Messages

Thanks besalope,

I finally managed to list all 4 game servers.
The last things I had to do was to change a few configuration settings.

In Xonotic:
sv_public 1

In UT2K4:
UplinkToGamespy=True

Now I am ready to add more game servers.

Closing this case

Thanks besalope,

These are the solutions I was looking for and it solved 3 out of 4 listing issues.
Warsow (arena.sh), Xonotic (arena.sh) and UrT (urbanterror.info) are now listed like they are supposed to be.

I only have problems with UT2K4 (gametracker.com).
I still cannot add UT2K4 to GT (GT could not scan the server).
Whitelisting the GT servers didn't work either.

I followed your instructions and I am using the rules like you mentioned in all 4 cases.
I do not use a FW in the Proxmox LXC's.

Please advice.

Thank you all for responding and investigating my earlier posts.
I initially gave up all hope to solve this, but now I have some new information that I can try.
I don't understand everything that you guys posted, but I will do my best to follow your instructions as soon as I find the time.
I think I will ask for guidance from someone who has more knowledge about OPNsense, because I think that might help.
For now I am grateful for your detailed assistance and I will keep you posted on my progress.

The problems are still not solved and I would like some feedback to at least point me in the right direction before the end of the year.

Thanks for responding.

The problem was a plugin that used an old Web GUI TLS certificate was deleted but still had it's hooks in the certificate, so the certificate could not be removed.
After reinstalling the plugin and removing it's hooks I was able to remove the old certificate.
Then I uninstalled the plugin again.

This solved the problem and it didn't return in the last 8 1/2 days.

I don't know if you can call this progress, but something has changed.
According to arena.sh my Warsow server is online, but -Xonotic still isn't.
Neither is Urban Terror according to urbanterror.info.

All game servers (besides UT2K4) are still not listed in the in-game server listings.
Not sure what the difference is or what the reason is for this to happen.
I already contacted arena.sh, but I got no response.

Please advice.

At the Urban Terror support they confirmed that my configuration files are not the problem.
They ran a server with them and it got listed, so the problem is probably Proxmox or more likely OPNsense.

Please advice

Even after a new certificate has been generated with "2) Set interface IP address" the problem has returned.

@newsense

Code Select Expand

# configctl webgui restart renew
error in configd communication, see syslog for details
No idea how to continue troubleshooting because I don't understand how to open the syslog and no errors are reported in System - Log Files - Web GUI.

@franco
Not sure what browser console errors you would like to see, because I have no idea what you are talking about.

Thanks for responding.
I checked the logs for errors and I think I might have found a reason why this is happening.

This OPNsense box is second hand and the person who installed it for me forgot that the self signed "Web GUI SSL certificate" needed to be renewed, because it is valid until 2019.
I could try to do this myself, but he blamed me for screwing this up, so I leave it as it is for him to find out.
The only problem I have is that he hardly has time for me so maybe this weekend it will be solved.

OPNsense 24.7.8-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15

Hi all,

Since a few days I encountered the problem that the Dashboard is sometimes not loading (see attachment).
It's a dedicated OPNsense box and the problem started a few days after the latest firmware updates where installed.
The only temporary solution I could figure out is to reboot my Win10 workstation.

I attempted to solve it by restoring several older backups and manually changing all the updates required to restore it back to the latest state.
I did reinstall the updates and didn't test it without them.
Just clearing the cache and restarting the browsers does not solve the problem.

The problem starts after waiting a while and also occurs in other browsers.
It looks like the box still functions when this happens, but I am wondering what happens exactly.
Is this a known issue and could it be related to the latest firmware updates ... ?!?

Please advice,

Mister J.

Thanks Patrick and axsdenied,

I have been experimenting with UPnP and Hybrid outbound NAT, but it didn't solve my issue.
First of all my game servers are older games and do not support UPnP, but it was worth investigating because it was another way of looking at my problem.
I confirmed this by checking if any new connected sessions where created in the status of UPnP and there where none.

If you have any other suggestions than they are welcome.

In Dutch we have a saying ... "van het kastje naar de muur" ... roughly translated it means something like "being sent from one unhelpful person to the next".

I already posted this issue in several other (game)forums and no one seems to get the grasp of it.
All I did was follow the advice given to me by so called specialists, with the intent of simplifying things, but according to your reply I should go back to the drawing board because I did the opposite.

I can't be sure, but according to my knowledge the problem is with OPNsense, so I hope that there is someone else in this forum who is willing and able to at least point me in the right direction.
Sure thing is that I need to learn a lot, but all I read in your answer is that you don't have a clue either.

I am not sure but I have a gut feeling that I am getting closer to the cause of  the problem.
That's all I have because I lack the experience that some of you guys and girls have.
Let me explain why ...

I locally opened 2 Putty windows and connected to my UT2K4 container.
In the first window I started this command:

Code Select Expand

[root@UT2K4 ~]# nc -u -l 7787
In the second window I did this command:

Code Select Expand

[root@UT2K4 ~]# echo "test packet" | nc -u 127.0.0.1 7787
The result was that in the first window the message appeared:

Code Select Expand

[root@UT2K4 ~]# nc -u -l 7787
test packet

Don't ask me why but I needed to make a VPN connection from my laptop to test the following:
In the first window I started this command:

Code Select Expand

[root@UT2K4 ~]# nc -u -l 7787
In the second window I did this command:

Code Select Expand

[root@UT2K4 ~]# echo "test packet" | nc -u 192.168.100.142 7787
The result was that in the first window the message appeared:

Code Select Expand

[root@UT2K4 ~]# nc -u -l 7787
test packet

So far so good, but what I actually need is to test this from outside of my LAN to confirm that UDP packages get a proper response too, but I can't seem to figure it out on my own.
I tried to open port 22 temporary on my WAN to be able to access my network from the WAN, but for unknown reasons this failed.

What I want to achieve is this:
In the first window (LAN) start this command:

Code Select Expand

[root@UT2K4 ~]# nc -u -l 7787
In the second window (WAN) run this command:

Code Select Expand

[root ~]# echo "test packet" | nc -u <WAN ip> 7787
The successful result would be that in the first window the message appears:

Code Select Expand

[root@UT2K4 ~]# nc -u -l 7787
test packet

Now going back to my gut feeling.
I suspect that from the WAN it does not get a proper response, what would explain why all my game servers have the problem of being able to connect to the master servers, but the master servers are unable to connect to my game servers, because they don't get a response back when connecting from the WAN.

If this logic is correct than how do I enable this with OPNsense ... ?!?
Could it be solved by some outgoing rules, or maybe with some advanced settings ... ?!?
Or maybe this is a bug that no one thought of before ... ?!?

Please advice or at least confirm or deny my logic.

PS.
Don't tell me that I am trying out stuff without having a basis for doing so, because doing nothing is not an option and this forum doesn't really give me a high number of feedback.

Thanks for responding crankygamer,

I get this message from GameTracker for UT2K4:

One of the following suggestions may help you:

• Your server is currently offline. (False, I can ping and connect from the LAN & WAN with an ip.)
      GameTracker needs your server to be online before you can add it to our database. Please restart your server and make sure it's up before hitting ADD SERVER again.
• You entered the wrong query port. (False, I used the default port 7787, but also tested the others.)
      Please update your query port and hit scan again
• Your server is firewalled. (Not by the default rules, see pictures below.)
      Please turn off any firewall you have that may block scanning or whitelist the gametracker scanning IP addresses:
      149.28.43.230
      45.77.96.90
      108.61.78.150
      108.61.78.149

I also saw this line in the live log (in green) when pressing the Add Server button:

Code Select Expand

Interface Time             Source          Destination         Proto        Label
LAN 2024-10-27T17:02:49 45.77.96.90:60840 192.168.100.142:7787 udp let out anything from firewall host itself
See: Packet Capture

This confirms that GameTracker is scanning on the correct port, but there's no indication of a response packet from my server back to 45.77.96.90.
I suspect that there is a rule missing and I confirmed in the live log that it is not blocked/dropped.
I Whitelisted all of the other UT2K4 master servers (source- & destination port = any), but that still didn't solve the problem.
White listing the master servers for the other games also didn't help.

These are my current rules:

• Portforward rules
• WAN rules
• LAN rules
• Automatically generated rules

Btw ... these rules where checked by a friend who has 35+ years of experience with OPNsense, but hardly has the time to help me.
And I have been running these game servers for the last 20+ years.
He doesn't know much about game servers and I don't know much about OPNsense, so I have no choice then trying out stuff that may not sound logical to you.

I checked the live log and there are a lot of denials, but not from the master servers.

Please advice.

PS.
When I used a ClearOS box as gateway/firewall I didn't have to Whitelist any server.
And no, ClearOS is not made for game servers and does not Whitelist servers automatically.

Enabling the following, could sound like a solution, but first it wasn't and secondly, it can create a loopback situation with delays and that's unwanted with game servers:

Firewall - Settings - Advanced
Network Address Translation    

• Reflection for port forwards
• Reflection for 1:1
• Automatic outbound NAT for Reflection

IDS/IPS is disabled.

DNS resolution is functioning inside the containers:

Code Select Expand

[root@UT2K4 ~]# nslookup google.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   google.com
Address: 142.251.39.110
Name:   google.com
Address: 2a00:1450:400e:810::200e

Correct me if I am wrong, but afaik this verifies outbound traffic on the necessary port and that the port is open:

Code Select Expand

[root@UT2K4 ~]# nc -zv ut2004master.errorist.eu 28902
Warning: inverse host lookup failed for 150.230.23.146: Unknown host
ext.errorist.eu [150.230.23.146] 28902 (?) open

I don't understand how to use packet capture to analyze traffic to/from master servers and GameTracker.

The game server logs do not report any errors concerning the master servers:

Code Select Expand

Log: MasterServerUplink: Resolved utmaster.openspy.net as 134.122.16.249
Log: MasterServerUplink: Connection to utmaster.openspy.net established.

I can connect to the master servers, but it seems they cannot connect to me.

Please assist.


EDIT:
Attempted to solve this issue by disabling IPv6 on the WAN interface without success.
After a reboot I confirmed that this was not the solution I am looking for.