NAT Loopback for Opensim
-
Well, now I'm at a complete loss again. Just as I thought I was closing in, it works. I have no idea why. Why is this a problem? Because it works with VNC but not with opensim which is the original problem. So now that it's working and opensim isn't I don't know where to go next.
What I do know is that it's the router. Anyone else that has this problem solves it either by enabling loopback or buying a router that supports it. Like a D-Link gaming router. So I'm back at square one and don't know what to try next except give up on pfSense. It's too bad because I liked having a VPN option.
Maybe you have another thing for me to look at, I don't know. I'm still willing to try if you are.
-Mike
-
Best bet I can think of: the opensim server is not happy seeing the connection coming from the pfsense LAN IP. Question: is there a reason you have to use the WAN IP? Why can't you connect on the LAN IP? You could have a name opensim.yourdomain.com (or whatever) with your external DNS provider that points to the pfsense WAN IP, and a name opensim.yourdomain.com on the pfsense (under DNS forwarder, I believe). That way, your client can reference the name and it works wherever you are. This is called split DNS and is preferable to reflection.
-
I have tried to do what you're saying about a split DNS, but I'm not sure I have implemented it correctly.
I do have a dynDNS of sixteentrees.homeip.net that points to my WAN and I have the DNS forwarder enabled for sixteentrees.homeip.net -> 192.168.2.157 (opensim server).
My DHCP server sets 192.168.2.1 as the DNS server so my clients should start there. My general setup has the DNS servers of 208.67.222.222 & 208.67.222.220. I guess, from my understanding, if my client wants sixteentrees.homeip.net, the router should provide 192.168.2.157 as the IP instead of the WAN.
For shits & giggles, I've attached my current config file. This time I'll send the whole file instead of editing out what I thought was irrelevant. In the process of editing the file to hide names and pswds, I saw that the DNS forwarder was using my other dynDNS. I changed it, tried it, and it still didn't work. I may try restarting the router.
-
I tried the reboot and it didn't fix it. I forgot to answer you question about why I can't use the local IP of the server.
Best I can tell, I have no control over that. With the opensim simulator, I log into a grid that hosts users and their inventory. One can run a server and connect it to the grid for anyone to access that is on the grid. So when I connect to the grid and then teleport to my sim my client and the grid doesn't know that the server is mine and on the same side of the router as my client. I believe it is the client accessing the grid and the grid then accessing my server, but since both are behind the same router, the router is not handling it properly.
I don't fully understand this communication protocol, but only from what I've gotten from the opensim forums. They have a set of recommended routers that properly handle the loopback needed. They are listed on this page "http://opensimulator.org/wiki/NAT_Loopback_Routers" and they are "gaming" routers. I believe what they mean by "gaming" is that gamers have the exact situation I have with opensim. A user accesses a group server and may serve their own region as well to the group. Therefore, for them to access their own region, they need the same NAT loopback.
I hope I'm making some sense and not either or both confused or confusing due to my lack of a full understanding of what's really going on.
-
It sounds like a real mess (and a badly designed system, IMO, not your fault.) And another reason to get rid of NAT and to to IPv6. Yeah, I know some NAT implementations work, but… Sounds like you are screwed, since the client seems to get the IP from the server, ugh :(
-
Now that I think about it, if the server can hand out a name (as opposed to an IP), this can still be made to work - you do the split DNS approach I mentioned before.
-
Problem solved! I moved away from pfSense and got a linksys router running DD-WRT and it works wonderfully. Maybe someday this will work in pfSense since I like the sw so much better, but DD-WRT has VPN and NAT loopback operates great.
-Mike