TURN (Traversal Using Relays around NAT)

Networking intermediate

TURN is a protocol that relays traffic between two endpoints when direct peer-to-peer connectivity through NAT is not possible.

Summary

TURN (Traversal Using Relays around NAT) is a protocol defined in RFC 8656 that relays traffic between two endpoints when a direct peer-to-peer path cannot be established across NATs or firewalls.

What is TURN?

TURN extends STUN. While STUN only helps peers discover their public mapping so they can talk directly, TURN steps in when direct hole punching fails — for example because of symmetric NAT, carrier-grade NAT, or strict corporate firewalls. The TURN server allocates a public address on behalf of the client and forwards traffic to and from the peer on the other side.

A typical client tries multiple connection paths in parallel: direct host-to-host, direct via STUN-discovered public mappings, and finally relayed via TURN. Frameworks like ICE (Interactive Connectivity Establishment) automate this selection. Because TURN carries actual payload traffic, its servers are bandwidth-sensitive and benefit from being placed close to users.

TURN is widely used by WebRTC, SIP, and modern overlay networks such as WireGuard-based mesh VPNs. NetBird's bundled coturn is a popular open-source TURN/STUN implementation used by many products and self-hosted setups.

Why is TURN relevant?

  • Connectivity guarantee: Provides a fallback path even in the strictest NAT or firewall conditions
  • Encrypted relay: Forwards encrypted payload without decrypting it, preserving end-to-end protection
  • Production reliability: Removes "it works at home but not at the customer site" surprises
  • Open source: Robust implementations (notably coturn) are freely available
  • STUN: Companion protocol for direct hole punching; TURN takes over when STUN fails
  • NAT Traversal: Broader concept that TURN belongs to as a fallback strategy
  • Peer-to-Peer: Communication model that TURN keeps usable behind strict NATs
  • Mesh VPN: VPN topology where TURN ensures connectivity in restrictive networks

Similar Solutions

For Cloud & Infrastructure Teams

Cloud and infrastructure teams don’t deliver value because they run servers. They deliver value because systems are reliable, scalable, and secure. We work with cloud and infrastructure teams to design environments that meet business needs while enabling fast delivery. Our approach emphasizes practical automation, operational efficiency, and resilience.

Discover more

For Security & SOC Teams

Security teams don’t protect organizations because they issue reports. They protect organizations because vulnerabilities are managed continuously. We work with security and SOC teams to strengthen processes, proactively address risks, and align with compliance requirements. We focus on actionable practices, not theory.

Discover more

Related Terms

STUN (Session Traversal Utilities for NAT)

STUN is a protocol that lets a client discover the public IP address and port its NAT has mapped to an outbound connection.

Discover more

NAT Traversal

NAT traversal describes techniques that let two endpoints behind Network Address Translation devices establish a direct connection with each other.

Discover more

Peer-to-Peer (P2P)

Peer-to-peer (P2P) is a network model where nodes communicate directly with each other instead of routing all traffic through a central server.

Discover more

Mesh VPN

A mesh VPN is a VPN topology where every authorised client builds direct, encrypted peer-to-peer connections to every other client, with only identity and policy managed centrally.

Discover more

We are here for you

You are interested in our courses or you simply have a question that needs answering? You can contact us at anytime! We will do our best to answer all your questions.

Contact us