The built-in NAT Traversal "Punched Hole" explanation

[ercole77]

Hi all
a newbie question: i've set my Softether VPN server in a NAT traversal configuration, so i didnt forward any port.
VPN client connects without any problem and its working great, anyway i have some question about security:

- Is punched hole using an intermediary server to work?
- What is this server?
- What are possible security implications about this server used as intermediary?

Thank you very much for your replies

[cedar]

- Is punched hole using an intermediary server to work?

Yes

- What is this server?

It is a dedicated Web service to synchronize the transmission of UDP packets.
The service is operated by SoftEther corp. in Japan.

- What are possible security implications about this server used as intermediary?

SoftEther corp. can know which client is trying to connect to which server.
Services other than VPN Azure and VPN Gate don't leak communication contents to SoftEther corp.
SoftEther corp. may submit logs in response to a request from a judicial agency.

[ercole77]

Hi Cedar
thank you very much for your kind explanation.
My concerns are about possible data leaks or intrusion using the punching hole through the firewall.

[cedar]

If the firewall is not prohibiting access from the LAN to the Internet like a web access, there is a possibility of leakage of information irrespective of UDP hole punching.