VPN/Tunnel Gaming FAQ
by Anthony Volodkin (anthonyv@brainlink.com)

Last updated 09/08/07

Can you host and play mutiplayer games over a Virtual Private Network?
Yes!

Can you do the same without a VPN server?
Yes. Hamachi is the hands down best tool for this. Gamer's Internet Tunnel also offers a good solution to tunneling game traffic to host private games, but may be more difficult to configure.

What kinds of games can be played?
Most recent first-person shooters, strategy games or any other games that use TCP/IP and have a LAN play feature can be played.

Why would you even do that? GameSpy offers excellent service!
With frequent gameplay, scoring and connection issues, GameSpy is hardly perfect. You also often end up playing with people on slow connections bringing everyone's game down to a halt. Playing over VPNs or tunnels lets you play with friends without all the problems.

What kind of software do you need to set it up?
On the server-side, a PPTP VPN server is usually sufficient, although in certain cases some modifications or additional tools need to be installed. For Windows 98/2000/XP clients, there is built-in support for PPTP VPN connections which works very well.

Additionally, there is also Kali that supports a variety of older, IPX-based games.

Why is it difficult to have games work over a VPN?
When games search for other players on the network, they send out UDP broadcast packets that are normally not supposed to travel over VPNs. Since most VPN software just drops these packets by default, you never see the other players in LAN lobbies. You can still use the Connect to IP (or Direct Connect, etc) feature in this situation, if the game provides such an option.

How is this UDP broadcast problem resolved?
There are several ways to solve this. The two best approaches are to use GIT on the Windows XP machines and not use a VPN server, or have a Linux VPN server running PopTop.

Generally, playing over a VPN is simpler since only the server operator needs to know how to handle the technological aspects of the setup. The rest of the participants simply create VPN Connections on their desktops, which is a fairly straightforward process. GIT is an advanced and powerful tool, but requires the users to really understand what they are doing.

How well does it perform?

While the VPN does add some overhead to the gameplay, overall it is not noticeable over a fast broadband link. Dial-up users might have some problems though.

So how do you setup a Linux VPN server to play LAN games?
With the new additions to the PopTop PPTP server, it is actually very easy. I assume that the Linux machine in question acts as your network gateway. This is not necessary but makes things easier.
First you have to setup the Poptop PPTP server. There is an excellent howto (local copy) by Serge Stepanov that describes the process. Our setup will only differ slightly from his configuration. The differences are as follows:

• We are using pptpd version 1.2.1 since it has better support for broadcasting than the earlier 1.1.4 version.
• When building pptpd use the following configure option: ./configure --with-bcrelay to enable the bcrelay module.
• In /etc/pptpd.conf, add bcrelay eth0 (replace eth0 with the name of your internal interface) This will enable broadcast forwarding between the ppp interfaces as well as the interface you specify.
• In /etc/ppp/options-pptp, make sure that the mppe required option is commented. Since we will be playing games over this VPN connection, encryption is not necessary.
• If you don't have it on already, you have to enable IP forwarding on your linux machine. To do that, execute the following as root:

echo 1 > /proc/sys/net/ipv4/ip_forward

Or to set it to be enabled on boot, edit /etc/network/options and set ip_forward=yes on Debian. On RedHat/Fedora, you have to edit /etc/sysconfig/network and set FORWARD_IPV4 = YES

At this point, if you can successfully connect, most likely, you will be able to play a LAN game!

How do you setup a FreeBSD VPN server to do the same?
Currently, it is a more difficult process than it is under Linux. This is mainly due to the fact that PopTop's bcrelay module is coded to use linux-specific packet functions that are not available in FreeBSD. So for now you can follow my earlier document on setting this up. It is certainly a crude hack, but it does work. It is available here.

How do I setup my Windows 2000/XP machine to connect to a VPN server?
This is documented in many places on the internet, but here is how to do it under Windows XP. The procedure under Windows 2000 is very similar.

What about using a Windows 2000/2003 Server for a VPN server?
Some quick research indicates that this is possible. However, it seems that you cannot use the Microsoft VPN software that comes with Windows 2000/2003. Some solutions involved using the bridging feature of the OpenVPN package. Let me know if you are running such a setup. If all you are dealing with are Windows XP machines, GIT might be a better option in your case.

Comments or corrections are welcome at anthonyv@brainlink.com .