• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Nintendo Switch connection issue Error code

Gaming
nintendo upnp static mapping acl nat
5
55
10.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    JonathanLee @michmoor
    last edited by JonathanLee Oct 9, 2023, 5:24 PM Oct 9, 2023, 5:24 PM

    @michmoor That would defeat the URL blocker/child safe features without the proxy. It has a web browser on it.

    1 Reply Last reply Reply Quote 0
    • M
      mcury @JonathanLee
      last edited by mcury Oct 9, 2023, 5:26 PM Oct 9, 2023, 5:24 PM

      @JonathanLee Splice all still messes up with the headers and break SSL chain since the proxy is now doing the request for the website and thus it is not a SSL connection between Nintendo Switch and nintendo.net anymore.

      The problem I'm seeing here is that nintendo.net is using akamai.. so a bypass won't help in this situation because you won't want to bypass akamai..

      dead on arrival, nowhere to be found.

      J M 2 Replies Last reply Oct 9, 2023, 5:26 PM Reply Quote 0
      • J
        JonathanLee @mcury
        last edited by Oct 9, 2023, 5:26 PM

        @mcury Dang it. I guess it has to stay broken. The SSL stops at the modem in our LAN. O well.

        M 1 Reply Last reply Oct 9, 2023, 5:28 PM Reply Quote 0
        • M
          mcury @JonathanLee
          last edited by Oct 9, 2023, 5:28 PM

          @JonathanLee said in Nintendo Switch connection issue Error code:

          Dang it. I guess it has to stay broken. The SSL stops at the modem in our LAN. O well.

          Is it possible to set the proxy only in the Nintendo Switch browser and not in the OS ?
          If it isn't, perhaps you could set a password in the browser to block the use of it ?

          dead on arrival, nowhere to be found.

          J 1 Reply Last reply Oct 9, 2023, 5:56 PM Reply Quote 1
          • J
            JonathanLee @mcury
            last edited by JonathanLee Oct 9, 2023, 5:58 PM Oct 9, 2023, 5:56 PM

            @mcury @michmoor

            Thanks for working with me on this.

            The Nintendo switch does work for all NAT B games and for his online account. Disney Speed racing game must require NAT A to work is all I think. So he has a lot of options to have fun with still that let the URL blocker work correctly.

            I flat out love Nintendo's version of LAN options over XBOX's. Nintendo just lets you input a proxy. XBOX wont do it, it was such a pain to set up the XBOX, it needed WPAD and after that it needed special DHCP options to tell the XBOX where to go, and special spice options just to have the Child Safe URL blocker work. It was really illusive over Nintendo's simple plug the proxy in and go option. Don't get me wrong XBOX has it's items I like too.

            STUN is new to me I have never played with that until today. I wonder if it will improve anything here or not?

            M 1 Reply Last reply Oct 9, 2023, 6:01 PM Reply Quote 0
            • M
              mcury @JonathanLee
              last edited by Oct 9, 2023, 6:01 PM

              @JonathanLee said in Nintendo Switch connection issue Error code:

              STUN is new to me I have never played with that until today. I wonder if it will improve anything here or not?

              STUN is used to tell a server which IP/UDP port to use in the communication.
              Sometimes it is just the voice communication in the game that doesn't work properly.
              Sometimes is just you won't be able to host a game, but only connect to existing games in the server, things like that.

              dead on arrival, nowhere to be found.

              1 Reply Last reply Reply Quote 0
              • M
                michmoor LAYER 8 Rebel Alliance @mcury
                last edited by Oct 9, 2023, 7:01 PM

                @mcury said in Nintendo Switch connection issue Error code:

                The problem I'm seeing here is that nintendo.net is using akamai..

                That right there is going to break Squid in Transparent mode
                @JonathanLee As you are already aware there is an issue with Squid and quickly rotating IPs to Domain Names. So the suggestion to bypass the proxy all together should be considered.

                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                Routing: Juniper, Arista, Cisco
                Switching: Juniper, Arista, Cisco
                Wireless: Unifi, Aruba IAP
                JNCIP,CCNP Enterprise

                J 1 Reply Last reply Oct 9, 2023, 10:25 PM Reply Quote 0
                • J
                  JonathanLee @michmoor
                  last edited by JonathanLee Oct 10, 2023, 1:57 AM Oct 9, 2023, 10:25 PM

                  @michmoor That might be resolved once PfSense adds unbound support for DoH. Unbound already supports it, just pfSense does not have the GUI options for it yet.

                  I don't have the issues you have, again I only use A DNS records because my ISP does not allow IPv6. The Nintendo works mostly for everything I need.

                  1 Reply Last reply Reply Quote 0
                  • J
                    JonathanLee
                    last edited by JonathanLee Oct 10, 2023, 11:02 PM Oct 10, 2023, 10:52 PM

                    I have learned it does use STUN for something check this out.

                    My Nintendo SW is 192.168.1.17 This is a STUN port accessing Google stun

                    login-to-view

                    34.132.225.91 is Google, I assume because of the port used its a STUN server for Nintendo port 3478 I added a supress to that IP for it.

                    login-to-view

                    1 Reply Last reply Reply Quote 0
                    • J
                      JonathanLee
                      last edited by JonathanLee Nov 9, 2023, 2:26 AM Nov 9, 2023, 2:25 AM

                      I created a PCAP file when this connection test runs it seems like it has a lot of RST from the firewall itself this is when the connection fails right after

                      login-to-view

                      8 nil-aas(3128) -> 10316 [RST]

                      keep in mind I do have a WAN floating traffic shaping rule running.

                      Any ideas?

                      J 1 Reply Last reply Nov 9, 2023, 4:16 AM Reply Quote 0
                      • J
                        johnpoz LAYER 8 Global Moderator @JonathanLee
                        last edited by Nov 9, 2023, 4:16 AM

                        @JonathanLee well your nintendoswitch keeps sending ack, after the lee_family sent a fin,ack - so yeah if NS keeps talking to LF with sending acks, LF is going to keep telling it to F off with a RST..

                        Not sure where pfsense comes into play in this conversation. Is this traffic routed over pfsense? 3128 is proxy port, so this NS wants to keep this conversation going after LF has told its done with the fin,ack..

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        J 1 Reply Last reply Nov 9, 2023, 5:08 AM Reply Quote 0
                        • J
                          JonathanLee @johnpoz
                          last edited by JonathanLee Nov 9, 2023, 6:04 AM Nov 9, 2023, 5:08 AM

                          @johnpoz yes Squid proxy 3128 this is during the Nintendo Switch Network test it does an upload test right after the Nintendo Switch shows I have NAT type B next it does a download test that passes goes to UL test and this is in the PCAP. It has a ton right before it fails. LF my SG-2100. I wonder if I can increase the connection timers or something

                          https://bugs.squid-cache.org/show_bug.cgi?id=5084

                          M 1 Reply Last reply Nov 9, 2023, 11:21 AM Reply Quote 0
                          • M
                            mcury @JonathanLee
                            last edited by mcury Nov 9, 2023, 11:22 AM Nov 9, 2023, 11:21 AM

                            @JonathanLee said in Nintendo Switch connection issue Error code:

                            @johnpoz yes Squid proxy 3128 this is during the Nintendo Switch Network test it does an upload test right after the Nintendo Switch shows I have NAT type B next it does a download test that passes goes to UL test and this is in the PCAP. It has a ton right before it fails. LF my SG-2100. I wonder if I can increase the connection timers or something

                            https://bugs.squid-cache.org/show_bug.cgi?id=5084

                            I wonder if in Nintendo Switch, you could use a .pac file instead of setting the proxy by IP address and port, or, if there is a configuration field such as "Do not proxy connections for this destinations"..

                            If this field existis in the Nintendo Switch proxy configuration, try to include nintendo.net there.

                            Or, perhaps, if it is possible, try this .pac file in the Nintendo Switch configuration:

                            This is the .pac file I used to have in a few customers back in the day that I was using squid..

                            function FindProxyForURL(url, host) {
                            //BYPASS POR REGEX
                                if (isPlainHostName(host) ||
                                    shExpMatch(host, "*.home.arpa") ||
                            //BYPASS BY DESTINATIONS NETWORK
                                    isInNet(dnsResolve(host), "10.0.0.0",  "255.0.0.0") ||
                                    isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
                                    isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
                                    isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0") ||
                            //LOCAL SITES
                                    dnsDomainIs(host, "mywebsite.home.arpa") ||
                            //Windows and Nintendo Switch
                                    dnsDomainIs(host, "windowsupdate.com") ||
                                    dnsDomainIs(host, "live.com") ||
                                    dnsDomainIs(host, "microsoft.com") ||
                                    dnsDomainIs(host, "nintendo.net") ||
                            //Other
                                    dnsDomainIs(host, "whatsapp.com"))
                                  return "DIRECT";
                            if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))
                            return "PROXY pfsense.home.arpa:3128";
                            }
                            

                            Edit: If you follow this route, bypass Nintendo's Switch IP address from the transparent proxy.

                            dead on arrival, nowhere to be found.

                            J 1 Reply Last reply Nov 9, 2023, 5:05 PM Reply Quote 0
                            • J
                              JonathanLee @mcury
                              last edited by Nov 9, 2023, 5:05 PM

                              @mcury I like your pac WPAD file, however Nintendo does allow for Proxy use, meaning it should not have to bypass it. I have found a bug reported in bugzilla that matches the half closed issue. Your auto configuration file for me opens to many addresses. I do like the .arpa return direct I will use that for my internal devices thanks.

                              M 1 Reply Last reply Nov 9, 2023, 5:09 PM Reply Quote 0
                              • M
                                mcury @JonathanLee
                                last edited by mcury Nov 9, 2023, 5:18 PM Nov 9, 2023, 5:09 PM

                                @JonathanLee What you gain with using a PAC file is the possibility to bypass destinations by domains, regex..

                                You don't need to know the destination address as you would need to know when using transparent proxy.

                                Browsers also have a builtin option to make use of that, that you can use with or without a .pac file.

                                login-to-view

                                So, as I see it, Nintendo switch proxy implementation is poor, I mean, only an IP and address, port and a switch ON/OFF ?

                                dead on arrival, nowhere to be found.

                                M 1 Reply Last reply Nov 10, 2023, 9:15 PM Reply Quote 1
                                • M
                                  michmoor LAYER 8 Rebel Alliance @mcury
                                  last edited by Nov 10, 2023, 9:15 PM

                                  @mcury

                                  The usage of Squid (to no ones surprise) is now deprecated.

                                  https://www.netgate.com/blog/deprecation-of-squid-add-on-package-for-pfsense-software

                                  Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                  Routing: Juniper, Arista, Cisco
                                  Switching: Juniper, Arista, Cisco
                                  Wireless: Unifi, Aruba IAP
                                  JNCIP,CCNP Enterprise

                                  M J 2 Replies Last reply Nov 10, 2023, 9:59 PM Reply Quote 1
                                  • M
                                    mcury @michmoor
                                    last edited by Nov 10, 2023, 9:59 PM

                                    @michmoor said in Nintendo Switch connection issue Error code:

                                    The usage of Squid (to no ones surprise) is now deprecated.

                                    https://www.netgate.com/blog/deprecation-of-squid-add-on-package-for-pfsense-software

                                    I can't say I'm surprised indeed.. Thanks for the info.

                                    dead on arrival, nowhere to be found.

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      JonathanLee
                                      last edited by JonathanLee Nov 11, 2023, 1:05 AM Nov 11, 2023, 12:50 AM

                                      What is an alternative ???

                                      Dang looks like I will have to stay with 23.09 until 2100 hardware twightlighted. I spent years getting this to actually work =(, it's just sad to me. :(

                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        JonathanLee @michmoor
                                        last edited by Nov 11, 2023, 2:33 AM

                                        This post is deleted!
                                        1 Reply Last reply Reply Quote 0
                                        • J
                                          JonathanLee
                                          last edited by Nov 11, 2023, 2:35 AM

                                          What is the next official Netgate product that will continue to support a proxy with SSL intercept that can be purchased? Now that this is being twightlighted?

                                          What version should I upgrade too for proxy cacheing abilities? I have a SG-2100 currently. Should users move to Palo Alto?

                                          M 2 Replies Last reply Nov 11, 2023, 4:53 AM Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.