SOLVED: PS4 Party Chat NAT only works once after reboot?
-
This one is driving me crazy, and I could be wrong but I don't think it belongs in the gaming forum (more of a VoIP NAT issue?). I feel like I have all the obvious bases covered:
-
PS4 has a static DHCP assignment at 192.168.0.12
-
Created a LAN rule to enforce using WAN gateway for 192.168.0.12 (skipping privacy VPN). Rule is at the top of the LAN rules.
-
AON - Advanced Outbound NAT is enabled, rule created to enforce static ports for 192.168.0.12
-
miniupnpd is running, PS4 is allowed to create mappings via UPnP. Confirmed the UPnP mappings after start up the PS4
I get NAT type 2 to the PS4 servers and (mostly?) haven't had issues with any games. This behavior is reliably reproduced for me:
-
Once the PS4 has established a party chat session things are fine and I am able to leave / join the party as long as I don't power down the console.
-
If the console is powered down after a party chat session it will not be able to join another party chat session until the pfSense router is also rebooted.
-
When the party chat connections are failing there is no relevant packet drops logged in the firewall log.
I'm kinda at a loss where to look next. I'm a bit fuzzy on which interface I should be performing packet captures at (LAN or WAN), but I have captures for both a successful and unsuccessful party chat attempt on the LAN interface trying to connect to the same client. Nothing obvious sticks out as different… and I didn't have this problem when I was using an ASUS RT-AC5300 so I am fairly confident it is something about my pfSense setup that is causing the issue (especially since rebooting the pfSense box reliably fixes it).
Any thoughts or guidance on what to look at next?
Details about my pfSense machine attached.
-
-
I had similar problems getting my PS4 to work properly behind pfSense. The only way I could solve the issues was to manually forward the PSN ports and 3074 (for COD). For some reason upnp in pfSense does not work properly. Even if in the upnp status page you see the ports listed open things will still not work until you manually create forward/fw rules.
-
Circling back to this topic… I appear to have solved it. In case any google-fu gets people here in the future, I won't leave you hanging...
The culprit seems to have been my privacy VPN client. I use a paid VPN service and rule based routing to protect every appropriate device inside the network. The PS4 had already been routed through my primary WAN gateway bypassing the VPN client, but apparently that was not enough. My VPN service was inserting a 0.0.0.0/0 default route ahead of the pfSense default route (Diagnostics->Route). The solution was to enable "Don't pull routes" which did not meaningfully impact my rules (all clients were already covered by rule based routing). I didn't spend a ton of time tracking down what part of the party chat / voice chat setup process was getting caught by the inserted default route, but clearly something was.
Just make sure your statically assigned PS4 client has a rule to route it through the WAN above whatever privacy VPN rule based default route you have on your LAN connection and you should be good to go.