Strict Nat

[SunBlade_ger]

On 2013-03-14 at 3:52 PM, [DE]Glen said:

In those reply packets the server tells the game what *external* ports were used (ie: what your router mapped the outgoing data to be from).

We can't assume we can send to 3962 on your router (because it might have mapped your data out some other port if 3962 was already used) so we look at where the packet came from and use that for the reply-to-address.

If the test packets went *out* different ports it's called Strict NAT because it means each remote peer must reply to a different address.

The problem is that if server A thinks it has to talk to you your router on port 1234 to reach you and server B thinks it has to use port 5678 we have no idea what to tell another player to use when they need to send you packets.

what the hek are you talking about???
the entire purpose of NAT is to rewire outgoing connections to arbitrary ports in order to map replies to the right local host. you can not use that port to establish incoming connections.
and the entire purpose of port forwarding is to accept incoming connections for a local host, where only the local host / admin knows that port number, and that port number can not be inferred by outgoing connections.

 

On 2013-03-24 at 10:43 AM, polarity said:

In addition to that, you're telling people to forward ports, but have failed to mention anything about DHCP / 'Obtain an IP address automatically'. Port forwarding is going to fail unless the IP address that it is to is static. If the router assigns the player's PC a different IP address next time they turn on their computer, then they're going to have the same problem all over again, unless they change the port forwarding to the new IP.

fortunately most consumer grade routers identify LAN hosts by their MAC, and some don't even allow you to directly specify an ip address.

 

On 2013-04-17 at 4:05 PM, [DE]Steve said:

The truth is, we don't have a publisher, so we have p2p as the only financially feasible way for us to launch this game and launch it globally. So far our stats say its ~7% on strict NAT and I agree with those posting here... that number is too damn high!

I am not making excuses, but certainly we are not alone in having complexity to resolve these issues: https://support.leagueoflegends.com/entries/20133372-Port-Forwarding

yes i agree 7% is way to high, because it should be 0 cases, because what you depict as "Strict-NAT" is bugged networking code.
and no, LoL has not the same problems as you guys, they have too many servers where replication and configuration becomes increasingly difficult.
WF is the only big game which uses p2p. everyone else either hosts their own servers and gives their players just a client (LoL, StarCraft), or they host relay servers to keep track of the state of the game server and connect clients (ME3).
sometimes, game devs build dedicated servers, we can host on our linux boxes. but that only works for games which do not have ingame shops (Factorio).
multiplayer based indie games commonly use a lobby system, where one player hosts a game and other can connect to.
oh, and by the way: Warframe uses a Lobby system, not p2p. p2p would eliminate host migrations, because everyone would be server and client at the same time. but host migrations are proof that WF is not p2p.
 

On 2014-06-14 at 9:38 PM, xethier said:

might be time to think about a newer/better router.

no, since their inception all internet access routers can NAT and port forward. the only legitimate reason to buy a new router is when your model has critical security flaws, which can not be fixed, or you get an ISP upgrade and your router is too slow to utilize the full capabilities of your internet access.

 

On 2015-03-19 at 2:06 PM, Juniperus said:

 

I don't really know what to do more T^T

after two years this is still a thing.
i am sorry mate, there is nothing you can do, except to wait for DE to fix their game client.

 

On 2016-10-03 at 3:44 PM, Seruai said:

How many years has it been, and all DE has done is make fixes to make suffering host migration not as bad? Why not just..oh, i dunno...FIX THE ACTUAL PROBLEM? Seriously. Sitting here in 2016, no strict nat, ports open, allowed through firewall, and yet I still can't connect to other players, but I can host fine, which would be fine if I ever got host. I've sent in a ticket. No help. Had a guide try to help, all 3 days of endless ideas didn't help. He said he'd contact some of the team, but they're conviently "out of office." This "issue" is really just...ruining the experience. 

Just.....get some dedicated game servers, DE. Really.

Sincerely, a dissapointed tenno. 

there is no way they can host their own game servers. their network code is a convoluted mess, which uses up an ungodly amount of network bandwidth.
at the moment we can only hope WF becomes someday a true p2p game where host migrations are eliminated.

 

seriously DE? after seven years you still struggle to understand ip basics? i shudder at the thought what will happen to WF, when IPv4 gets laid off and IPv6 becomes the standard.
if your bases already need some serious fixing, i wonder what else is broken.

[SunBlade_ger]

i have shown this thread to an actual Network Technician.
that took a while but once he stopped laughing, he explained to me that:
- "Strict-NAT" is a bogus term he never heard about.
- DEs explanations have enough truth in them to make 'em seem legitimate, but ultimately "that is not how NAT works".
- being able to connect to each other can be attributed to crappy and insecure routers, and "pure luck".

after a quick google search showing DE is not the only one suffering from this strict nat problem, he concludes: that there is someone selling non-functional networking code to game developers.

my advice for DE: check your contracts to see if you can prosecute that scammer. and fix that code asap.

Edited May 18, 2020 by SunBlade_ger

[Krilexis]

Just found out why I got this popup about strict NAT sometimes : https://www.computerhope.com/issues/ch001367.htm 

I accidentally put my wifi network on a public type a while ago and just turned it back to private. This solved my problem and mission loading etc is very fast now.

[AlfaSebas210]

No me llega el código de verificación a mi mail al querer iniciar en epic games

[DragoonStorm1]

What does one do if they have Double NAT?
I have fought with my ISP for months, and it's to no avail.

And it also looks like practically every other ISP in my city are using CGNATs because they're short of IPv4 addresses in my country (India)
And don't want to move over to IPv6. So they NAT one public IP among multiple homes, and then within those homes, wifi routers Double NAT those private IPs further into more private IPs.

This makes my entire game experience awful. Most trading and squad-joining is an absolute pain. When I host, I can only imagine the pain it is for others.

I fail to connect to public squads, half the time.

I 100% fail to connect/host for my friends in the same city, on the same ISP, since after all...they're behind ANOTHER Double NAT. 

I hope there is a solution, but all my googling and haggling with my ISP has led me nowhere...

[UmbraAtrox]

My situation is as follows:

I use pfsense as a firewall which is connected to my vpn provider, all traffic goes through vpn, no exceptions. 
I have requested 2 ports from my vpn provider, those ports are not 4950 and 4955 since i can only request random ports.
i created two rules each from 495x to random port. 
basically i did this https://forums.warframe.com/topic/1195761-bug-matchmaking-nat-and-general-networking-bug-with-a-possible-workaround/?do=findComment&comment=11608874
additionally my pc has kaspersky installed which brings its own software firewall. There i have allowed 4950 and 4955

If i now use iperf to listen to 4950 (or 4955, i tested both) and use https://canyouseeme.org/ (for that i had to temporarily allow TCP) it says 

Zitat

Success: I can see your service on publicVPNIP on port (Requested port)

 

Then i tested iperf (both UDP and TCP) from my phone (over mobile data, not wifi ofc) that works, so i'd guess those ports are open and my machine reachable, but warframe still says nat strict, anything i can do? 


Edit: 

i have set kaspersky fw to log everything that comes in through 4950 & 4955. When i connect to iperf (from phone and mobile data) i see the log entires. but starting warframe and going to cetus does not create any log entries. 

Also i don't really have noticeable issues. I just was host in an eidolon hunt, and except for the occasional "session unavaliable" and the "strict nat" message it just seems to work. 

 

Another edit: issues seem to get worse or i just start noticing them. 

Railjack kicks me on every mission transition, IF it even finds a squad, Random "session unavaliable" in PoE, Fortuna and Railjack, but less frequent in CD (probably luck since it should be the same from a connection perspective?). 
SteamStats says there are 47k players online. so why is my railjack empty?
 

 

What i don't get is: Game says ports are closed, but still sometimes people join. How?

 

Edited May 23, 2021 by UmbraAtrox

[InvictoNZ]

I've had this strict nat issue for a month or two.

Today while trying to do something else, I noticed "Xbox networking" in Windows 10 settings.

After a few seconds, it detects the network status and nat type. I used the "fix it" button, and that seems to have fixed my Warframe strict nat issue.

Windwos key -> Settings -> Gaming -> Xbox Networking

 

[crimsonspartan1]

I just had the "Strict Nat" pop-up last night when I logged in, but this morning it didn't pop up again (unless it intends to do so later), so should I assume that was a random occurrence or would something possibly be up? 

My brother also plays warframe on his pc, since the first cross-save came along so I don't know if that possibly has something to do with it, but if so then i'm surprised the Strict Nat thing didn't pop up sooner?

[UmbraAtrox]

10 hours ago, crimsonspartan1 said:

My brother also plays warframe on his pc, since the first cross-save came along so I don't know if that possibly has something to do with it, but if so then i'm surprised the Strict Nat thing didn't pop up sooner?

Haven't played for a while, but i had email notifications for this thread for some reason, so here I am.

Warframe defaults to one of 4 ports as far as i remember, it should switch to a to a unused one automatically but i'd guess when it fails you get the message. 
If before you had never any nat message, not in warframe not in any other p2p game, it means you probably have normal internet instead of a cg-nat monstrosity. in that case on both pc and console you go into settings and change the port on pc so both have a unique one. That should solve your issue. 
If you had to do port forwarding to get rid of the message initially you'll have to setup another forward to the pc with the port you selected.

 

[Nekomian]

This thread is VERY old and has too many pages to read through, but I'll try to provide some clarifications.

On 2020-05-18 at 7:05 AM, SunBlade_ger said:

- "Strict-NAT" is a bogus term he never heard about.

It's not a term used by industry professionals, but is a colloquialism by game system developers - by itself it does not really indicate what actual type of NAT is implemented at the routing level. Xbox / Microsoft commonly use the terms "open / moderate / strict" NAT, while PSN tends to use "Type 1 - 3" and Nintendo uses "A - F" to delineate certain network issues. Given the target audience of DE is gamers using these platforms / consoles, it makes sense that they would use the term even if it's not particularly accurate or helpful (given a firewall block that has nothing to do with NAT whatsoever could also cause this message to appear).

On 2020-05-18 at 7:05 AM, SunBlade_ger said:

after a quick google search showing DE is not the only one suffering from this strict nat problem, he concludes: that there is someone selling non-functional networking code to game developers.

I think it's less of this and more of the fact that there are so many different network topologies and translations that need to be accounted for, and that continue to be developed and change. Some manufacturers poorly implement UPnP into their devices or their networks (either local routing or from ISP) have very limiting NAT types or firewalls. This article goes into a lot more detail and I would highly recommend it, but endpoint-dependent NAT mapping (as well as situations of double-NAT) tends to cause the most issues with P2P connections over any non-standard ports.

https://tailscale.com/blog/how-nat-traversal-works

To DE - I'm unsure what methods you're currently implementing other than UPnP / NAT-PMP (unsure if this is v2 / PCP or not) and using some relays for situations where devices cannot connect well. You do have some matchmaking service / server which should be able to facilitate UDP hole-punching / punch-through, but of course more strict firewalls may not like that and may block outgoing or incoming connections on certain ports regardless. Even IPv6 has its own complications with this, going from translations back and forth to v4, so I can understand why that hasn't been implemented yet either (even if ideally all clients on IPv6 would help a lot).

All in all, nothing about this situation is simple, but I do think there's more room for improvement - unless the player is on an extremely restrictive firewall, even the most uncooperative of NAT methods has some sort of solution for it. Giving the player a bit more guidance on this may also help - port forwarding / mapping does not always solve connection issues (and may be very difficult on some equipment), so the message given in-game is a bit confusing in that regard. Some methods simply need to be implemented on the game client itself and tried via sending packets at runtime, which is out of the player's control.

[Gohio]

Does the game support matchmaking over IPv6?
My ISP is behind a CGNAT so I switched to IPv6 but even after fully disabling ONT + Router + Windows firewall I'm getting the following error in the game.
https://imgur.com/GNbS0m4

I now have to choose between playing solo and playing with high ping.

[Nekomian]

51 minutes ago, Gohio said:

Does the game support matchmaking over IPv6?
My ISP is behind a CGNAT so I switched to IPv6 but even after fully disabling ONT + Router + Windows firewall I'm getting the following error in the game.

AFAIK it does not, since many ISPs may not support IPv6 or assign available addresses to users. You may be able to set an endpoint outside of CGNAT with a VPN, if you wanted to try that - I usually recommend cloudflare WARP since it uses the closest available server in your region.

[Gohio]

1 hour ago, Nekomian said:

AFAIK it does not, since many ISPs may not support IPv6 or assign available addresses to users. You may be able to set an endpoint outside of CGNAT with a VPN, if you wanted to try that - I usually recommend cloudflare WARP since it uses the closest available server in your region.

I get "Strict NAT detected. UPnP malfunctioning. Please forward UDP ports..." even with cloudflare warp. :(

[UmbraAtrox]

5 hours ago, Gohio said:

I get "Strict NAT detected. UPnP malfunctioning. Please forward UDP ports..." even with cloudflare warp. :(

Did you manually forward the ports to your machine as the error says?

No VPN-provider will help because you can't port forward, even those that let you it's usually a random port but Warframe needs specific public ports, I tried forwarding those random ports to 4950 & 4955 but warframe didn't use them. If you can't portforward on your regular connection you can rent a vps and ip, setup a vpn server, and portforward that to your machine, but keep in mind you'll probably pay for traffic so no youtube while playing. 

Other than that there is no way around it unless DE buys some servers for normal multiplayer which they won't do, you see how much they care about their thread and enough payers don't seem to care they are being used as infrastructure. Anyway, to check whether your port is open you can let iperf listen on that port and if you can connect from the outside, eg. mobile app not in your wifi, it's open. You'll have to specify udp iirc iperf defaults to tcp. 

[Gohio]

14 hours ago, UmbraAtrox said:

Did you manually forward the ports to your machine as the error says?

No VPN-provider will help because you can't port forward, even those that let you it's usually a random port but Warframe needs specific public ports, I tried forwarding those random ports to 4950 & 4955 but warframe didn't use them. If you can't portforward on your regular connection you can rent a vps and ip, setup a vpn server, and portforward that to your machine, but keep in mind you'll probably pay for traffic so no youtube while playing. 

Other than that there is no way around it unless DE buys some servers for normal multiplayer which they won't do, you see how much they care about their thread and enough payers don't seem to care they are being used as infrastructure. Anyway, to check whether your port is open you can let iperf listen on that port and if you can connect from the outside, eg. mobile app not in your wifi, it's open. You'll have to specify udp iirc iperf defaults to tcp. 

I forwarded them on my Router. But I believe my ISP is blocking port forwarding by default. Time to pick a fight with them> 🤦‍♂️