The server then relays each client's information to the other, and using that information each client tries to establish direct connection; as a result of the connections using valid port numbers, restrictive firewalls or routers accept and forward the incoming packets on each side.
Networked devices with public or globally accessible IP addresses can create connections between one another easily.
The new connection attempt punches a hole in the client's firewall as the endpoint now becomes open to receive a response from its peer.
Successful exchange of an authentication nonce between both clients indicates the completion of a hole punching procedure.
Until the connection is closed, the client and server communicate through the public endpoint, and the firewall directs traffic appropriately.