Joining Multiplayer OpenBeta Server over LAN - problems ** RESOLVED **

[dogmeat]

Well that's a great first impression to leave... I had a HUGE amount of text in this post and it seems to have been lost

 

** Had to rewrite text as it somehow got lost from original post - apologies if this version is a little more 'clipped'**

 

After a 7 year hiatus from flight sims I decided to dig out my DCS details and see what was going on and HOLY CRAP it's moved on a lot. A freiend asked me if I wanted to try getting back into flying with him so we brought the FA-18 and jumped in. I've also got a home network/hosting setup and nothing useful for it to do, so decided a DCS server was a good project. Previously we always hosted locally and connected via IP.

 

The diagram above is a VERY simpified version of what I have and the server is working just fine. Ports 10308 and 8088 are forwarded directly to the OpenBeta server and Players 1 and 2 are able to connect using my external IP address just fine.

 

The problem is that player 3 can't connect to the server. I've tried connecting to the server's LAN address, my own external IP address (which I know shouldn't work) and even hosting the server as public and searching for it on the list but it fails to show. The server is always "offline".

If I forward the ports directly to my gaming PC on the LAN we can all play together. the problem seems to be that the server just won't advertise itself over LAN, only the external gateway.

 

Things I've tried / checked

- Players 1 & 2 can connect using my external IP address, although ticking 'public' doesn't seem to make it show on the public list
- Player 3 (my gaming PC) is using a different DCS login to the server (signed up for a second login just for the server)
- All machines in the LAN have full access to the multiplayer network. I access the server via remote desktop from a LAN machine
- The gaming PC in the LAN also has full access to the server (can remote desktop and hit all ports)
- All router/firewall rules have been turned off during testing, nothing blocked between internal interfaces
- Player 3 PC works fine if taken outside of the network and accesses externally like players 1 & 2
- The windows firewall on the server has the required ports allowed from all and I've also tried disabling it for testing purposes
- I can forward the ports to the gaming PC on the LAN and host locally without issue

 

The problem seems to be that the server will only look for connections coming in externally, not against it's internal address. Due to the physical setup I can't give the server an address on the LAN range, but I wouldn't want to do that as it would break the security. I can also hit the server's 192.168.205.1 address no problem.

 

Am I missing something obvious?

 

Edited March 7, 2021 by dogmeat
Original text lost during post

[Skerj]

Well,

 

it seems your router doesnt route BETWEEN both networks 192.168.205/29 and 192.168.1.0/24

(if the server asks for a client from an other network, your router/firewall have to know about "route" for 192.168.1.0/24)

 

Either put your client PC3 in the same network - > 192.168.205/29 or configure a static route on your router for the networks.

 

Edit: example: interface/port 1 on your router for  192.168.205./ and interface/port 2 on your router for 192.168.1.0/24 and tell your router to route between '
em

Edited February 10, 2021 by Skerj

[dogmeat]

Hi Skerj. You may be right. Thing is, there's a static route to the LAN already, but the traffic does seem to be one way only (there's actually a small hop to the LAN over a /30 address so I may have to push the route to the server itself to know where to go).

 

My testing may have been a bit misleading as I was confirming access to the server FROM other networks rather than the server initiating back to them

Edited February 10, 2021 by dogmeat

[dogmeat]

*** EDIT ***

 

After further testing it looks like my static route and rules are or fine, but your suggestion got me looking in a different direction (that isn't reflected on my simplified diagram).

The LAN is connected from a /30 interface on the firewall to a Netgear device and I think THAT'S stopping the return traffic.

 

Thanks skerj - I wouldn't have stumbled on this for a while!

[dogmeat]

So it turns out my Netgear router than handles the LAN and then connects to my PFSense FW is possibly not fit for purpose because it will not allow traffic to initiate from what it sees as the "internet" side and has no option to turn off it's firewall.

 

That said, I find it strange that the server needs to be able to ping through to the LAN in the first place. Any other servers I have running in that network have the same connectivity issues but work fine because the connection is stateful from the LAN or allowed in from the outside. I'm not sure why the DCS server cannot respond to a stateful connection from the LAN when it has a route back (as proven by me being able to ping the server from the LAN)

 

My server doesn't have the ability to ping through to my friend's machines (Player 1 and Player 2) but will happily respond when they connect to it. Why would the server need an open connection to the LAN at all times?

[Skerj]

vor 19 Stunden schrieb dogmeat:

Why would the server need an open connection to the LAN at all times?

what do you mean by open connection?

 

Keep in mind that /30 means only 2 bits left for (host)addressing which equals 4 ip addresses in that net segment. The first and last are alrdy "reserved" for net address itself and broadcast address. So two ip addresses left, one will be assigned to the gateway (aka. physical interface on your router) tho and finally the last one will be your host ip address.

 

e.g. 192.168.1.0/30

Net address: 192.168.1.0

Gateway:       192.168.1.1      (ofc you can decide which one is gateway or host)

Host1:           192.168.1.2                                                

Broadcast:     192.168.1.3

 

next net is 192.168.1.4/30 (if you keep /30)

....

 

Basically if you need to  make sure that all of your local networks have a gateway. Eihter setup your router to provide those or your firewall if it supports layer 3/4 switching. Only one device should do the job. I know you did it one or two times, but check it a third time. It still smells like a conceptional/network issue ;)

 

Good Luck!

[dogmeat]

Thanks for following up. I'm just putting together a quick diagram of what I have to give a better picture. I originally kept the layout simplified as I didn't want to cloud the issue with my setup, but reading back I've probably made it more confusing.

 

The term "open connection" was a bit misleading on my part, too. My LAN can reach all of my other Vlans in my environment and they all have routes to get back, but they cannot ping to the LAN. I can initiate a connection like a remote desktop, access a server's web gui (I run EVE networking sim) and a Plex server just fine from my LAN. Once the stateful connection is initaited the traffic flows just fine.

 

I'll post a diagram shortly for better context

[dogmeat]

Soooooo...

The /30 I was talking about is simply a bridge from my main firewall/router (PFSense) to my Netgear than then handles the house LAN. The firewall has 3 phyical ports, one to the LAN (netgear), one to the internet and one that runs from the house down to my bunker shed. This goes into a Cisco switch that then connects up my VMWare box, NAS server and a couple of other project bits (unrelated). All connections to the VMWare server are trunks and carry the virtual vlans across the switch and back to the firewall where they have SVIs to enable routing.

 

As you correctly pointed out, The LAN network is not known to the firewall as it is not directly connected so there is a static route to tell it that 192.168.1.0/24 is accessed via the 192.168.2.0/30 network.

 

All networks on the VMWare environment can ping eachother without issue as I have disabled all rules on the FW while fault finding. All my networks have access to the internet and I allow private VPNs to connect to the media server, certain machines to access my DEV environment, etc. The LAN has confirmed access to all of these networks. The DCS server sits in it's own small network and has full access to the internet and has the required ports forwarded to it from the firewall. It can be accessed from internet players just fine.

The LAN can access the DCS network, ping the server and even remote desktop to it just fine. The DCS network knows the route back and can respond to pings fine.

 

However, your advice did get me checking a bit deeper and stumbling on an issue I didn't know I had. Apparently the Netgear I'm using (Nighthawk R7000) is a bit of a simple device and won't allow me to poke holes or add rules to it's firewall, so it literally won't allow anything from what it sees as "outside" to connect in. This means that none of my virtual networks can ping a LAN machine because the Netgear thinks it's an outside attack and stops it dead.

 

The part that is confusing for me is why the DCS server should need to be able to initiate a connection at all? All my other servers (Plex server in the media network, EVE network sim in Dev, an old fashioned TeamSpeak server, etc) work just fine because the player/user in the LAN initiates the connection and the server responds and creates a stateful link.

 

I can't phyically take my gaming PC down to the bunker due to space, so I'm currently spinning up a virtual machine to run DCS in the same network as the server just to confirm if it is the Netgear causing the issue, but it still seems odd that the server needs unrestricted access to contact the LAN. Especially when it's happy to reply to external connections just fine over the internet.

 

I appreciate I'm throwing a lot of info out here!

 

** edit - if it wasn't for the crippling cold today I'd simply run an extra long temporary cable down to the bunker, set a port on the Cisco switch to be in the same VLan as the DCS network and connect the gaming PC directly to it with a static IP in the same range to test it. Unfortunately this would kill my wife as it involves opening windows, so instead I'm doing the time consuming virtual machine test **

Edited February 13, 2021 by dogmeat

[Los]

fyi...We run combined LAN and online operations all the time...no issues.

 

Los

[dogmeat]

Apologies for the lack of follow up. Real life has been getting in the way and I've been doing some deep testing and fault findong on my setup.

 

So, today I literally took my gaming rig down to the bunker, physically plugged it into the switch and added it to the same vlan as the server, gave it an IP address on the same range and was still unable to join a game being hosted. There is definitely not a networking/routing issue involved here.

 

Server IP - 192.168.205.1 /29

Gaming PC IP - 192.168.205.3 /29

Gateway IP - 192.168.205.6

 

Both server and gaming PC had access to the internet. Machines could see eachother (able to ping both ways and even access the server's remote desktop via the gaming PC).

All port forwarding is still in place to send ports to the server address (see attachment). Windows firewall is off on both machines.

 

I ran the DCS server today and it had an update available so I let that run. I am able to fire up the local GUI on the server (using a different DCS account to the gaming rig). Status shows my external IP address and port 10308 as running.

 

I choose connect to IP and have tried both 192.168.205.1 and 192.168.205.1:10308. Both return a "server is offline" error.

 

The server and client is literally on the same network so there is no routing in place. Both can access internet, both have full, unrestricted access to eachother. The server is simply not being seen as an active server and I'm now completely out of ideas

 

[Maverick87Shaka]

On 2/28/2021 at 6:44 PM, dogmeat said:

Apologies for the lack of follow up. Real life has been getting in the way and I've been doing some deep testing and fault findong on my setup.

 

So, today I literally took my gaming rig down to the bunker, physically plugged it into the switch and added it to the same vlan as the server, gave it an IP address on the same range and was still unable to join a game being hosted. There is definitely not a networking/routing issue involved here.

 

Server IP - 192.168.205.1 /29

Gaming PC IP - 192.168.205.3 /29

Gateway IP - 192.168.205.6

 

Both server and gaming PC had access to the internet. Machines could see eachother (able to ping both ways and even access the server's remote desktop via the gaming PC).

All port forwarding is still in place to send ports to the server address (see attachment). Windows firewall is off on both machines.

 

I ran the DCS server today and it had an update available so I let that run. I am able to fire up the local GUI on the server (using a different DCS account to the gaming rig). Status shows my external IP address and port 10308 as running.

 

I choose connect to IP and have tried both 192.168.205.1 and 192.168.205.1:10308. Both return a "server is offline" error.

 

The server and client is literally on the same network so there is no routing in place. Both can access internet, both have full, unrestricted access to eachother. The server is simply not being seen as an active server and I'm now completely out of ideas

 

Try to use packets sender on both server and client ( keeping DCS closed on both machines)  and see what happens using TCP port 10308.
Than make the same test on ports where you don't have a port forwarding rules setup.
I've used for almost one year a server on my LAN and everything was fine.

The facts that RDP and/or ping is working just tell us that probably your NAT/PortForwarding is trying to overwriting the normal route of the packets from one pc to another.
 

[dogmeat]

Ok, I'm trying this now but struggling a bit to set it up (not familiar with packet sender).

Just a thought, but the fact that I'm running this on MS Server 2016 shouldn't be an issue should it? I've got all the internet browser security off and the windows firewall disabled, but I'm wonering if there's something I've missed here

[dogmeat]

Well this is slightly embarrassing...

 

While doing all this investigation I started up the DCS server and it said there was another update available, and... it's working now.

 

Thanks to everyone who chipped in because I did discover some other issues with my setup and there's no such thing as bad fault finding experience!