CyberHive Connect system requirements¶
Requirements listed below relate to all versions and platforms unless otherwise noted.
Networking requirements¶
Requirement | Requirement | Why | Comments |
---|---|---|---|
1 | Out-bound UDP traffic and related in-bound responses must be allowed for all public addresses. | Connect uses protocols including STUN and TURN, in addition to the Connect protocol itself. | The STUN and TURN protocols use remote port 3478. The remote ports used for the Connect protocol are generally not known in advance, since they are determined by any NAT layer which is in use. We recommending allowing all remote ports. |
2 | Out-bound UDP traffic and related in-bound responses should be allowed for all LAN addresses. | Connect protocol can take advantage of LAN local connections to optimise the data path. | From release 3.6 this is optional due to improvements in how Connect detects LAN-based routes between endpoints. |
3 | Connect must be allowed to listen on a local port which may be random, or specifically configured, and have it routed through any firewall / NAT between Connect and the internet. | Connect uses a random listen port by default. It can be configured to use a specific port. In either case, the UDP traffic described in requirement #1 must be able to be reach the internet. | For details on how to configure a specific port, see documentation for Windows or Linux. |
4 | Connect must be able to perform DNS-over-HTTPS queries against 8.8.8.8, or be configured not to use DNS-over-HTTPS. | Connect uses secure DNS protocol by default. From release 3.6, Connect can be configured to use the default DNS of the host operating system instead. | For details on how to configure DNS settings, see documentation for Windows installation, Windows configuration or Linux. |
5 | Out-bound HTTPS traffic and related in-bound responses must be allowed for the Control Service on remote port 443, from any local unprivileged port. | Connect must be able to interact with the Control Service API. | The specific address of the Control Service is dependent on your Connect environment. For best results, the ability to maintain long-lived connections over HTTPS is recommended. |