same for the NAT): . In UDP, you send an unbind request to your peer candidate and then if you get a response then you know you are connected. The same in TCP you need to create one active socket on one side and one passive socket on the other. Then send syn from the active socket and receive it from the passive socket and then send syn ack on the active socket. And then the active socket sends an ack and the connection is established.

If you are on different networks (behind different NATs): You must use TCP punching technology to connect. Because your NAT will not allow TCP syn packet unless the packet was previously sent to the address from which the sync is coming.

TCP hole punching in detail:

You must use a concurrent open TCP socket. This socket operates in both active and passive modes. Both ends need to know each other as private and public IP: Port. Simultaneous TCP open occurs as follows:

1) Peer A sends SYN to peer Peer B continues to send SYN to Peer A

2) When NAT receives an outgoing SYN from Peer A, it creates a mapping in its state machine. When NAT-b receives an outbound SYN from Peer B, it creates a mapping on its destination computer.

3) Both SYNs intersect somewhere along the network path and then:

SYN from Peer A reaches NAT-b, SYN from Peer B reaches NAT-a Depending on the timing of these events (where SYN crosses the network), at least one of the NATs will pass the incoming SYN and map it to the internal target node

4) After receiving the SYN, the peer sends a SYN + ACK back and the connection is established.

From WIKI .

Also, to learn about opening a TCP connection at the same time, read here . To learn about NAT filtering behavior see this answer .