Messages

1

24.7 Production Series / Re: Game servers not listed and are unreachable for master servers

« on: November 13, 2024, 11:37:59 pm »

I don't know if you can call this progress, but something has changed.
According to arena.sh my Warsow server is online, but -Xonotic still isn't.
Neither is Urban Terror according to urbanterror.info.

All game servers (besides UT2K4) are still not listed in the in-game server listings.
Not sure what the difference is or what the reason is for this to happen.
I already contacted arena.sh, but I got no response.

Please advice.

2

24.7 Production Series / Re: Game servers not listed and are unreachable for master servers

« on: November 10, 2024, 01:29:58 am »

At the Urban Terror support they confirmed that my configuration files are not the problem.
They ran a server with them and it got listed, so the problem is probably Proxmox or more likely OPNsense.

Please advice

3

24.7 Production Series / Re: Dashboard not loading in several browsers

« on: November 10, 2024, 01:24:39 am »

Even after a new certificate has been generated with "2) Set interface IP address" the problem has returned.

@newsense

Code: [Select]

# configctl webgui restart renew
error in configd communication, see syslog for detailsNo idea how to continue troubleshooting because I don't understand how to open the syslog and no errors are reported in System - Log Files - Web GUI.

@franco
Not sure what browser console errors you would like to see, because I have no idea what you are talking about.

4

24.7 Production Series / Re: Dashboard not loading in several browsers

« on: November 08, 2024, 09:49:45 am »

Thanks for responding.
I checked the logs for errors and I think I might have found a reason why this is happening.

This OPNsense box is second hand and the person who installed it for me forgot that the self signed "Web GUI SSL certificate" needed to be renewed, because it is valid until 2019.
I could try to do this myself, but he blamed me for screwing this up, so I leave it as it is for him to find out.
The only problem I have is that he hardly has time for me so maybe this weekend it will be solved.

5

24.7 Production Series / Dashboard not loading in several browsers

« on: November 08, 2024, 03:17:50 am »

OPNsense 24.7.8-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15

Hi all,

Since a few days I encountered the problem that the Dashboard is sometimes not loading (see attachment).
It's a dedicated OPNsense box and the problem started a few days after the latest firmware updates where installed.
The only temporary solution I could figure out is to reboot my Win10 workstation.

I attempted to solve it by restoring several older backups and manually changing all the updates required to restore it back to the latest state.
I did reinstall the updates and didn't test it without them.
Just clearing the cache and restarting the browsers does not solve the problem.

The problem starts after waiting a while and also occurs in other browsers.
It looks like the box still functions when this happens, but I am wondering what happens exactly.
Is this a known issue and could it be related to the latest firmware updates ... ?!?

Please advice,

Mister J.

6

24.7 Production Series / Re: Game servers not listed and are unreachable for master servers

« on: October 31, 2024, 02:03:27 am »

Thanks Patrick and axsdenied,

I have been experimenting with UPnP and Hybrid outbound NAT, but it didn't solve my issue.
First of all my game servers are older games and do not support UPnP, but it was worth investigating because it was another way of looking at my problem.
I confirmed this by checking if any new connected sessions where created in the status of UPnP and there where none.

If you have any other suggestions than they are welcome.

7

24.7 Production Series / Re: Game servers not listed and are unreachable for master servers

« on: October 29, 2024, 12:45:45 pm »

In Dutch we have a saying ... "van het kastje naar de muur" ... roughly translated it means something like “being sent from one unhelpful person to the next“.

I already posted this issue in several other (game)forums and no one seems to get the grasp of it.
All I did was follow the advice given to me by so called specialists, with the intent of simplifying things, but according to your reply I should go back to the drawing board because I did the opposite.

I can't be sure, but according to my knowledge the problem is with OPNsense, so I hope that there is someone else in this forum who is willing and able to at least point me in the right direction.
Sure thing is that I need to learn a lot, but all I read in your answer is that you don't have a clue either.

8

24.7 Production Series / Re: Game servers not listed and are unreachable for master servers

« on: October 29, 2024, 07:12:08 am »

I am not sure but I have a gut feeling that I am getting closer to the cause of  the problem.
That's all I have because I lack the experience that some of you guys and girls have.
Let me explain why ...

I locally opened 2 Putty windows and connected to my UT2K4 container.
In the first window I started this command:

Code: [Select]

[root@UT2K4 ~]# nc -u -l 7787In the second window I did this command:

Code: [Select]

[root@UT2K4 ~]# echo "test packet" | nc -u 127.0.0.1 7787The result was that in the first window the message appeared:

Code: [Select]

[root@UT2K4 ~]# nc -u -l 7787
test packet
Don't ask me why but I needed to make a VPN connection from my laptop to test the following:
In the first window I started this command:

Code: [Select]

[root@UT2K4 ~]# nc -u -l 7787In the second window I did this command:

Code: [Select]

[root@UT2K4 ~]# echo "test packet" | nc -u 192.168.100.142 7787The result was that in the first window the message appeared:

Code: [Select]

[root@UT2K4 ~]# nc -u -l 7787
test packet
So far so good, but what I actually need is to test this from outside of my LAN to confirm that UDP packages get a proper response too, but I can't seem to figure it out on my own.
I tried to open port 22 temporary on my WAN to be able to access my network from the WAN, but for unknown reasons this failed.

What I want to achieve is this:
In the first window (LAN) start this command:

Code: [Select]

[root@UT2K4 ~]# nc -u -l 7787In the second window (WAN) run this command:

Code: [Select]

[root ~]# echo "test packet" | nc -u <WAN ip> 7787The successful result would be that in the first window the message appears:

Code: [Select]

[root@UT2K4 ~]# nc -u -l 7787
test packet
Now going back to my gut feeling.
I suspect that from the WAN it does not get a proper response, what would explain why all my game servers have the problem of being able to connect to the master servers, but the master servers are unable to connect to my game servers, because they don't get a response back when connecting from the WAN.

If this logic is correct than how do I enable this with OPNsense ... ?!?
Could it be solved by some outgoing rules, or maybe with some advanced settings ... ?!?
Or maybe this is a bug that no one thought of before ... ?!?

Please advice or at least confirm or deny my logic.

PS.
Don't tell me that I am trying out stuff without having a basis for doing so, because doing nothing is not an option and this forum doesn't really give me a high number of feedback.

9

24.7 Production Series / Re: Game servers not listed and are unreachable for master servers

« on: October 27, 2024, 04:44:57 pm »

Thanks for responding crankygamer,

I get this message from GameTracker for UT2K4:

One of the following suggestions may help you:

• Your server is currently offline. (False, I can ping and connect from the LAN & WAN with an ip.)
      GameTracker needs your server to be online before you can add it to our database. Please restart your server and make sure it's up before hitting ADD SERVER again.
• You entered the wrong query port. (False, I used the default port 7787, but also tested the others.)
      Please update your query port and hit scan again
• Your server is firewalled. (Not by the default rules, see pictures below.)
      Please turn off any firewall you have that may block scanning or whitelist the gametracker scanning IP addresses:
      149.28.43.230
      45.77.96.90
      108.61.78.150
      108.61.78.149

I also saw this line in the live log (in green) when pressing the Add Server button:

Code: [Select]

Interface Time             Source          Destination         Proto        Label
LAN 2024-10-27T17:02:49 45.77.96.90:60840 192.168.100.142:7787 udp let out anything from firewall host itselfSee: Packet Capture

This confirms that GameTracker is scanning on the correct port, but there’s no indication of a response packet from my server back to 45.77.96.90.
I suspect that there is a rule missing and I confirmed in the live log that it is not blocked/dropped.
I Whitelisted all of the other UT2K4 master servers (source- & destination port = any), but that still didn't solve the problem.
White listing the master servers for the other games also didn't help.

These are my current rules:

• Portforward rules
• WAN rules
• LAN rules
• Automatically generated rules

Btw ... these rules where checked by a friend who has 35+ years of experience with OPNsense, but hardly has the time to help me.
And I have been running these game servers for the last 20+ years.
He doesn't know much about game servers and I don't know much about OPNsense, so I have no choice then trying out stuff that may not sound logical to you.

I checked the live log and there are a lot of denials, but not from the master servers.

Please advice.

PS.
When I used a ClearOS box as gateway/firewall I didn't have to Whitelist any server.
And no, ClearOS is not made for game servers and does not Whitelist servers automatically.

10

24.7 Production Series / Re: Game servers not listed and are unreachable for master servers

« on: October 24, 2024, 01:20:45 am »

Enabling the following, could sound like a solution, but first it wasn't and secondly, it can create a loopback situation with delays and that's unwanted with game servers:

Firewall - Settings - Advanced
Network Address Translation    

• Reflection for port forwards
• Reflection for 1:1
• Automatic outbound NAT for Reflection

IDS/IPS is disabled.

DNS resolution is functioning inside the containers:

Code: [Select]

[root@UT2K4 ~]# nslookup google.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   google.com
Address: 142.251.39.110
Name:   google.com
Address: 2a00:1450:400e:810::200e
Correct me if I am wrong, but afaik this verifies outbound traffic on the necessary port and that the port is open:

Code: [Select]

[root@UT2K4 ~]# nc -zv ut2004master.errorist.eu 28902
Warning: inverse host lookup failed for 150.230.23.146: Unknown host
ext.errorist.eu [150.230.23.146] 28902 (?) open
I don't understand how to use packet capture to analyze traffic to/from master servers and GameTracker.

The game server logs do not report any errors concerning the master servers:

Code: [Select]

Log: MasterServerUplink: Resolved utmaster.openspy.net as 134.122.16.249
Log: MasterServerUplink: Connection to utmaster.openspy.net established.
I can connect to the master servers, but it seems they cannot connect to me.

Please assist.


EDIT:
Attempted to solve this issue by disabling IPv6 on the WAN interface without success.
After a reboot I confirmed that this was not the solution I am looking for.

11

24.7 Production Series / Re: Game servers not listed and are unreachable for master servers

« on: October 23, 2024, 03:43:49 am »

I have confirmed that "Block private networks" and "Block bogon networks" is disabled in Interfaces - LAN.
These are still enabled in Interfaces - WAN, but afaik this should remain the case.
I have tested disabling these settings in Interfaces - WAN, but without result.

I also enabled "Multicast Handling" by allowing the following in Firewall - Rules - LAN:
224.0.0.0/4
Afaik this is redundant, because this option is enabled by default.

Old situation:

LAN (switch with clients) - Gateway server - (LAN) router & WiFi (WAN) - Internet

New situation:

LAN (switch with clients, Proxmox box & Access Point) - (LAN) OPNsense box (WAN) - router (bridged) - Internet

Code: [Select]

[root@UT2K4 ~]# ss -tuln | grep -E '7777|7778|7787|10777|28902'
udp   UNCONN 0      0      192.168.100.142:7777       0.0.0.0:*
udp   UNCONN 0      0      192.168.100.142:7778       0.0.0.0:*
udp   UNCONN 0      0      192.168.100.142:7787       0.0.0.0:*
udp   UNCONN 0      0      192.168.100.142:10777      0.0.0.0:*
udp   UNCONN 0      0      192.168.100.142:28902      0.0.0.0:*

Code: [Select]

[root@UT2K4 ~]# nmap -sU -p 7777,7778,7787,10777,28902 192.168.100.142
Starting Nmap 7.93 ( https://nmap.org ) at 2024-10-20 23:47 UTC
Nmap scan report for UT2K4.<domain>.nl (192.168.100.142)
Host is up.

PORT      STATE         SERVICE
7777/udp  open|filtered cbt
7778/udp  open|filtered interwise
7787/udp  open|filtered popup-reminders
10777/udp open|filtered unknown
28902/udp open|filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 3.14 seconds

Code: [Select]

[root@UT2K4 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     17   --  0.0.0.0/0            192.168.100.142      udp dpt:7777
ACCEPT     17   --  0.0.0.0/0            192.168.100.142      udp dpt:7778
ACCEPT     17   --  0.0.0.0/0            192.168.100.142      udp dpt:7787
ACCEPT     17   --  0.0.0.0/0            192.168.100.142      udp dpt:10777
ACCEPT     17   --  0.0.0.0/0            192.168.100.142      udp dpt:28902
DROP       0    --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     17   --  192.168.100.142      0.0.0.0/0            udp dpt:7777
ACCEPT     17   --  192.168.100.142      0.0.0.0/0            udp dpt:7787
ACCEPT     17   --  192.168.100.142      0.0.0.0/0            udp dpt:28902

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Please advice.

12

24.7 Production Series / Re: Game servers not listed and are unreachable for master servers

« on: October 19, 2024, 04:33:44 am »

ChatGPT is known to hallucinate a lot so it's probably none of these reasons why it's not working.
Most of them are irrelevant or not applicable anyway.
My firewall log files are as good as empty, so nothing interesting to report there.

The thing that troubles me the most is that these links don't work anymore while the game servers are up and running and the required ports are forwarded (also confirmed by someone who is experienced with OPNsense and Proxmox):
https://arena.sh/game/<WAN ip>:44400/ - (Warsow)
https://arena.sh/game/<WAN ip>:25000/ - (Xonotic)
https://www.urbanterror.info/servers/<WAN ip>:27960/ - (Urban Terror)

And I cannot add UT2K4 to GameTracker anymore:
https://www.gametracker.com/servers/

According to the forums and my previous experiences with ClearOS as my gateway/firewall, my servers are setup correctly and the only real change is that I now bridged my router and use an OPNsense firewall box.
The fact that I now use a Proxmox box with every server in a separate container should not matter.

Please assist

13

24.7 Production Series / Re: Game servers not listed and are unreachable for master servers

« on: October 17, 2024, 04:39:24 pm »

When I used a ClearOS box as firewall/gateway I didn't have these problems, but since I upgraded to first NethServer 7 and now Proxmox with a dedicated OPNsense box and a bridged router I have these problems.
According to ChatGPT there are 16 factors why OPNsense could be the cause of this, but I need some expert advice to make sure what could cause this.
Some of them are irrelevant, but most of them are new to me.

Firewall - OPNsense Settings

    Rules (Firewall > Rules > WAN)
        Ensure that inbound traffic on the necessary UDP and TCP ports for your game server is allowed on the WAN interface.
        Ensure that the outbound traffic is not blocked.

    Rules (Firewall > Rules > LAN)
        Verify that your game server traffic (including the necessary UDP/TCP ports) is allowed to leave the LAN interface if necessary.

    Aliases (Firewall > Aliases)
        Incorrectly defined aliases can block the needed IP ranges or ports for your game server. Check if you have an alias setup that might interfere.

    Advanced Settings (Firewall > Settings > Advanced)
        Reflection for port forwards (NAT reflection) might be needed for LAN clients to connect to the public IP of your server via the WAN interface.
        Bogon Networks filtering can block legitimate traffic if your game server uses IPs within the filtered ranges. Ensure that this is not overly restrictive.

    Floating Rules (Firewall > Rules > Floating)
        Check if there are floating rules that could block traffic to or from your game server.

    Firewall Optimization Settings (Firewall > Settings > Advanced)
        The firewall might be optimized for low-latency gaming or for security in ways that inadvertently block or slow down listing requests. Ensure that the firewall optimization setting is appropriate for gaming (e.g., Normal or Conservative).

Additional OPNsense Sections

    Intrusion Detection (Services > Intrusion Detection) - irrelevant because disabled
        If enabled, the Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) may block outbound or inbound traffic related to your game server. Check the logs and rules to ensure that it is not preventing the game server from communicating with external master servers.

    Outbound NAT (Firewall > NAT > Outbound)
        Incorrect outbound NAT configurations might prevent your server from sending data properly to master servers. Check if the NAT mode is set to "Hybrid" or "Manual" and ensure the proper outbound NAT rules for your game server are set up.

    States Reset (Diagnostics > States)
        Sometimes, stale states may prevent proper network communication. You can try resetting the states or connections from this menu.

    Logging (Firewall > Log Files)
        Use firewall logs to monitor if any traffic is being blocked related to your game server communication. This can help identify if there are any silent blockages.

    UPnP (Services > UPnP & NAT-PMP)
        If your game server supports UPnP, ensure this is configured correctly to allow automatic port forwarding for the game server.

    DNS Settings (System > Settings > General)
        Incorrect DNS settings can prevent your game server from resolving the master server addresses properly, which can cause listing issues. Ensure DNS is correctly configured.

    Gateway / Routing Issues (System > Gateways > Single)
        If there are issues with your WAN gateway or the routing table is misconfigured, your game server might not communicate properly with external servers.

    Traffic Shaper (Firewall > Shaper)
        If you are using traffic shaping, ensure that it is not prioritizing or throttling your game server traffic in a way that causes listing failures.

    GeoIP Blocking (Firewall > Aliases > GeoIP) - irrelevant because before I enabled it, the problem was there.
        If you are using GeoIP-based rules, ensure that you are not inadvertently blocking regions where the game server master servers are hosted.

    VPN Settings (if applicable)
        If your OPNsense setup involves a VPN, make sure the traffic from the game server is correctly routed and not blocked by VPN rules.

Please advice.

14

24.7 Production Series / Game servers not listed and are unreachable for master servers

« on: October 16, 2024, 04:00:44 am »

Hi all,

I successfully run 4 game servers (latest versions of Urban Terror, Unreal Tournament 2004, Xonotic & Warsow) that I can connect to with a client from the LAN and WAN by ip.

Since I changed server OS from ClearOS to initially NethServer 7, I am having problems getting listed.
Because someone advised me to solve this problem the easiest way, I changed to the Hypervisor Proxmox and now I am running the game servers in Debian 12 based containers with a dedicated OPNsense firewall box.
Because I do not encounter this problem with UT2K4 I must assume that it's not something simple like a problem with portforwarding, because those are identical.

But with the Urban Terror, Xonotic & Warsow it's only possible to connect from the Internet by ip address and not with the in-game- or online listings.
I already tried every trick in the book that I could find, but nothing works with these 3 games.
https://arena.sh and https://www.urbanterror.info also reports that the servers are unreachable.

The only problem I have with UT2K4 is that I can't figure out how to add my server to GameTracker.com.
For unknow reasons it reports that one of the following criteria is true:

• Server is not online
• Entered the wrong Query Port
• Server is firewalled

When running these game servers on a ClearOS box in gateway mode I did not have any of these problems.
Could it have something to do with a setting in OPNsense ... ?!?

Please advice,

Mister J.