• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Nintendo Switch connection issue Error code

Scheduled Pinned Locked Moved Gaming
nintendoupnpstatic mappingaclnat
55 Posts 5 Posters 11.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    michmoor LAYER 8 Rebel Alliance @mcury
    last edited by Oct 9, 2023, 4:21 PM

    @mcury @JonathanLee I think the questions are for you.

    Firewall: NetGate,Palo Alto-VM,Juniper SRX
    Routing: Juniper, Arista, Cisco
    Switching: Juniper, Arista, Cisco
    Wireless: Unifi, Aruba IAP
    JNCIP,CCNP Enterprise

    1 Reply Last reply Reply Quote 0
    • J
      JonathanLee
      last edited by Oct 9, 2023, 4:45 PM

      I have NAT B with these settings.

      I use DNS Unbound forwarder

      Screenshot 2023-10-09 at 9.33.37 AM.png
      (UPnP)
      Screenshot 2023-10-09 at 9.34.23 AM.png
      (STATIC PORT)

      My son can play many online games except Disney Speedster

      This is the weird result of the test

      Screenshot 2023-10-09 at 9.39.46 AM.jpg
      (NAT B)

      Screenshot 2023-10-09 at 9.39.29 AM.jpg
      (FAILS ON UPLOAD SPEED)

      Lots of games are playable

      Does use of google stun.l.google.com require a port forward configured from 3478 to 19302? Or if that is configured inside of UPnP is it already set up to do that?

      Screenshot 2023-10-09 at 9.43.50 AM.png

      Screenshot 2023-10-09 at 9.44.28 AM.png

      Make sure to upvote

      1 Reply Last reply Reply Quote 1
      • J
        JonathanLee
        last edited by JonathanLee Oct 9, 2023, 5:00 PM Oct 9, 2023, 4:47 PM

        @mcury @michmoor UPnP only works for my XBOX shows NAT open on it

        Screenshot 2023-10-09 at 9.46.54 AM.png
        (UPnP RUNNING Xbox shows open nat)

        Screenshot 2023-10-09 at 9.48.09 AM.png
        (ACL)
        Screenshot 2023-10-09 at 9.48.15 AM.png
        (ACL)

        I do have a proxy the only way the xbox works using both transparent + custom

        Does Squid need ACLs? If it does why does xbox still run with out it?
        Screenshot 2023-10-09 at 9.59.38 AM.jpg
        (XBOX NAT OPEN)

        Screenshot 2023-10-09 at 9.50.02 AM.png
        (SQUID ACLs)

        Screenshot 2023-10-09 at 9.53.06 AM.png
        (FIREWALL NAT)

        Make sure to upvote

        M 1 Reply Last reply Oct 9, 2023, 5:00 PM Reply Quote 1
        • M
          mcury @JonathanLee
          last edited by Oct 9, 2023, 5:00 PM

          @JonathanLee said in Nintendo Switch connection issue Error code:

          Does Squid need ACLs? If it does why does xbox still run with out it?

          If squid is showing connection attempts in port 80 or 443 for the Nintendo Switch, you should bypass it from the transparent proxy setting in Squid.

          By the way, I would create an IOT network and put these things there.
          Disable Squid and Snort in this network, allow everything but not to the internal networks, enable uPnP or enable portforward, latter is preferred.

          Note that Snort will listen in the parent interface, so this IOT network should be a separate network and not a VLAN, this will help to avoid the waste of CPU cycles in Snort/pfSense.

          dead on arrival, nowhere to be found.

          J 1 Reply Last reply Oct 9, 2023, 5:01 PM Reply Quote 2
          • J
            JonathanLee @mcury
            last edited by Oct 9, 2023, 5:01 PM

            @mcury The switch allows Proxy use, it has options for it where as the Xbox does not. That is what's weird I have no issues with anything in Games except the new Disney racing game. Nintendo does allow you to use a proxy in the LAN settings.

            Make sure to upvote

            M 1 Reply Last reply Oct 9, 2023, 5:03 PM Reply Quote 1
            • M
              mcury @JonathanLee
              last edited by Oct 9, 2023, 5:03 PM

              @JonathanLee I see, but is there a reason to use proxy in the nintendo switch ?
              I don't have one here so I really can't say, perhaps it has a browser that kids could use that you don't want them to use ?

              dead on arrival, nowhere to be found.

              J 1 Reply Last reply Oct 9, 2023, 5:09 PM Reply Quote 1
              • J
                JonathanLee @mcury
                last edited by Oct 9, 2023, 5:09 PM

                @mcury Yes I protect the web browser from specific sites. Child Safe system.

                Screenshot 2023-10-09 at 10.06.40 AM.jpg

                (It works great with many games like this)
                (F-ZERO X Online 99 players Racing game)
                Screenshot 2023-10-09 at 10.07.56 AM.jpg
                (Proxy use is approved of for Nintendo Switch)

                Nintendo Does not block proxy use, they approve of it. But this connection test may check for a proxy right? That is why it has NAT B over NAT A but it should still do a upload test ok right?

                Make sure to upvote

                M 1 Reply Last reply Oct 9, 2023, 5:13 PM Reply Quote 1
                • M
                  mcury @JonathanLee
                  last edited by Oct 9, 2023, 5:13 PM

                  @JonathanLee When you get the error code: 2160-8055 (upload test fails), what shows up in Squid ?

                  Since you are using transparent proxy, you won't be able to bypass that specific domain, but you can check their network IP range in https://whois.domaintools.com/.

                  After getting their network range, can you try to bypass that network in Squid settings and test again ?

                  dead on arrival, nowhere to be found.

                  J 1 Reply Last reply Oct 9, 2023, 5:17 PM Reply Quote 0
                  • J
                    JonathanLee @mcury
                    last edited by JonathanLee Oct 9, 2023, 5:20 PM Oct 9, 2023, 5:17 PM

                    @mcury a simple connection test thats shows good https response

                    Screenshot 2023-10-09 at 10.16.48 AM.png

                    ctest-ul-lp1.cdn.nintendo.net//upload
                    ctest-dl-lp1.cdn.nintendo.net//download

                    both show ok in proxy too

                    Maybe . . .

                    Screenshot 2023-10-09 at 10.13.08 AM.png stun port forward???

                    Make sure to upvote

                    M 1 Reply Last reply Oct 9, 2023, 5:20 PM Reply Quote 0
                    • M
                      mcury @JonathanLee
                      last edited by Oct 9, 2023, 5:20 PM

                      @JonathanLee I can see that Squid is intercepting SSL connections.
                      Can you do a quick test ? Disable SSL interception for one second, test again and confirm the results..

                      Then enable it again.

                      If the test passes, you would need to bypass that network completely from Squid.

                      I mean, better to bypass the entire network than a single IP address because they usually change.

                      dead on arrival, nowhere to be found.

                      J 1 Reply Last reply Oct 9, 2023, 5:21 PM Reply Quote 0
                      • J
                        JonathanLee @mcury
                        last edited by JonathanLee Oct 9, 2023, 5:22 PM Oct 9, 2023, 5:21 PM

                        @mcury it is splice always for Nintendo already so it is transparent for this device

                        Screenshot 2023-10-09 at 10.20.59 AM.png

                        Make sure to upvote

                        M M 2 Replies Last reply Oct 9, 2023, 5:23 PM Reply Quote 0
                        • M
                          michmoor LAYER 8 Rebel Alliance @JonathanLee
                          last edited by Oct 9, 2023, 5:23 PM

                          @JonathanLee Its sitll passing through the proxy.
                          Can you set this up so it doesnt use the proxy at all. Have it hit a firewall rule instead.?

                          Firewall: NetGate,Palo Alto-VM,Juniper SRX
                          Routing: Juniper, Arista, Cisco
                          Switching: Juniper, Arista, Cisco
                          Wireless: Unifi, Aruba IAP
                          JNCIP,CCNP Enterprise

                          J 1 Reply Last reply Oct 9, 2023, 5:24 PM Reply Quote 0
                          • J
                            JonathanLee @michmoor
                            last edited by JonathanLee Oct 9, 2023, 5:24 PM Oct 9, 2023, 5:24 PM

                            @michmoor That would defeat the URL blocker/child safe features without the proxy. It has a web browser on it.

                            Make sure to upvote

                            1 Reply Last reply Reply Quote 0
                            • M
                              mcury @JonathanLee
                              last edited by mcury Oct 9, 2023, 5:26 PM Oct 9, 2023, 5:24 PM

                              @JonathanLee Splice all still messes up with the headers and break SSL chain since the proxy is now doing the request for the website and thus it is not a SSL connection between Nintendo Switch and nintendo.net anymore.

                              The problem I'm seeing here is that nintendo.net is using akamai.. so a bypass won't help in this situation because you won't want to bypass akamai..

                              dead on arrival, nowhere to be found.

                              J M 2 Replies Last reply Oct 9, 2023, 5:26 PM Reply Quote 0
                              • J
                                JonathanLee @mcury
                                last edited by Oct 9, 2023, 5:26 PM

                                @mcury Dang it. I guess it has to stay broken. The SSL stops at the modem in our LAN. O well.

                                Make sure to upvote

                                M 1 Reply Last reply Oct 9, 2023, 5:28 PM Reply Quote 0
                                • M
                                  mcury @JonathanLee
                                  last edited by Oct 9, 2023, 5:28 PM

                                  @JonathanLee said in Nintendo Switch connection issue Error code:

                                  Dang it. I guess it has to stay broken. The SSL stops at the modem in our LAN. O well.

                                  Is it possible to set the proxy only in the Nintendo Switch browser and not in the OS ?
                                  If it isn't, perhaps you could set a password in the browser to block the use of it ?

                                  dead on arrival, nowhere to be found.

                                  J 1 Reply Last reply Oct 9, 2023, 5:56 PM Reply Quote 1
                                  • J
                                    JonathanLee @mcury
                                    last edited by JonathanLee Oct 9, 2023, 5:58 PM Oct 9, 2023, 5:56 PM

                                    @mcury @michmoor

                                    Thanks for working with me on this.

                                    The Nintendo switch does work for all NAT B games and for his online account. Disney Speed racing game must require NAT A to work is all I think. So he has a lot of options to have fun with still that let the URL blocker work correctly.

                                    I flat out love Nintendo's version of LAN options over XBOX's. Nintendo just lets you input a proxy. XBOX wont do it, it was such a pain to set up the XBOX, it needed WPAD and after that it needed special DHCP options to tell the XBOX where to go, and special spice options just to have the Child Safe URL blocker work. It was really illusive over Nintendo's simple plug the proxy in and go option. Don't get me wrong XBOX has it's items I like too.

                                    STUN is new to me I have never played with that until today. I wonder if it will improve anything here or not?

                                    Make sure to upvote

                                    M 1 Reply Last reply Oct 9, 2023, 6:01 PM Reply Quote 0
                                    • M
                                      mcury @JonathanLee
                                      last edited by Oct 9, 2023, 6:01 PM

                                      @JonathanLee said in Nintendo Switch connection issue Error code:

                                      STUN is new to me I have never played with that until today. I wonder if it will improve anything here or not?

                                      STUN is used to tell a server which IP/UDP port to use in the communication.
                                      Sometimes it is just the voice communication in the game that doesn't work properly.
                                      Sometimes is just you won't be able to host a game, but only connect to existing games in the server, things like that.

                                      dead on arrival, nowhere to be found.

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        michmoor LAYER 8 Rebel Alliance @mcury
                                        last edited by Oct 9, 2023, 7:01 PM

                                        @mcury said in Nintendo Switch connection issue Error code:

                                        The problem I'm seeing here is that nintendo.net is using akamai..

                                        That right there is going to break Squid in Transparent mode
                                        @JonathanLee As you are already aware there is an issue with Squid and quickly rotating IPs to Domain Names. So the suggestion to bypass the proxy all together should be considered.

                                        Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                        Routing: Juniper, Arista, Cisco
                                        Switching: Juniper, Arista, Cisco
                                        Wireless: Unifi, Aruba IAP
                                        JNCIP,CCNP Enterprise

                                        J 1 Reply Last reply Oct 9, 2023, 10:25 PM Reply Quote 0
                                        • J
                                          JonathanLee @michmoor
                                          last edited by JonathanLee Oct 10, 2023, 1:57 AM Oct 9, 2023, 10:25 PM

                                          @michmoor That might be resolved once PfSense adds unbound support for DoH. Unbound already supports it, just pfSense does not have the GUI options for it yet.

                                          I don't have the issues you have, again I only use A DNS records because my ISP does not allow IPv6. The Nintendo works mostly for everything I need.

                                          Make sure to upvote

                                          1 Reply Last reply Reply Quote 0
                                          18 out of 55
                                          • First post
                                            18/55
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received