Messages

1

Tutorials and FAQs / Re: Destiny 2 solution for multiple players on one network

« on: October 21, 2022, 05:02:38 pm »

I took the time to create rules for every single port and port range Bungie lists and the best I can get is Moderate Nat.  If I open all ports I can get Open Nat.  So there must be a port or port range that they are not listing. 

2

Tutorials and FAQs / Re: HOWTO - Routing Traffic over Private VPN

« on: October 20, 2022, 04:47:10 pm »

Hello everyone and thanks to you all and especially M4DM4NZ for getting this thread going years ago.  That said I do have a couple issues I'm still ironing out and I'm trying to really understand this.  The original How To said to create a rule for port 500.  Was that a thing back in 2018 because I can't see any reason why I would need this rule.  Any thought on that? 

Also Thank you

Hello,

i hope someone can explain me the implications / correct settings of the openvpn client configuration Don't pull routes and Dont add/remove routes

Every VPN Provider seems to have different settings here.

NordVPN
Don't pull routes               -> Unchecked
Dont add/remove routes    -> Checked

AirVPN
Don't pull routes               -> Checked
Dont add/remove routes    -> Unchecked

PIA
Don't pull routes               -> Unchecked
Dont add/remove routes    -> Unchecked

Can someone please help here?
Thx!

That is what really helped me get this going.  Nowhere is it mentioned that these settings are so important, but they are.  The VPN providers don't even seem to mention them.   

3

Tutorials and FAQs / Destiny 2 solution for multiple players on one network

« on: July 04, 2022, 06:25:56 pm »

Edit 10-20-2022.
The Below setup stopped providing Open NAT Since upgrading to 22.7.6
I got it working again, but with less than ideal circumstances.
You can still follow it.  I'll update it below.   

Maybe a solution for some with multiple players on the same Network while using UPnP and get Open NAT.

I'm using 22.1.9 (22.7.6 now)

So we've been struggling with this off and on for years. We switched from Xbox to PC and went from two players to now three players on the same network, so I needed to figure this out. To further complicate the issue we have 3 players but 5 machines now we could play from.

The Networking tips list a bunch of ports but not what they are for. It basically says I need to use UPNP if I have multiple people playing on one network, but it doesn't give the most important part of the information, which ports are needed for UPNP to work correctly so I may configure my network for the three players in our house, without opening every port for UPNP.

Also, open NAT would be nice. My Wife and I have been struggling through with the two of us on Strict NAT, and deal with all the errors and server disconnects, etc.

After many hours of research and good old fashion trial and error I made progress.

Bungie lists 3097-3196 as UDP destination ports. But I was finding that when I allowed my UPnP full access to all ports, it was favoring this range, albiet TCP not UDP. So I hypothesized that this must be the range they are using for their UPnP connectivity. As such, I went ahead and configured my UPnP to be allowed on 3097-3196. This solved part of the issue.

Still had strict NAT however. Then I thought about the "allow" part.

Bungie says which ports need to be open, but not which direction... Typically when one says they want open access to port 80 for example, they want internet access. Most firewalls will allow two-way com when you initiate the connection from behind the firewall, so open ports simply means port 80 is open. If it was closed, any com on the network would not be able to obtain internet. One would not typically want their port 80 open from the outside in, under any circumstance, if they care about security at all... 

UPnP Should allow two way communication, one would assume, as many do, that when you have allowed UPnP, as Bungie says you must do, to have more than one game running simultaneously, that this would provide the communication. This is why they say never to "assume" (-ass-u-me).

Bunige's UPnP does not seem to work bi-directionally. At least not for me on our network. Normally when we were using UPnP, there would be two ports open up, one in the 3000's range and another in some crazy 15 or 16,000 range (Which is not listed on their ports at all, BTW). This is why I figured we were still having a Strict NAT issue.

I added a rule to allow ports 3097-3196 coming in on my WAN to an Alias group I created for the "GamingMachines"

Edit: The ports 3097-3196 are no longer sufficient.  I have had not had time to pin down exactly which one are needed now.  So I allowed all to the Gaming Group.  This is obviously not secure.  So I only enable the rule when we are playing.     

That, in addition to the UPnP permission "allow 3097-3196 192.168.x.x/YOURcidr 3097-3196"

Now, I have three machines online, no error codes, Open NAT. BINGO... Bungo.

Edit: You will also need to add a NAT Outbound Rule.
Source alias For GamingGroup. Source and Destination tcp/udp. any. Make it Static. 

So in closing, I think (assume, cough cough) that Bungie is using 3097-3196 as the range for their UPnP. I have not found this information anywhere as fact, all I can say is that so far after hours of testing on 5 machines. I almost always get 3097,3098 and 3099 as my UPnP ports when I start three players at once time. That port shows as being connected on my firewall for both incoming and outgoing. And, since I'm using an alias, I have the added benefit of not advertising those ports on the internet as being open on my network. All ports scan as stealth.

Hopefully this helps someone else out out there.

Your welcome.

4

21.7 Legacy Series / Re: Simple FTP access

« on: January 17, 2022, 07:29:02 pm »

NO, it didn't have anything to do with the ISP.  I just didn't have the rules correct.  Well, on the OPNsense side.  On the other side it was a Fortigate device causing some issues.  They have something they call Session Helpers, and the FTP session helper was helping it not work correctly.  Once I deleted all the old rules and the proxy and set up simple port forwarding, it worked like a champ.   

5

21.7 Legacy Series / Re: Simple FTP access

« on: January 14, 2022, 11:16:16 pm »

I guess the answer was to go back to basics. 

NO FTP Proxy, We ain't got time for that.   

Simple WAN ports forwards for the FTP port and the Communication ports range. to the local IP of my FTP server. 

Easy Peasy. 

6

21.7 Legacy Series / Simple FTP access

« on: January 14, 2022, 07:36:52 pm »

I've tried so many things I'm not even sure what planet I'm on anymore.  Can someone help bring me back to earth?  I'm trying to get an FTP server to work from behind my OPNsense.  A simple FileZilla server on a Windows machine on my LAN.  At this point I don't care if it's secured or plain old FTP.  I've tried with and without the FTP proxy.  Can someone walk me through all the rules one would normally setup.  Treat it as is I'm brand new to OPNsense, call me names if you like, IDC.  Passive is fine, probably easier, I would think. 

7

General Discussion / Re: grouping host names and protocols for firewall rules

« on: December 20, 2020, 06:03:49 am »

I agree, it would be nice to create an alias to group protocols