Starcraft over Wireguard ... :sideeye:

Henning Reich henning.reich at gmail.com
Mon Feb 12 10:07:11 CET 2018 

Hi,
I don't understand what you really want. You say someting about other
computers. Who are these other people/copmuters and there they are? Inside
your (or your childs) network or unknown public internet users?
Did you try to set up a game through battle.net or a "local" game? In
addition, your configuration looks like you mixed up with your subnets. On
your childs side, you configure your interface as part of an /24 subnet,
but on your side, its just a /32 "range".
It may work anyway, bit I think its still confusing.

So I think, a good start would be to clean up your wg-config. I like to use
a seperate "subnet" for vpn traffic. So there is no ProxyArp needed,
because the VPN-Server works as a Gateway for his own subnet. Disadvantag
is that you can't use (without some more work) broadcast features. Mostly
use for some autodetections and so on.
Maybe this will help a bit.

On his computer:  (LAN IP 192.168.1.x)

[Interface]
PrivateKey = {blah}=
ListenPort = 12457
Address = 192.168.123.3/24 <http://192.168.88.3/24>

[Peer]
PublicKey = {blah2}=
Endpoint = {my home}:12457
AllowedIPs = 192.168.123.0/24 <http://192.168.88.3/24>, 192.168.88.0/24


On my computer:  (LAN IP 192.168.88.x)

[Interface]
PrivateKey = {blah3}=
ListenPort = 12457
Address = 192.168.123.2/ <http://192.168.88.2/32>24

[Peer]
PublicKey = {blah4}=
AllowedIPs = 192.168.123.0/24 <http://192.168.88.3/24>, 192.168.1.0/24

With this configuration, you should create (and play) games using the
dedicated vpn IPs (192.168.123.2 or 3 ) or maybe (not tested) your orignal
local IPs (192.168.88.xxx or 192.168.1.xxx).


An complete other soloution could be using a layer2 vpn. I like
SoftEtherVPN.
You could install it, bind the vpn to a tap-device (within the SoftEther
configuration) and than bind the tap-device (with linux tools like brctl,
systemd-networkd config) to your physical interface.
If anybody connect to this vpn, it's just like an additional wire to your
network. So all works, inlcuding DHCP in the same subnet and so on.
The strange double-bridge is not needed, if your SC-Host and VPN-Host are
NOT the same device. Because if you bridge the VPN directly to the physical
interface (without the help of an additional tap-device) the VPN Client
can't reach the vpn-server itself.

Or maybe without any VPN? Just Portforwarding and a (dynamic) DNS entry?
You could get free ones here: https://freedns.afraid.org/




2018-02-12 8:23 GMT+01:00 Eric Light <eric at ericlight.com>:

> Hi, awesome WG mailinglist!
>
> My 18 year-old has recently moved out of home, and we're starting to yearn
> for one of our traditional Starcraft matches.  I thought I should be able
> to do this easily with Wireguard.
>
> The idea, generally, is that one of us would start up a game, and
> Wireguard - with a side serving of ProxyARP and IP forwarding - would help
> make all the other computers see that game.  (or, at very worst, allow me
> to run a game that could be seen by his computer AND the other computers
> here).
>
> -=-=-=-=-=-=-=-=-=-=-=-=-
>
> On his computer:  (LAN IP 192.168.1.x)
>
> [Interface]
> PrivateKey = {blah}=
> ListenPort = 12457
> Address = 192.168.88.3/24
>
> [Peer]
> PublicKey = {blah2}=
> Endpoint = {my home}:12457
> AllowedIPs = 0.0.0.0/0
>
>
> On my computer:  (LAN IP 192.168.88.x)
>
> [Interface]
> PrivateKey = {blah3}=
> ListenPort = 12457
> Address = 192.168.88.2/32
>
> [Peer]
> PublicKey = {blah4}=
> AllowedIPs = 192.168.88.3/32
>
>
> -=-=-=-=-=-=-=-=-=-=-=-=-
>
> But it turns out not to be so easy.  Starcraft sets up games over UDP 5353
> and UDP 6112, and originally I thought it was a problem with forwarding UDP
> packets.  However, I can see packets coming over the tunnel from his
> computer, but the packets are being forwarded to an address I don't know:
>
> root at me:~# tcpdump -i home port 5353 or port 6112
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on home, link-type RAW (Raw IP), capture size 262144 bytes
> 20:02:35.744726 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
> 20:02:35.759142 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
> 20:02:35.759157 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
> 20:02:36.045323 IP 37.244.23.109.3478 > 192.168.88.3.6112: UDP, length 19
> 20:02:36.099993 IP 37.244.23.109.3478 > 192.168.88.3.6112: UDP, length 19
> 20:02:36.100005 IP 37.244.23.109.3478 > 192.168.88.3.6112: UDP, length 19
> 20:03:05.964077 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
> 20:03:05.964118 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
> 20:03:05.987761 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
>
>
> Any ideas where I can start looking?  I get similar behaviour whether I
> host the game on my computer or on his.
>
> Thanks in advance for any help you guys can offer!
>
> E
>
> --------------------------------------------
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
>
>
>
> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180212/72273008/attachment-0001.html>

More information about the WireGuard mailing list