Nintendo Switch connection issue Error code
-
I am thinking it requires stun . . .
I am starting to see this inside of SNORT
-
@JonathanLee You sure?
I got a switch and i log ALL connectivity be it inbound or outbound and pulling up a report for my switch over the last 7 days i dont see STUN.
Lots of 443 and 53
-
@michmoor perhaps you are using portfoward and disabled uPnP in the nintendo Switch ?
What I found problematic is the range ports that Switch needs.. UDP from 1024 to 65535 ??
-
@mcury no port forward here although i do not have UPnP turned on for that vlan.
But i do have a permit any/any for outbound internet access so i wouldve seen the attempt. -
@michmoor said in Nintendo Switch connection issue Error code:
no port forward here although i do not have UPnP turned on for that vlan.
But i do have a permit any/any for outbound internet access so i wouldve seen the attempt.NAT shows open for you with those settings ? I don't think it will and perhaps voice in game for some games wouldn't work..
And what about static outbound NAT, is that enabled for the Switch IP address ?
-
@mcury @JonathanLee I think the questions are for you.
-
I have NAT B with these settings.
I use DNS Unbound forwarder
(UPnP)
(STATIC PORT)My son can play many online games except Disney Speedster
This is the weird result of the test
(NAT B)
(FAILS ON UPLOAD SPEED)Lots of games are playable
Does use of google stun.l.google.com require a port forward configured from 3478 to 19302? Or if that is configured inside of UPnP is it already set up to do that?
-
@mcury @michmoor UPnP only works for my XBOX shows NAT open on it
(UPnP RUNNING Xbox shows open nat)
(ACL)
(ACL)I do have a proxy the only way the xbox works using both transparent + custom
Does Squid need ACLs? If it does why does xbox still run with out it?
(XBOX NAT OPEN)
(SQUID ACLs)
(FIREWALL NAT) -
@JonathanLee said in Nintendo Switch connection issue Error code:
Does Squid need ACLs? If it does why does xbox still run with out it?
If squid is showing connection attempts in port 80 or 443 for the Nintendo Switch, you should bypass it from the transparent proxy setting in Squid.
By the way, I would create an IOT network and put these things there.
Disable Squid and Snort in this network, allow everything but not to the internal networks, enable uPnP or enable portforward, latter is preferred.Note that Snort will listen in the parent interface, so this IOT network should be a separate network and not a VLAN, this will help to avoid the waste of CPU cycles in Snort/pfSense.
-
@mcury The switch allows Proxy use, it has options for it where as the Xbox does not. That is what's weird I have no issues with anything in Games except the new Disney racing game. Nintendo does allow you to use a proxy in the LAN settings.
-
@JonathanLee I see, but is there a reason to use proxy in the nintendo switch ?
I don't have one here so I really can't say, perhaps it has a browser that kids could use that you don't want them to use ? -
@mcury Yes I protect the web browser from specific sites. Child Safe system.
(It works great with many games like this)
(F-ZERO X Online 99 players Racing game)
(Proxy use is approved of for Nintendo Switch)Nintendo Does not block proxy use, they approve of it. But this connection test may check for a proxy right? That is why it has NAT B over NAT A but it should still do a upload test ok right?
-
@JonathanLee When you get the error code: 2160-8055 (upload test fails), what shows up in Squid ?
Since you are using transparent proxy, you won't be able to bypass that specific domain, but you can check their network IP range in https://whois.domaintools.com/.
After getting their network range, can you try to bypass that network in Squid settings and test again ?
-
@mcury a simple connection test thats shows good https response
ctest-ul-lp1.cdn.nintendo.net//upload
ctest-dl-lp1.cdn.nintendo.net//downloadboth show ok in proxy too
Maybe . . .
stun port forward??? -
@JonathanLee I can see that Squid is intercepting SSL connections.
Can you do a quick test ? Disable SSL interception for one second, test again and confirm the results..Then enable it again.
If the test passes, you would need to bypass that network completely from Squid.
I mean, better to bypass the entire network than a single IP address because they usually change.
-
@mcury it is splice always for Nintendo already so it is transparent for this device
-
@JonathanLee Its sitll passing through the proxy.
Can you set this up so it doesnt use the proxy at all. Have it hit a firewall rule instead.? -
@michmoor That would defeat the URL blocker/child safe features without the proxy. It has a web browser on it.
-
@JonathanLee Splice all still messes up with the headers and break SSL chain since the proxy is now doing the request for the website and thus it is not a SSL connection between Nintendo Switch and nintendo.net anymore.
The problem I'm seeing here is that nintendo.net is using akamai.. so a bypass won't help in this situation because you won't want to bypass akamai..
-
@mcury Dang it. I guess it has to stay broken. The SSL stops at the modem in our LAN. O well.
