TheGamerPlanet
Game / Server Forums => Ghost Recon: Advanced Warfighter => Topic started by: Fishmonger on August 14, 2020, 06:40:55 PM
-
I set up my router to allow VPN connections directly, not via that remote Hamachi service. This may or may not work. I do have a dual core router CPU but it isn't the fastest one on the planet. There are models that are allegedly much faster due to some custom chipsets that handle the encryption. Still, what we are doing isn't really high load, so I figure we should give it a shot. If Hamachi has a bandwith cap (highly likely as I never saw it above 10Mbps), we may actually do better with this solution.
Anyone who is interested in testing this with me, let me know in Teamspeak. I will need to email you instructions and a settings file, username and PW. We can actually do this in tandem with Hamachi, as the connections should be handled on my network as if you are a local client like my own gaming box, where I never run Hamachi. The server has been dishing out GRAW connections on Hamachi and locally simultaneously, so that should not be a problem.
I cannot test myself very easily unless I go to some coffee shop with my laptop and play from there. . I do not have GRAW in my office and that office isn't really my office any longer anyway.
I did test the connectivity from the office computer to my LAN with the settings I have configured and it works fine (e.g. I can try to open my router admin page from a computer that isn't in my house using the local network 192.168.0.1 IP for it, so that remote system clearly is "virtually" on my LAN. Just what we need to play GRAW. The connection will not allow you to use my Internet connection for web access (teamspeak), but that will use your normal connection. So far that also seems to work on my work box.
If possible, I want to ditch Hamachi before the end of August when they will bill me again for 12 months without warning or any prior info on how much the price is going up. Just because of the way they do this I want to dump the service. It is getting expensive, and it may also be the root problem of all our map loading crashes.
To make all this work on your end, you will need to install OpenVPN, which behaves a lot like hamachi, except you don't see other users connected. Downloads are here https://openvpn.net/community-downloads/
The program will be looking for a config file that I will provide, plus a username and password (can be saved) I will hand out via teamspeak. At this point I don't know if everyone can use the same user/pass combo, or if I have to create one for each user. There is a limit of 16 in the server config, but that should be enough for us. I am guessing more than one can connect using the same user and password.
So if you're a bit more on the tech savvy side and want to try this out (Mex, Mike? I recall you were interested in testing) let me know this weekend. I'll advertise this in TeamSpeak as well
-
One more thought on this - I am not sure if others can host games using this setup, but again, technically, it isn't any different from being on the same LAN, so as long as users connect to my VPN and one of them fires up their own server, the traffic would go through my router to go back out to players. Testing when we have more than one player set up to use this will be needed to see if we are going to depend on my server being up or not. I have my money on "everything will be the same" short of seeing other users in a list. Meanwhile, the logs on my router do track every connection and IP numbers of users connecting to the LAN.
-
I'm guessing that we will need the 64 bit MSI Installer?
I'll download and install this.
-
Hoping , Thats what i installed .
-
if you are on 32 bit XP you need 32 bit, Anything else, just use the 64 bit.
I installed this one
https://swupdate.openvpn.org/community/releases/OpenVPN-2.5-beta1-amd64.msi
The second one listed did not mention beta, so that may be the better choice for stability, but I really can't tell form the instructions. the last version there seems to be the one for most of us:
https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.9-I601-Win10.exe
-
was easier setting up over hamachi if i was in fact connected , with the server being up on hamachi unsure . Can you check activity on your router to see if i was active ?
-
Today's server log - it was certainly up and running:
Aug 16 13:10:47 vpnserver1[990]: 206.125.203.193:56613 TLS: Initial packet from [AF_INET]206.125.203.193:56613 (via [AF_INET]134.215.114.4%vlan2), sid=1a8a661b 1c0bb379
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC87U, emailAddress=me@myhost.mydomain
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_VER=2.5_beta1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_PLAT=win
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_PROTO=6
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_NCP=2
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_LZ4=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_LZ4v2=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_LZO=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_COMP_STUB=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_COMP_STUBv2=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_TCPNL=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_GUI_VER=OpenVPN_GUI_11
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 TLS: Username/Password authentication succeeded for username %%%%
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 [client] Peer Connection Initiated with [AF_INET]206.125.203.193:56613 (via [AF_INET]134.215.114.4%vlan2)
Aug 16 13:10:48 vpnserver1[990]: client/206.125.203.193:56613 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Aug 16 13:10:48 vpnserver1[990]: client/206.125.203.193:56613 MULTI: Learn: 10.8.0.6 -> client/206.125.203.193:56613
Aug 16 13:10:48 vpnserver1[990]: client/206.125.203.193:56613 MULTI: primary virtual IP for client/206.125.203.193:56613: 10.8.0.6
Aug 16 13:10:49 vpnserver1[990]: client/206.125.203.193:56613 PUSH: Received control message: 'PUSH_REQUEST'
Aug 16 13:10:49 vpnserver1[990]: client/206.125.203.193:56613 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,route 10.8.0.1,topology net30,ping 10,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Aug 16 13:10:49 vpnserver1[990]: client/206.125.203.193:56613 Data Channel: using negotiated cipher 'AES-256-GCM'
Aug 16 13:10:49 vpnserver1[990]: client/206.125.203.193:56613 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 13:10:49 vpnserver1[990]: client/206.125.203.193:56613 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 13:25:11 vpnserver1[990]: client/206.125.203.193:56613 [client] Inactivity timeout (--ping-restart), restarting
Aug 16 13:25:11 vpnserver1[990]: client/206.125.203.193:56613 SIGUSR1[soft,ping-restart] received, client-instance restarting
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 TLS: Initial packet from [AF_INET]76.75.92.129:53138 (via [AF_INET]134.215.114.4%vlan2), sid=53cfcef4 b070718f
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC87U, emailAddress=me@myhost.mydomain
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_VER=2.5_beta1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_PLAT=win
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_PROTO=6
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_NCP=2
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_LZ4=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_LZ4v2=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_LZO=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_COMP_STUB=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_COMP_STUBv2=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_TCPNL=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_GUI_VER=OpenVPN_GUI_11
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 TLS: Username/Password authentication succeeded for username %%%%
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 [client] Peer Connection Initiated with [AF_INET]76.75.92.129:53138 (via [AF_INET]134.215.114.4%vlan2)
Aug 16 18:50:42 vpnserver1[990]: client/76.75.92.129:53138 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Aug 16 18:50:42 vpnserver1[990]: client/76.75.92.129:53138 MULTI: Learn: 10.8.0.6 -> client/76.75.92.129:53138
Aug 16 18:50:42 vpnserver1[990]: client/76.75.92.129:53138 MULTI: primary virtual IP for client/76.75.92.129:53138: 10.8.0.6
Aug 16 18:50:44 vpnserver1[990]: client/76.75.92.129:53138 PUSH: Received control message: 'PUSH_REQUEST'
Aug 16 18:50:44 vpnserver1[990]: client/76.75.92.129:53138 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,route 10.8.0.1,topology net30,ping 10,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Aug 16 18:50:44 vpnserver1[990]: client/76.75.92.129:53138 Data Channel: using negotiated cipher 'AES-256-GCM'
Aug 16 18:50:44 vpnserver1[990]: client/76.75.92.129:53138 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 18:50:44 vpnserver1[990]: client/76.75.92.129:53138 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 TLS: soft reset sec=0 bytes=67575/-1 pkts=948/0
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC87U, emailAddress=me@myhost.mydomain
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_VER=2.5_beta1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_PLAT=win
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_PROTO=6
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_NCP=2
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_LZ4=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_LZ4v2=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_LZO=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_COMP_STUB=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_COMP_STUBv2=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_TCPNL=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_GUI_VER=OpenVPN_GUI_11
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 TLS: Username/Password authentication succeeded for username %%%%
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
-
ok forget last post got smart and shut off hamachi and could still connect so guess all good
-
yes, hamachi is up on the server, so it'll likely default to that. Long term, if we use OpenVPN, the server won't be running Hamachi anyway. So connected and could join the game?
-
yup shut off hamachi and could still join tgp in game menu
-
No joy for me. Connect using VPN and don't see the server. Say's it is connected.
Start Hamachi and can see the server in the game menu.
-
was that back to back within minutes? Or about the time I usually launch the server? Server was not running all day yesterday or today
-
Tried just now.
VPN connects but I don't see the server in the game menu.
Start Hamachi and see the server in the game menu.
-
oh man, there's always something.
your connection did this - not sure if related, but there is a config area in the client where you can set this cipher to match the settings on the server. I don't think that's it, but for now that's all I can tell from the log
Aug 18 21:28:39 vpnserver1[990]: 76.75.92.129:58695 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Also, server is on Hamachi. I should turn that off during the day for proper testing. Again, it should not matter (it worked for Raz) but it may be related.
-
changed some VPN server settings based on some research. Not been able to test yet, but PM'd the new config to H and Raz. Anyone else who wants to try, let me know. Best test this just before joining with Hamachi around normal game time. The GRAW server is only up and running in the evening.
-
went off site with the laptop to test it myself. Works like a charm. Got insta-killed right away so things must be perfect. Pings were fast, game ran fine even with some pyrotechnics.
If I can kill the Hamachi renwal in time, we're going OpenVPN. I'd like to do some load testing this weekend with more than one of the remote players on VPN, just so I can see if there are any limitations on the CPU of the router. If there is a bottleneck I may just do one more season of Hamachi, as a guaranteed fast Asus RT-AC86U router is almost 200 bucks, and I need a third router like I need a hole in my head.
-
I recommend changing the setting to not start automatically with Windows which is the default. My experience was 2 BSOD and multiple boots with like minutes to boot up. So don't reboot after install before changing that setting.
Corrected by 2 settings I recommend.
1. As above do not start automatically with Windows as the default or you will be waiting for the timeout to occur or worse BSOD.
2. Reduce a lot the 4 settings related to timeout connections. Defaults are like Preconnect timeout 10, Script Timeout 30, Dicsonnect timeout 10. I set the connect timeouts to 2.
-
that is a setting of the client, and in my install it starts the client, I think, although I never rebooted since install. It does not automatically initiate the connection.
I don't want anyone to connect unless they play. In fact, I think it is best I set up individual usernames and passwords, and nuke the one everyone has.
I see what machines are connected and as of right now, I see H, and C4 connected, but only C4 is on the server.
In the future, I think I will shut down the VPN server every night just like I shut down the GRAW server. Keeps me feeling a little more secure. Imagine there's a bunch of computers across the country you don't really have any idea about, especially how secure they are, all connected to your local network, at any time they please.
If we have unique usernames and passwords, I can see in the logs who is coming and and when they are coming in. I can set up 16 such logins, so likely enough to always have room for those active at some part of the year.
More about that in the coming days. For now use what I gave you.
-
Paid for another year of Hamachi. Use what you want for now, but in the coming weeks and months, I want to test OpenVPN settings that are different from the current setup that doesn't work for everyone.
-
Either one works for me so let me know if you want to test stuff.
-
as of last weekend, the VPN server is off again. All Hamachi for now