I want to perform the fastest possible TCP based file transfer between two machines sitting behind two different NATs, in a situation where a public port cannot be redirected to any of the two machines (local policies).
So far I could: 1) Set up a VPN with a central public node acting as relay (OpenVPN), 2) Set up a mesh VPN to get a direct link between both machines without relay (tinc). The VPN can then be used seamlessly to perform data transfer through whatever third party file transfer client/server (as if both machines where on the same LAN).
The line between the two machines is quite unstable and a single TCP stream typically only achieves a tiny fraction of the available bandwidth. Additionally encapsulating TCP over TCP induces extra overhead and is notoriously inefficient for unstable lines. I would hence like to establish a direct (no relay) and native traffic link (no VPN encapsulation) between the two machines. A natural choice is the STUN framework but I came to the conclusion that to interact with a public STUN server and achieve NAT traversal an application must be compiled with ad-hoc STUN libraries, and rely on STUN specific sockets instead of regular sockets. This basically means that every new set of STUN enabled client/server applications need to be written from scratch.
To simplify the process I am wondering whether it would be possible to implement a generic STUN client that would basically run as a daemon on both machines. The clients would connect to a public STUN server to register and query information on other clients. They would also redirect all the outgoing traffic from a local monitored port to the correct IP/port (user configuration + STUN server information) to reach the other machine. This could allow any third party client/server application to seamlessly open regular TCP sockets (possibly several) and establish a connection with the other machine (as if it was on the same LAN).