Topic: Direct Connection Firewall Info and links

[vecctor]

I posted the text of this on the ea generals forum. Unfortunetaly the board botched the links. It probably doesn't matter since people there are really immature and no help anyway.

This is specifically about direct connection games behind firewalls, but I think the information I get from EA could be applicable to many situations. You will see from the full text of the letter (link below) that I mostly ask what exactly every setting in the options.ini does to the game and EXACTLY which ports are used for which connection types in what conditions.

The post starts out like this:

"There have been numerous posts about direct connect and internet games when using firewalls. I just sent a letter to ea tech support that has to do specifically with direct connect. It details a situation and provides most of the links I found about the subject on this and other boards. When I get a response I will post it so that everyone can share in the awnsers and figure this out."

Here is a really crappy html version of the post that has links that work:

http://www.severnweb.com/~flav/post.html

And the full text of the letter I sent to EA including a detailed account of the combination that I tried and which ones I have yet to try:

http://www.severnweb.com/~flav/fullpost.html

As soon as I get a response I will post it (or a link to it) and then we can all try to figure this out.

[gryphon]

Hey, welcome to the Gameheaven forums. . and ofcourse thanks for mentioning it. Hope EA will respond to it. ..

Just a few comments on the HTML file [ not critisism, just side notes ].
When a computer is in a DMZ all incomming traffic will [ should ] be forwarded to that computer. When you have a DMZ active and specific port forwarding rules the port forwarding rule will with most home routers still be in effect, and with some bad luck override the DMZ.
Although that depends on the router and software you are using.

As DMZ is origionally a term refering to a certain type, or part of a network. . there is no such rule that all incomming traffic will have to be forwarded to a DMZ. Usually resulting in a DMZ with publically known IP adresses just using port 25 80 110 443 and mayby 53 to resolve outbound and incomming traffic. That DMZ is routing internal traffic through it's connection, keeping the internall used IP's unknown for the outside world. But still not giving full access from the Net to the DMZ. It's sort of a layer of extra servers running between the true internal network and the internet. So the only IP's and servers known to the outside world will be those of the ones in the DMZ.

Home-use routers have a function called DMZ in them, routing all incomming traffic a a given IP. Although with some routers there are still forwarding rules. Or IPchains / IPtables for those of you known with Linux. These commands in the routers OS might even with the DMZ configurated and the firewall down still block certain traffic. Some ports or protocols just didn't get added with those forwarding rules. So using a DMZ will give you an indication of exactly what a router is and can be forwarding. Although it doesn't mean it is really forwarding all traffic and everything. Depending on the routers OS and it's preconfigured settings. Which unfortunately arn't all configurable with most home and SoHo routers.

Again, just side notes. And Let us know EA's responds if you get one.

[vecctor]

Yeah, that is good to know about the specifics of the DMZ. When I did all my experiments, the port forwarding was still on when I set the DMZ to the computer running the game - so if the forwarding overrode the DMZ setting or the DMZ setting didn't have any effect on those ports - it still should have forwarded the ports to the correct computer. I did the DMZ as an extra bit of insurance after the forwarding didn't work (and one of the links to EA's support boards said to try it).

Anyway, I did get a response from EA:

Thank you for contacting me. I can see that you have already done extensive research into how to play online with Generals. This is an interesting situation, because in your questions you are citing the information we have access to.

We at tech support can help with specific connectivity issue that you may be having, but to provide an answer for every one of your situations would involve lots of hypothetical guesswork. We can help you one on one if you have some specific trouble connecting, but the best way to find information on the intricacies of how Generals connects would be to ask through the Generals forums. The development team for Generals frequent these forums and they may be able to provide the insight that you are looking for.

Thank you for contacting Electronic Arts Online Support,

Dan L.

So basically he is saying that all the links that I provided with conflicting/confusing information are the very same resources that they use to answer questions  

He made the suggestion that I post on the generals boards, which I did right after I sent the whole thing to him. Here is my reply:

I put a copy of the whole thing up on the generals forums in the "Members Helping Members" Section right after I submitted it to you but I wasn't sure whether anyone that actually was involved in the game would ever see it - since there was no "official" tech support or tech questions area. The only official "help" link there points to you guys. Since you say that someone that is involved in the game will probably see it, I guess I will just wait for some reply from them.

I just didn't see any other way to get in direct contact with someone who might know the technical details (the forums are the only thing even close on the generals site). I wish there WAS a way to address the development team directly about something like this that (as you say) can only be answered by them. If there is any way for you to pass these questions along or give them a heads up, I would be very appreciative.

Thanks again.

So I just hope we hear something from the guys who know best about their game.

If I hear something from them through the boards or directly, I will make it available right away.

[Doc Nyar]

I doubt someone from EA is visiting the members helping members forum. If some did, they'd be busy deleting a lot of negative stuff (anti EA posts). I'm not sure about those other forums though.

Actually, what they should do is visti this forum, at least that way would get a lot of things resolved

[vecctor]

Well if anyone has been keeping track of the progress over at the generals forum, the bottom line is this: Direct Connect is not supposed to be used over the internet. Here is the post from the westwood people:

Are you trying to direct connect through a local area network or are you trying to direct connect over the internet? A lot of people have complained about using direct connect over the internet not realizing that it wasn’t designed for this. The only time that direct connect seems to work reliably over the internet is when you’re playing through a VPN.

and later a little more explanation:

On a home LAN you would probably never need to use Direct Connect but in a large office environment where subnets that do not forward UDP broadcast packets are used there is a greater chance of you not seeing another player in the game lobby. In this case you would use Direct Connect. In actuality very few people will need to use Direct Connect.


Wish I had better news for you but I’ve checked this with our engineers and they concur, Direct Connect was not designed for use over the internet.

So, while they didn't deem it neccesary to reply to MY post    They did reply to someones about this problem. It apparently goes all the way back to the days of the original generals.

There is at least one person over there that has gotten the direct connect working using VPN. I have his suggested VPN software set up, and am just trying to get in contact with him to get the settings ironed out. As soon as I get it workingI will post some more details here.

Here is what I say to Westwood/EA about this:
Okay, so direct connect wasn't designed for internet play and you gave a good reason why it is there in the first place (alot fo people were wondering). But OBVIOUSLY, since you got a mess of people that wanted to use the feature for this, wouldn't it then indicate that this is a feature people want? And if so, why not just include it?? If this whole thing went back to the original generals or even before that, why didn't you get the hint that people want this?

Some people don't want to go through the mess that is online play just to play with their friends. They don't want to sign up for a username. They don't want to remember a password. They don't want to go through an extra step just to get to play with a specific someone(s). Take the hint and include the feature. It will make your customers happy and isn't that the point in the end?

Oh, BTW: here is the link to the generals forum post

http://boards.ea.com/messages?14@196.TO25aH6uo0W.26@.1dea73dd

[number6]

I am eager to find out how that VPN software works. Could you provide the name of the software now? I might get a chance to play with it myself.

I read your post in the Generals helping people forum and I must say that EA's attitude toward this game is not very good. I think the problem with Generals, and a lot of Westwood games for that matter, is the poorly written network code. How come other games from other vendors can play direct connect TCP/IP games over the internet, but all of Westwood's games cannot? I can only assume it is poorly written code.  The answer that direct connect games was not designed for the internet is a pretty lame excuse if you ask me.

[vecctor]

Yeah, they are notorious for bad network code or 'netcode' - but they have had plenty of time (ie DOZENS of games) to fix it or get it right.

It is a lame excuse - but I must admit that they did explain it was for large office LAN use.

HOWEVER, that doesn't explain why they don't include an internet or TCP/IP direct connect feature in addition to the LAN one. Like you said number6, lots of games have this feature and people obviously want it.

The software was the stuff suggested by GuinessDrinker on the generals forum, WinGate VPN. They apparently just sold the software to some new zealand company as you can see here:

http://www.deerfield.com/support/wingate_vpn/index.asp

The New Zealand site doesn't have it for download like the authors site used to (how I got it) so if you want it you can give me a message.

I think that windows has some sort of VPN stuff too, but since guiness said he got this specific program working, I want to give it a shot and then experiment from there.

Basically VPN was designed to connect two intranets without having to actually connect them with a cable. For instance:

Company XYZ has two offices and they want to connect the LAN's of those two offices so that everyone can use file sharing for their documents and can access the local database (that is only accessible to people on the LAN).
They would have 2 options:

Run a cable from one office to the other to make it one big LAN
-or-
Use Virtual Private Networking (VPN) to run a virtual 'cable' over the internet to make it one big LAN.

So VPN creates this 'cable' which is actually an encrypted stream of information that runs over the internet. SInce the offices of XYZ corp may be really far away, this is a good option. All they have to do is make sure both offices have an internet connection, and they are ready to set up a VPN.

This applies to generals in the following way: VPN fools the game into thinking you are on the same LAN, and so makes direct connect work (as it would work on a LAN).

I have the stuff set up, but I need some specifics on how to make generals see the VPN connection as opposed to the regular connection. Anyway, I'll get back to you guys when I know.

[number6]

Thanks for the info. I wonder how many people can play on an office LAN in the first place? I know my company does not install 3D cards in our PC's and I am sure most don't. So that begs the question, why did they make the direct connect for a large office LAN instead of the internet which would be more useful? Oh well, I guess there is not much that can be done about this now. I will check out the link to the VPN software provider later on tonight.  Nice avatar by the way.  

[vecctor]

True about the office thing.  

But I will play devils advocate and say that they have had direct connect since before their games needed uber pc's to play - and since we have established that they haven't changed their netcode since those days (badum!)   I guess it wasn't hard for them to keep adding it to games.

I suppose I really ended up not playing devils advocate on that one . . . oh well

But seriously, I suppose people could possibly bring in their own computers and use the company's network to play. But if that is best excuse we can come up with for EA - they have problems!

Thanks about the avatar Built it from scratch. Figured I am starting to use this place, might as well add it to my profile. Origianlly made it for some other board.

And if you can't find that software for download on one of those sites (since they recently gave the rights to some other company), feel free to message me and I will upload it somewhere for you and send you the link.

[number6]

I was able to download the Wingate VPN software from the Deerfield website. I have used deerfield's dns2go software before until I found the free dyndns. They make good software at deerfield so I expect you will have few problems getting the VPN setup. Getting Generals to work with it will be the real challenge. I think I will wait for your report before installing Wingate.

[gryphon]

You should have bought WinXP pro Number6

http://www.onecomputerguy.com/networking/xp_vpn_server.htm