Gabriel uses Relay Servers when both peers are behind Network Address Translation (NAT) firewalls. This is necessary because NAT firewall prevent direct socket connections from the outside to the inside. In this case a Relay Server is used to accept a connection from each peer. Once the connections are established, all data read by the Relay Server is forwarded to the other peer. Encryption/decryption keys ARE NOT available to the Relay Server at any time and never leave the two peers. Therefore, Gabriel Relay Servers never have access to user data.
When available, Gabriel creates direct UDP connections between the peers, which bypass the Relay Server. This is done by using methods known as STUN to identify if the NAT devices can support direct UDP transport. By looking at the VPN details you will see if your connections have been able to use UDP direct, which is indicated by a true value.
