My coworker's kid uses zerotier to maintain a private gaming network with static IPs for all their friends. Does your system have anything similar or is it just out in the open? Taking a cursory glance at your page it's hard to tell exactly what is being done. Looks cool though.
Just fyi, I've found Tailscale to be excellent for this purpose. I just created a new google account, for sharing with friends and family to log in to tailscale, and it's completely free. A relay on my Raspberry pi allow me to expose select devices to those connected to my tailscale.
This system is a little simpler, it creates a public endpoint that will tunnel traffic to the game server over the playit program. So when the program and game server are running, anyone can connect to the server through the public address.
It has the advantage that only the server needs to run a program. It also does a few tricks like mapping each client's public IP to a LAN IP like 127.5.21.3 so ip banning / whitelisting still works in game.
Looks like this uses https://github.com/cloudflare/boringtun, a userspace implementation of Wireguard written in Rust, and (I'm guessing) user IP:port is sent to third party at api.playit.gg.
Version 3 did, however I was needing to manage the TCP IP stack in application. I tried using and patching smoltcp, then made things more stable by linking to gvisor (a go project) but users were still having performance issues. Ended up launching v4 which uses the http2 protocol under the hood.
The users we have vary quite drastically in terms of their network access and computer hardware.
Looks convenient. I assume multiple servers share the same IP(s) on different non-default ports? I don’t see any info on how this works on the site.
I can’t imagine providing a free unique static IPv4 for 4000+ active servers would be a sustainable business model. IPv6 of course would be fine, if residential ISPs ever leave the Stone Age. (Looking at you, Bell Canada)
Yes, I'm assigning a random port to each tunnel. I have been considering purchasing an IP space to offer a premium version but it's hard to make the numbers work at my current scale.
Minecraft is quite nice as it supports SRV records so the provided tunnel address doesn't need to show the port number. For other games you'll notice you have the non standard port.
i had a similar use case for sharing my plex media server. i am behind a cgnat so dont have a fixed IP address nor can I port-forward if I wanted to. the solution I came up with, involves zerotier and a cheap vps qith a static ip (required as I cant setup zerotier everywhere (apple tvs, chromecasts, iphones, etc.) the vps acts as a relay to the private zerotier network (single address only, the plex server) which allows anyone i have shared my plex server with to access without any setup.
I'd look at using an SSH reverse tunnel. If you can connect from the plex-server to a server hosted on EC2, Linode, DigitalOcean, etc, you could expose the service from that.
There's also good ol' (newish?) WireGuard on a relay VPS. But I understand how it'd be another extra step that could get in the way for someone unfamiliar with the tech.
For people who want to use WireGuard to receive a clean IPv4 and IPv6 public address (no blacklist and good reputation), you can check out https://hoppy.network
All ports are unblocked and you can choose plans with guaranteed speeds of 500Mbit. It’s great for people who self-host, and don’t want to manage a cloud VPS.
This seems to create long-running tunnel sessions, doesn't it? If so, that seems to me to potentially create load that's too great for the service to be free.
That is correct. It's been difficult, I've had to rebuild the entire system 4 times finding new optimizations here and there. I'm at break even cost wise from people purchasing custom domains for $1/month, or $6/year.
The latest version, v4 is performing really well and is helping me keep costs low while we're getting more users.
I thought that virtual hosts for TCP would be an interesting feature to have to support multiple services on a single port. I remember reading about this years back: http://www.litech.org/~brian/tcphosts/paper.html
A better solution would be to have each service on its own IP address and to do away with ports entirely. Ports are a hack to deal with limited IP addresses.
If you download and run the program it will launch the web browser to https://playit.gg/manage. On that page you should be able to add a Custom TCP tunnel. I don't quite follow the features you're looking for but I think the custom TCP tunnel should cover a good bit.
As for banning IPs, public IPs are mapped to local IPs (for example 127.3.5.6) so in game banning should work. I have thought about creating a premium tier that lets you add firewall rules to the edge (our tunnel servers) so the traffic you filter never gets tunneled to you.
It looks like there's a tunnel app... could I use it to tunnel other stuff if I got creative? I'm behind CGNAT with Starlink on one of my connections, and I wouldn't mind a freebie tunnel to, say, a webserver in there...
Yes, you're free to tunnel whatever you like with the custom TCP and UDP tunnels. We have users tunneling their SSH and FTP servers and all sorts of things. Though if the bandwidth starts disrupting game severs, I may need to reconsider :).
[+] [-] sockaddr|4 years ago|reply
[+] [-] sjnair96|4 years ago|reply
Easy, magical NAT traversal.
- https://tailscale.com/blog/how-nat-traversal-works/
Edit: Oh wow. I just ran into innernet. Looks like a self-hosted FOSS alternative to tailscale, and also cool blog
- https://blog.tonari.no/introducing-innernet
[+] [-] patricklorio|4 years ago|reply
It has the advantage that only the server needs to run a program. It also does a few tricks like mapping each client's public IP to a LAN IP like 127.5.21.3 so ip banning / whitelisting still works in game.
[+] [-] infogulch|4 years ago|reply
[+] [-] mStreamTeam|4 years ago|reply
Plus its open source
https://github.com/fatedier/frp
[+] [-] 1vuio0pswjnm7|4 years ago|reply
[+] [-] patricklorio|4 years ago|reply
The users we have vary quite drastically in terms of their network access and computer hardware.
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] jagger27|4 years ago|reply
I can’t imagine providing a free unique static IPv4 for 4000+ active servers would be a sustainable business model. IPv6 of course would be fine, if residential ISPs ever leave the Stone Age. (Looking at you, Bell Canada)
[+] [-] patricklorio|4 years ago|reply
Minecraft is quite nice as it supports SRV records so the provided tunnel address doesn't need to show the port number. For other games you'll notice you have the non standard port.
[+] [-] scktt|4 years ago|reply
a script to set it all up (debian 8): https://gist.github.com/scktt/b586dd4bf5a19be91a978c6b2abb59...
[+] [-] stevekemp|4 years ago|reply
Something like:
Now access to your remote host on port 8080 will be mapped back to your home machine, behind the NAT. You could install nginx as a proxy for it, etc.[+] [-] jjice|4 years ago|reply
[+] [-] rubatuga|4 years ago|reply
All ports are unblocked and you can choose plans with guaranteed speeds of 500Mbit. It’s great for people who self-host, and don’t want to manage a cloud VPS.
[+] [-] arthurcolle|4 years ago|reply
[+] [-] BossingAround|4 years ago|reply
[+] [-] patricklorio|4 years ago|reply
The latest version, v4 is performing really well and is helping me keep costs low while we're getting more users.
[+] [-] nickspacek|4 years ago|reply
[+] [-] foxpurple|4 years ago|reply
[+] [-] ev1|4 years ago|reply
- let me self host with binaries, public IP server on Linux, private IP server on Windows
- map IPs so that the gameserver running on Windows can issue IP bans
- I don't need hostname-picking or unique ports
[+] [-] patricklorio|4 years ago|reply
As for banning IPs, public IPs are mapped to local IPs (for example 127.3.5.6) so in game banning should work. I have thought about creating a premium tier that lets you add firewall rules to the edge (our tunnel servers) so the traffic you filter never gets tunneled to you.
[+] [-] Syonyk|4 years ago|reply
[+] [-] cs0|4 years ago|reply
[+] [-] patricklorio|4 years ago|reply
[+] [-] tengbretson|4 years ago|reply
[+] [-] jeffnv|4 years ago|reply