Mastering NAT Traversal: STUN, TURN, and ICE Explained
The Internet was built for Public IPs
But we ran out of IPv4 addresses. So we invented NAT (Network Address Translation). Now, your laptop thinks its IP is 192.168.1.5, but the internet sees 203.0.113.55.
VoIP embeds IP addresses in the data packet (SDP). If your phone says "Send audio to 192.168.1.5", the other side will fail, because that IP is private.
STUN (Session Traversal Utilities for NAT)
STUN is simply a server on the public internet. Your phone sends a packet to it asking: "What IP address do you see me coming from?"
The STUN server replies: "You look like 203.0.113.55:4050". Your phone then puts that public IP in the SDP. Problem solved... usually.
TURN (Traversal Using Relays around NAT)
STUN fails on Symmetric NATs (common in corporate firewalls). If the firewall changes the port for every different destination, simply knowing your public IP isn't enough.
TURN is a relay. If two devices can't talk directly, they both connect to the TURN server, which acts as a middleman passing the data. It adds latency and costs bandwidth, but it always works.
ICE (Interactive Connectivity Establishment)
ICE is the master algorithm. It doesn't guess. It gathers all possible addresses (Local IP, STUN IP, TURN IP) and tests them all against the other peer. It then picks the best one that works.
Summary
If you are building a reliable VoIP app, you must implement ICE with a properly configured TURN server. Relying on STUN alone will fail for ~15% of users (mostly enterprise).