2 clients cannot play the same game / play on the same server



  • Currently I'm using an Edge Router from UBNT, but because of FQ_CoDel I want to switch to PfSense as the ERX tops out at 100Mbps with FQ_CoDel enabled.

    With an Edge Router, 2 clients can play the same game at the same time and even join the same server together.

    That the game clients use the same ports is not an issue, as the EdgeOS takes care of that.
    Take a look at the automatically generated rules below - this example shows 2 clients play Warframe at the same time, using the default ports.

    Note how the ports 4950 and 4955 get incremented by "1" as otherwise both clients would use 4950&4955.

    ubnt@ER-X8a:~$ show upnp2 rules
    Firewall pin holes
     pkts bytes target     prot opt in     out     source               destination
       24  1768 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.173        udp dpt:4955
       24  1768 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.173        udp dpt:4950
       22  1674 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.165        udp dpt:4955
       22  1674 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.165        udp dpt:4950
    
    NAT port forwards
     pkts bytes target     prot opt in     out     source               destination
        0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:4955 to:192.168.1.173:4955
        0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:4950 to:192.168.1.173:4950
        0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:4956 to:192.168.1.165:4955
        0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:4951 to:192.168.1.165:4950
     pkts bytes target     prot opt in     out     source               destination
        0     0 MASQUERADE  udp  --  *      *       192.168.1.165        0.0.0.0/0            udp spt:4955 masq ports: 4956
        0     0 MASQUERADE  udp  --  *      *       192.168.1.165        0.0.0.0/0            udp spt:4950 masq ports: 4951
    

    So with an EdgeRouter you just enable UPnP2 & NAT-PMP and you are done!!!

    • NAT-Status is open
    • 2 (or more) clients can play the same game at the same time
    • 2 (or more) clients can play the same game on the same server at the same time

    My experience in PfSense so far has been very different or better said frustrating.

    • I enabled UPnP and NAT-PMP, thinking this would work like in EdgeOs: But that did not resolve the "Strict NAT" issue on consoles. And games like Warframe still did not work at all due to "Strict NAT" even though UPnP is enabled and rules were added!?!? (other games that use peer-2-peer or the client hosted network model have issues as well i.e. Black Ops 4, Ghost Recon Wildlands).
    • Then I created the suggested "Static Port NAT" rule: This resulted in an "Open NAT Status" on the PS4 and XB1, and Warframe worked as well. 😀

    HOWEVER

    With UPNP/NAT-PMP enabled, as well as the "Static Port NAT" rule in place for each client (remember this was required to get an OPEN Nat Status on my consoles, and for games like Warframe to work at all), I faced a new issue.

    2 clients cannot play the same game at the same time (which seems logical as PfSense nolonger randomises the Source Port now)

    Apex Legends:

    • 2 players cannot play the game together / on the same server. One gets disconnected from the lobby as soon as the match is about to begin. However players can play the game alone, on different servers. If I disable the "Static Port NAT" rule, then both players can play the game, even on the same server! But I can't constantly enable/disable the "Static Port NAT" rules depending on the game we play (remember, other games need the "Static Port NAT" rule). O.o

    Battlefield V:

    • 2 Players can't play the game at the same time - at all! The 2nd player won't see the ping to the servers, nor can he connect to ANY server. If I disable the "Static Port NAT" rule, then both players can play the game, even on the same server. But friend invites still don't work! Also I can't constantly enable/disable the "Static Port NAT" rules depending on the game we play (remember, other games need the "Static Port NAT" rule). O.o

    Warframe:

    • Players can't play the game at the same time - at all! Both UPnP and the "Static Port NAT" rule are required for the game to function, so you can't turn off either. Only solution is to change the ports used by one client (luckily you can do this in the options menu of Warframe - then again, I don't have to do this on the Edge Router)

    As I said, with the Edge Router I do not have any of these issues!

    QUESTION:
    So, am I missing something or is it really impossible to get PfSense to work like the EdgeRouter, where I configure it once and then it "just works", no matter which game we play and how many clients are playing it?

    I mean, I really can't enable/disable the "Static Port NAT" rule all the time depending on which game we play.



  • It seems that all the issues boil down to how UPnP is implemented in PfSense - which simply does not provide the same functionally as UPnP provides in literally any other router.

    I now switched to Untangle - it does not suffer from any of these issues and provides a few nice additional features, which help to even prevent steam and bittorrent for preventing minor ping spikes that FQ_CoDel alone can't prevent due to the many sessions these open.



  • I agree, it would appear through my basic research (reading lots of forums) and my testing of various firewalls that implement UPnP using miniupnpd sufer this same problem.

    Taking the advice of @solidservo I tried the alternative that was suggested and both consoles connect to the games immediately. The same level of UPnP access controls are provided. It looks like there is some handshaking incompatibility between the consoles and the UPnP implementation when negotiating over a port conflict.

    I don't find the alternative firewall as user friendly but it solves a critical problem for our household.

    CV8R



  • @CV8R said in 2 clients cannot play the same game / play on the same server:

    I don't find the alternative firewall as user friendly but it solves a critical problem for our household.

    Depending on what your needs are, you could also use OpenWRT which is available for x86 too.
    In addition to FQ_CoDel it also supports CAKE (The SQM plugin can be downloaded inside of OpenWRT).

    https://openwrt.org/docs/guide-user/installation/openwrt_x86
    https://downloads.openwrt.org/releases/18.06.2/targets/x86/



  • Hello,

    I had the same issue with many games (Warframe, Red Dead Online, Destiny 2) on Xbox.

    The tips is check Static Port for the 1 console (Menu NAT Outbound) and don't check Static Port for the second.
    The second Xbox will appear with NAT Strict but you can invite and play together in Warframe for example.

    Now it's OK for me in all game.

    I will do a complete tuto for multiple Xbox One.



  • @thunderman

    Hmm that does seem like a good workaround. Thanks for the idea.




Log in to reply