Connection to xBox 360 isn't working

Gamienator 0

Here guys is a PCAP with an successfull login: xBox_Success.cap

When I route my xBox over my VPN Tunnel the login works. I don't understand whats going wrong here

stephenw10

Do you have a static WAN IP? It might have been blocked for some reason.

Gamienator 0

@stephenw10
Nope, Dynamic WAN IP on my Line

Gblenn

@gamienator-0 Are you sure all the right ports are forwarded to your Xbox? If you have ports open, did you change the IP of the Xbox perhaps?

Gamienator 0

@gblenn AFAIK know there aren't any ports needed to be forwared inbound. Otherwise it wouldn't be able to login via Hotspot. am i right?

Gblenn

@gamienator-0 By hotspot you mean using your phone? Although mobile carriers do use CG-NAT I'm not sure how "open" their networks are in that regard. Might work actually, and your phone certainly doesn't NAT or do any firewalling.
According to Xbox support pages you need at least 88 UDP and 3074 UDP/TCP opened (in addition to 80 and 53 but they are "open" already).
Port 3074 is used by a lot of different games so if you have PC's used for gaming you might want to look into setting up UPnP for all your gaming devices.

https://support.xbox.com/en-US/help/xbox-360/networking/network-ports-used-xbox-live

stephenw10

Mmm, I'd be surprised if it needed any inbound ports just to login. And you certainly can't get any through CGNAT even if you configured them.

michmoor

@gamienator-0
For the pcap not working - where did you take it from?
For the pcap working - where did you take it from?

They are different. I don't see HTTP traffic on the working one.
The non-working one, it looks like it was taken off some Microsoft device based on the mac address. How did you do capture on this device if it is an xbox?

On the working one- there's no mac address seen in the pcap. How did you get this captured? From where?

Gamienator 0

@michmoor Heythere,

I took the not working from pfSense Packet Catpure on Interface WAN, on the Working I took from the pfSense Packet Capture on the VPN Interface. Here is the PCAP catpured from WAN Again with working condition.
XBox_Success_2.zip
And to triple check everything I factory resetted my Modem and tried another Firewall from Sophos, with the same results. So it's not an pfSense issue. Lets see what we get from the PCAPs

michmoor

@gamienator-0 said in Connection to xBox 360 isn't working:

I took the not working from pfSense Packet Catpure on Interface WAN, on the Working I took from the pfSense Packet Capture on the VPN Interface.

So your WAN interface, you get a private IP address? You are utilizing double-NAT?
I know that can be an issue for multiplayer gaming but not sure how it plays into xbox sign-in attempts.

Gamienator 0

@michmoor No, my WAN Interface has a public IP from Dail-in via PPPoE :)

johnpoz

@gamienator-0 where are you routing your vpn connection through? Same country as your from? Or different one?

Gamienator 0

@johnpoz Into a different Country, from Germany to Finland.

stephenw10

Ok, well that sounds definitely like some blocking at the server end. Just not for your specific IP as I speculated earlier.

Gamienator 0

I get even more and more the feeling that either:

a) my ISP is doing something weird or
b) my VDSL Modem is doing weird stuff.

I just noticed that even Playing CS:GO is not working anymore. After a couple of seconds I get the Message not possible to official Servers with following log:

Refreshing ping measurements
SDR RelayNetworkStatus:  avail=OK  config=OK  anyrelay=OK   (Refreshing ping measurements)
SteamNetworkingSockets lock held for 5.6ms.  (Performance warning.)  ServiceThread,SteamDatagramClientThinker::Think,EnsureDataCenterRoutesValid,ThinkPingProbes,CreateServerDataForCluster(x10),SendUDPacket(x10)
This is usually a symptom of a general performance problem such as thread starvation.
Host_WriteConfiguration: Wrote cfg/config.cfg
Ping measurement completed
Ping location: mlx1=14+1,mst1=19+1/20+1,fra=/22+1,ams=/25+1,lhr=/32+1,vie=/33+1,par=/37+1,mad=/40+1,waw=/42+1,mny1=85+8/86+8,iad=/91+8,mmi1=124+12/119+8
SDR RelayNetworkStatus:  avail=OK  config=OK  anyrelay=OK   (Refreshing ping measurements)
Ping measurement complete after 5.0s.  Sending sample to GC
  ams: 25ms via mlx1 (front=14ms, back=11ms)
  can: 185ms via tsnu (front=149ms, back=36ms)
  canm: 193ms via tsnu (front=149ms, back=44ms)
  cant: 184ms via tsnu (front=149ms, back=35ms)
  canu: 183ms via tsnu (front=149ms, back=34ms)
  dfw: 132ms via mny1 (front=85ms, back=47ms)
  lhr: 32ms via mlx1 (front=14ms, back=18ms)
  mam1: 25ms via mlx1 (front=14ms, back=11ms)
  mas1: 93ms via mny1 (front=85ms, back=8ms)
  mat1: 104ms via mny1 (front=85ms, back=19ms)
  mch1: 105ms via mny1 (front=85ms, back=20ms)
  mdc1: 92ms via mny1 (front=85ms, back=7ms)
  mdf1: 122ms via mny1 (front=85ms, back=37ms)
  mfr1: 22ms via mst1 (front=19ms, back=3ms)
  mla1: 149ms via mny1 (front=85ms, back=64ms)
  mln1: 32ms via mlx1 (front=14ms, back=18ms)
  mlx1: 14ms via direct route
  mmi1: 119ms via mny1 (front=85ms, back=34ms)
  mny1: 86ms via direct route
  mpx1: 157ms via mny1 (front=85ms, back=72ms)
  msa1: 139ms via mny1 (front=85ms, back=54ms)
  msj1: 150ms via mny1 (front=85ms, back=65ms)
  msl1: 110ms via mny1 (front=85ms, back=25ms)
  mst1: 20ms via direct route
  par: 37ms via mst1 (front=19ms, back=18ms)
  pwg: 183ms via tsnu (front=149ms, back=34ms)
  pwj: 150ms via tsnu (front=149ms, back=1ms)
  pwu: 158ms via tsnu (front=149ms, back=9ms)
  pww: 170ms via tsnu (front=149ms, back=21ms)
  pwz: 177ms via tsnu (front=149ms, back=28ms)
  sea: 150ms via mny1 (front=85ms, back=65ms)
  sha: 175ms via tsnu (front=149ms, back=26ms)
  sham: 174ms via tsnu (front=149ms, back=25ms)
  shat: 174ms via tsnu (front=149ms, back=25ms)
  shau: 169ms via tsnu (front=149ms, back=20ms)
  shb: 174ms via tsnu (front=149ms, back=25ms)
  sto2: 49ms via mlx1 (front=14ms, back=35ms)
  tsn: 150ms via tsnu (front=149ms, back=1ms)
  tsnm: 149ms via tsnu (front=149ms, back=0ms)
  tsnt: 149ms via tsnu (front=149ms, back=0ms)
  tsnu: 149ms via direct route
  tyo1: 267ms via msj1 (front=160ms, back=107ms)
Host_WriteConfiguration: Wrote cfg/config.cfg
Started tracking Steam Net Connection to =[A:1:2737553413:22553]:0, handle ceb4929
[#216746281 SDR server steamid:90168859682390021 vport 0] Requesting session from mlx1#71 (188.42.190.100:27047).  Ping = 414 = 14+400 (front+back).
[#216746281 SDR server steamid:90168859682390021 vport 0] Requesting session from mst1#57 (151.106.18.227:27041).  Ping = 419 = 19+400 (front+back).
[#216746281 SDR server steamid:90168859682390021 vport 0] Selecting mlx1#71 (188.42.190.100:27047) as primary.  (Ping = 414 = 14+400+0 (front+interior+remote).)
[#216746281 SDR server steamid:90168859682390021 vport 0] Selecting mst1#57 (151.106.18.227:27041) as backup #1 (Ping = 419 = 19+400+0 (front+interior+remote).)
Already have a ticket for server 'steamid:90168859682390021' with older expiry 1675206188.  Discarding and replacing with new ticket expiring at 1675206254
Received Steam datagram ticket for server steamid:90168859682390021 vport 0.
Host_WriteConfiguration: Wrote cfg/config.cfg
[#216746281 SDR server steamid:90168859682390021 vport 0] problem detected locally (4001): Timeout; remote problem. Rx age server (never) relay 0.4s
Steam Net connection #216746281 SDR server steamid:90168859682390021 vport 0 problem detected locally, reason 4001: Timeout; remote problem. Rx age server (never) relay 0.4s
**** Unable to localize '#GenericConfirmText_Label' on panel descendant of 'PopupManager'
Closing Steam Net Connection to (unknown), handle ceb4929 (2001 Matchmaking failed.  We never heard from gameserver)
Summary of connection to #216746281 SDR server steamid:90168859682390021 vport 0:
    End-to-end connection: closed due to problem detected locally, reason code 4001.  (Timeout; remote problem. Rx age server (never) relay 0.4s)
        Remote host is in data center 'fra'
        Current rates:
            Sent:   0.0 pkts/sec   0.0 K/sec
            Recv:   0.0 pkts/sec   0.0 K/sec
            Ping:414ms    Max latency variance: ???ms
            Est avail bandwidth: 1024.0KB/s  
            Bytes buffered: 0
        Lifetime stats:
            Totals
                Sent:         21 pkts           6,597 bytes
                Recv:          0 pkts               0 bytes
            No ping distribution available.  (1 samples)
            No connection quality distribution available.  (0 measurement intervals)
            Latency variance histogram not available
        No rate stats received from remote host
        No lifetime stats received from remote host
    Primary router: mlx1#71 (188.42.190.100:27047)  Ping to relay = -1
        Current rates:
            Sent:   2.0 pkts/sec   0.6 K/sec
            Recv:   2.2 pkts/sec   0.0 K/sec
            Quality:  100%  (Dropped:0.00%  WeirdSeq:0.00%)
            Bytes buffered: 0
        Lifetime stats:
            Totals
                Sent:         21 pkts           6,597 bytes
                Recv:         21 pkts             204 bytes
                Recv w seq:         21 pkts
                Dropped   :          0 pkts   0.00%
                OutOfOrder:          0 pkts   0.00%
                Duplicate :          0 pkts   0.00%
                SeqLurch  :          0 pkts   0.00%
            No ping distribution available.  (0 samples)
            No connection quality distribution available.  (1 measurement intervals)
            Latency variance histogram not available
        No rate stats received from remote host
        No lifetime stats received from remote host
    Backup router: mst1#57 (151.106.18.227:27041)  Ping = -1+-1=-2 (front+back=total)
    
Removing Steam Net Connection for =[A:1:2737553413:22553]:0, handle ceb4929
[#216746281 SDR server steamid:90168859682390021 vport 0] Discarding inactive session mst1#57 (151.106.18.227:27041).  ConnectionShutdown
[#216746281 SDR server steamid:90168859682390021 vport 0] Discarding inactive session mlx1#71 (188.42.190.100:27047).  ConnectionShutdown

While die PCAP ( CSGO.zip ) shows incoming and outgoing Traffic ... To be 100% sure I just ordered a new VDSL Modem...

Gamienator 0

I got an weird update.

So after checking out my MTU on the WAN Interface was set to 1280. After setting it to 1492 CSGO and xBox 360 is working fine. But now other services failes. The TLS-Handshake on github.com is not working and my Linux machines can't get a connection to deb.debian.org.

I'm sooo shortly to by an Fritzbox and run Double-NAT here ...

stephenw10

Hmm, something broken in the PMTU maybe. Try setting an MSS value there instead of MTU.

Steve

Gamienator 0

@stephenw10

No Steve, it's even dumber. Maybe THATS the reason you should never virtualize pfSense! I wanted to see what the MTU will be on WAN, when I let it auto negotiate again. It was 1492, thats okay since it's PPPoE. But looking at my LAN Interface: The MTU was 1288!

I dunno why, but after setting the MTU of 1500 in the Bridge in Proxmox and on the Interface on the VM the pfSense has on the LAN Interface 1500 MTU and since then everything is reachable.

I'm really shocked what happened to proxmox that this set it on that weird MTU.