Hey guys. Where I live I have about 3 firewalls I have to go through before I hit the internet and have no way to configure 2 of them. So I'm one of those guys that can't easily publish port 1802 to the world for players to connect in to my home computer.

I also have a small public Linux server I use for hosting and I've been toying around with ways to publish 1802 on that server and tunnel the connection back into my Windows PC running Fantasy Grounds. I found a pretty easy way to do this with Putty and SSH tunneling and wrote up a little howto guide for it: Using Putty to bypass firewalls for Fantasy Grounds (https://tarsis.org/?p=5)

The end result being players should be able to type in "tarsis.org"(my server) for the host game to join and it'll route through to my home computer, simply by me logging into my remote server with Putty. I haven't run any full games doing this yet, I've just done local testing using multiple instances of FG, but it seems to be working pretty well so far.

Fascintating, Dracones. I host on a 3G wireless connection and am forced to use Hamachi, which is okay but not ideal. Your solution looks appealing. There's less for players to worry about.

Can you recommend a cheap and reliable public linux server?

Thanks for sharing. Your guide is comprehensive.

I'm using these guys: https://www.vpscolo.com/

$5 a month for a Linux virtual server that has 256 megs of ram and 10G of space. It includes a public IP.

The only quirk with these guys is they're using OpenVZ for virtualization, which has some limits if you're doing "interesting" stuff. Like I had to ask them to enable a couple kernel features so I could create a VPN server with it.

But it's fine for standard web hosting, teamspeak, ssh and so on.

I'm using these guys: https://www.vpscolo.com/

$5 a month for a Linux virtual server that has 256 megs of ram and 10G of space. It includes a public IP.

The only quirk with these guys is they're using OpenVZ for virtualization, which has some limits if you're doing "interesting" stuff. Like I had to ask them to enable a couple kernel features so I could create a VPN server with it.

But it's fine for standard web hosting, teamspeak, ssh and so on.

Do you know any free alternative that could make your method for hosting games work?

Hamachi. Their is a thread on it in the forums.

Do you know any free alternative that could make your method for hosting games work?

Not sure how much luck you'll have reviving a 7-=year-old thread - I haven't seen Dracones around for a while - but someone else might be able to help

Good luck :)

This is how you do it in detail.
You can get a VPS from $10-20 USD/year if you look hard enough.
https://www.dropbox.com/s/i1mxkdubn8kt46k/Fantasy%20Grounds%20VPN%20Server%20Setup%20-%20draft.docx?dl=0

Indeed I wasn't able to get one for free. The idea is to not need hamachi altogether.

Could this free shell account work?

https://freeshells.org/clients/cart.php?gid=3

Maybe - try it.

Maybe - try it.

Shell accounts don't allow you to edit sshd_config. So no, unfortunately.

Found a VPS for US$6/year. I'll give it a try.

I got this working yesterday on an Amazon EC2 instance, you get a year of your first one free and after that if I only have it running when I’m going to play I will only pay a little more than a penny an hour.

Excellent Blacklamb
I would appreciate it if you let me know of any steps in the doco that require refinement.
Especially as things change over time.

I got this working yesterday on an Amazon EC2 instance, you get a year of your first one free and after that if I only have it running when I’m going to play I will only pay a little more than a penny an hour.

How did you get a root ssh login/password to edit sshd_config in EC2?

I started with making a server off the Ubuntu image, during that they have you download a private certificate. You can follow Amazon's instructions on getting started and how to log in with it. I did not create a second account so I skipped over all that and Nano was already installed. When you create the image you can also make the security rule to open TCP 1802. Then I used "sudo nano/ssh/sshd_config" to edit that file. They don't use password for anything it's all certificate authentication. I did not mess with IP tables at all, so from the doc I only used the Port Remapping part and the Client Side part changing the -pw to -i and the key file location, of you can just set it up in the graphical putty interface,that's what I decided to use. The other thing I did because Amazon charges you for having your instance down when you have a static IP was to install a Dynamic DNS client and set it up using my DNS providers instructions for setting up Dynamic DNS.

Another quick note when I setup the access security policy for Amazon's instance I set SSH to only work from my Office IP range and Home IP. I set the TCP port 1802 to work from all IPs.

I started with making a server off the Ubuntu image, during that they have you download a private certificate. You can follow Amazon's instructions on getting started and how to log in with it. I did not create a second account so I skipped over all that and Nano was already installed. When you create the image you can also make the security rule to open TCP 1802. Then I used "sudo nano/ssh/sshd_config" to edit that file. They don't use password for anything it's all certificate authentication. I did not mess with IP tables at all, so from the doc I only used the Port Remapping part and the Client Side part changing the -pw to -i and the key file location, of you can just set it up in the graphical putty interface,that's what I decided to use. The other thing I did because Amazon charges you for having your instance down when you have a static IP was to install a Dynamic DNS client and set it up using my DNS providers instructions for setting up Dynamic DNS.


Another quick note when I setup the access security policy for Amazon's instance I set SSH to only work from my Office IP range and Home IP. I set the TCP port 1802 to work from all IPs.

Good stuff Blacklamb.

Go to https://www.noip.com/
create a free account and copy "your noip username" and "your noip password" to a notepad text file for later use below
create a free dynamic dns hostname and copy "your noip hostname address" to your notepad text file for later use below


Go to https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
download putty.exe (preferably 64-bit)
download plink.exe (preferably 64-bit)
download puttygen.exe (preferably 64-bit)


Go to https://portal.aws.amazon.com/billing/signup#/start
create your account (credit card required, charges apply after 1 year)


Go to https://aws.amazon.com/
sign in to the console
EC2
instances
launch instance
Ubuntu Server 18.04 LTS (HVM), SSD Volume Type - ami...
select
choose one with "Free tier eligible"
next: configure instance details
next: add storage
next: add tags
next: configure security group
add rule / custom tcp rule / TCP / 1802 / Custom / 0.0.0.0/0
review and launch
launch
create a new key pair
key pair name: server-key
download key pair
save as: C:\Users\Public\server-key.pem
launch instances

click on View Instances at the end of the page
copy "your IPv4 Public IP" to your notepad text file for later use below
(you may now close your browser)


run puttygen.exe
load
C:\Users\Public\server-key.pem
ok
save private key
yes
C:\Users\Public\server-key.ppk
close puttygen


run putty.exe
On the Session tab:
Host Name: ubuntu@"your IPv4 Public IP"
Port 22
SSH
On the Connection/SSH/Auth tab:
click on "Browse"
C:\Users\Public\server-key.ppk
On the Session tab again:
name and save your session
click on "Open"
yes

login as: ubuntu
[Enter]
type: sudo nano /etc/ssh/sshd_config
[Enter]
add those lines to the end of the file:

AllowTcpForwarding yes
GatewayPorts yes

hold Ctrl+X
(Y)es
[Enter]
type: sudo service sshd restart
[Enter]
type: sudo apt-get update
[Enter]
type: sudo apt-get install ddclient
[Enter]
(Y)es
[Enter]
use Esc to skip everything until the installation stops
type: sudo nano /etc/ddclient.conf
[Enter]
change the file as follows:

protocol=dyndns2
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
server=dynupdate.no-ip.com
login="your noip username"
password="your noip password"
"your noip hostname address" (ex: yourname.ddns.net)

hold Ctrl+X
(Y)es
[Enter]
type: sudo /etc/init.d/ddclient restart
[Enter]
close your PuTTY session
ok


Create a batch file in the same folder where you saved plink.exe with those lines:
plink.exe -ssh ubuntu@"your noip hostname address" -i C:\Users\Public\server-key.ppk -R "your noip hostname address":1802:localhost:1802 -v
pause


Run the batch file and keep the prompt window open
(store key in cache the first time)
(if you see "1802 enabled" at the end of a line, it's probably working!)
(run it again each time before you host a fantasy grounds game, and keep it open for the whole session)
(your players must use "your noip hostname address" as the Host adress to join game)


Remember to confirm your noip hostname every 30 days by clicking on the link on the e-mails you receive
This should be enough to host your games for 1 year

After one year amazon will charge you for the service
It will cost you a lot less if you stop (not terminate) your aws EC2 instance after hosting each game
You will need to start it again each time before hosting a new game
"your Public IPv4 IP" will change everytime, but noip and ddclient should help you to not worry about that

You can stop or start your instance on https://aws.amazon.com
sign in to the console
EC2
instances
select your instance
actions
instance state

You may also want to terminate your free tier instance (micro) and launch a cheaper one (nano) to replace it
The tutorial should help you again with that
(24 sessions of 6 hours each in a year should cost you a total of less than US$1,00 if you do it right)

Thank you gandhi39

I started with making a server off the Ubuntu image, during that they have you download a private certificate. You can follow Amazon's instructions on getting started and how to log in with it. I did not create a second account so I skipped over all that and Nano was already installed. When you create the image you can also make the security rule to open TCP 1802. Then I used "sudo nano/ssh/sshd_config" to edit that file. They don't use password for anything it's all certificate authentication. I did not mess with IP tables at all, so from the doc I only used the Port Remapping part and the Client Side part changing the -pw to -i and the key file location, of you can just set it up in the graphical putty interface,that's what I decided to use. The other thing I did because Amazon charges you for having your instance down when you have a static IP was to install a Dynamic DNS client and set it up using my DNS providers instructions for setting up Dynamic DNS.

What do you mean with "Amazon charges you for having your instance down when you have a static IP"?

Could you then please explain how to install the Dynamic DNS client and set it up?

add rule / all traffic / all / 0 - 65535 / anywhere


why open up all ports, that exposes lots of service area on the server and provides it with no port protection. You should only need 1802 and SSH open.

What do you mean with "Amazon charges you for having your instance down when you have a static IP"?

Could you then please explain how to install the Dynamic DNS client and set it up?

if you set up an elastic IP, static public IP that never goes away, you get no charge for it as it’s included with your instance. But if you read the details they charge .009 per hour if your instance is down because you are holding a valuable IP.

For my dynamic dns provider I used ddclient and followed the instructions from my domains dns provider. I installed it using “Sufi apt-get update” then “sudo apt-get install ddclient” it has an install wizard that will let you set it up with common dynamic dns providers. But in my case I needed to edit its config file to Work with my provider.

You are right. My tutorial was left like that for simplicity. But you can make more specific and secure inbound and outbound rules later.

[edited the tutorial for safer rules]

I don’t know how to replace the static public IP amazon gives you for a 3rd party dynamic one. What I do to not being charged when I’m not using the instance is turn it off. The downside is that your IP changes whenever you turn it back on. You will need to update your bach file everytime before you host a game.

You can use a dynamic DNS provider like https://www.noip.com/ and then have a DNS name that goes into your scripts and your players use like fg.sampledomain.org

You can use a dynamic DNS provider like https://www.noip.com/ and then have a DNS name that goes into your scripts and your players use like fg.sampledomain.org

Thank you very much for this info. I got this to work on Amazon EC2. I wonder if you guys can add the info on how to setup no-IP, I have an account there and it point to the IP of house my connection .

How do I do that so that it points to the Amazon EC2 instance that way I wont get charged and it can keep using the free tier?

Here is there instructions.
https://www.noip.com/support/knowledgebase/installing-the-linux-dynamic-update-client-on-ubuntu/

Here is there instructions.
https://www.noip.com/support/knowledgebase/installing-the-linux-dynamic-update-client-on-ubuntu/

Thank you, I think I got that working. The one i need to configure is now the batch file and putty. Those still use the IP right? DO i replace both everytime i load the EC2 time?

I use the DNS name and give it a little bit after the instance is up to register itself before running them, just a min or two after it enters the running state. By using the DNS name you don’t need to change putty or scripts. It’s also what I give my players.

Would you mind giving a step by step?

Right now. I got putty configured. And the script is configured.

I have installed the Ubuntu No-IP client it doenst seem to update however when I reboot or restart the server.

I unfortunately don't use No-IP so I don't know how to troubleshoot them.

I unfortunately don't use No-IP so I don't know how to troubleshoot them.

I tried using my no-ip dynamic domain name (hardcoversph.ddns.net), on both putty and the batch file it just works!!!

This solution is still the best out there! Thanks for all the info everyone!

Will just have to edit the saved putty settings and the batch file everytime for the IP changes.

I supose you can use the address noip gives you in place of you public IP in putty and the batch file. But you must manually update the IP on the noip site everytime you restart the instance.

I supose you can use the address noip gives you in place of you public IP in putty and the batch file. But you must manually update the IP on the noip site everytime you restart the instance.

I applied my dynamic dns from No-IP on the putty and the batch file. I also installed the no-ip client on the AWS/Ubuntu server. That way if i restart I just have the client run on boot. It refreshes the IP an applies that change.

I also installed the no-ip client on the AWS/Ubuntu server. That way if i restart I just have the client run on boot.

Could you explain your steps to install and have the client run on boot?

Could you explain your steps to install and have the client run on boot?

I actually followed your guide in building the solution using AWS. Make sure you get the Tunneling to work with IP addresses first.

Once everything is working, proceed to Dynamic DNS setup.

a. Create an account in No-IP (https://www.noip.com/), and setup a hostname you want to use. Free accounts allow you to choose 3 domain names.

b. Copy into notepad your IP address of your AWS server. You will need that just to be sure.

c. Follow the guide here (https://www.noip.com/support/knowledgebase/installing-the-linux-dynamic-update-client-on-ubuntu/) to install the No-IP Ubuntu client on your AWS. You will need this to make sure that when you start and stop your AWS your IP address syncs with your Dynamic DNS from No-IP.

d. Once you have that set, reboot your AWS using putty command line (sudo reboot now).

e. If you followed step C, every time when you reboot/stop-start your AWS just SSH into and run this command "/usr/local/bin/noip2"

f. There is a tutorial to make step E, auto run at boot but I haven't gotten around to do that well yet.

g. edit your saved putty setting from fixed IP to your chosen Dynamic DNS, do the same for your Batch File.

h. Your batch file should reflect the port tunneling similar to what i see in mine.

Requesting remote port "your dynamic dns":1802 forward to localhost:1802
Remote debug message: Forwarding listen address "your dynamic dns" overridden by server GatewayPorts
Remote port forwarding from "your dynamic dns".net:1802 enabled

i. DNS linking and sync takes time, sometimes a minute or two, my suggestion is to use the server IP (on step B) if it takes a while. After a few minutes the sync will happen.
j. Enjoy!!!

I actually followed your guide in building the solution using AWS. Make sure you get the Tunneling to work with IP addresses first.

Once everything is working, proceed to Dynamic DNS setup.

a. Create an account in No-IP (https://www.noip.com/), and setup a hostname you want to use. Free accounts allow you to choose 3 domain names.

b. Copy into notepad your IP address of your AWS server. You will need that just to be sure.

c. Follow the guide here (https://www.noip.com/support/knowledgebase/installing-the-linux-dynamic-update-client-on-ubuntu/) to install the No-IP Ubuntu client on your AWS. You will need this to make sure that when you start and stop your AWS your IP address syncs with your Dynamic DNS from No-IP.

d. Once you have that set, reboot your AWS using putty command line (sudo reboot now).

e. If you followed step C, every time when you reboot/stop-start your AWS just SSH into and run this command "/usr/local/bin/noip2"

f. There is a tutorial to make step E, auto run at boot but I haven't gotten around to do that well yet.

g. edit your saved putty setting from fixed IP to your chosen Dynamic DNS, do the same for your Batch File.

h. Your batch file should reflect the port tunneling similar to what i see in mine.

Requesting remote port "your dynamic dns":1802 forward to localhost:1802
Remote debug message: Forwarding listen address "your dynamic dns" overridden by server GatewayPorts
Remote port forwarding from "your dynamic dns".net:1802 enabled

i. DNS linking and sync takes time, sometimes a minute or two, my suggestion is to use the server IP (on step B) if it takes a while. After a few minutes the sync will happen.
j. Enjoy!!!

I had already done the rest of it.

Let me know if you find out how to run "/usr/local/bin/noip2" automatically when the instance starts without having to ssh into it. The tutorials I found about that did not work.

I had already done the rest of it.

Let me know if you find out how to run "/usr/local/bin/noip2" automatically when the instance starts without having to ssh into it. The tutorials I found about that did not work.

Its very tricky. I will ask around my office, my linux skills are rusty. At least you wont have to worry about it until month 11 if you are working on a free tier. Will probably migrate it to a nano server by the 11th month to save more hehehehe.

Made it! This should work: (ssh PuTTY session) (no need to install the noip client)

type: sudo apt-get update
type: sudo apt-get install ddclient
y
use Esc to skip everything until the installation stops
type: sudo nano /etc/ddclient.conf
change the file as follows:

# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf

protocol=dyndns2
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
server=dynupdate.no-ip.com
login=YOUR USERNAME ON NOIP
password=YOUR PASSWORD ON NOIP
YOUR HOSTNAME ADRESS ON NOIP (ex: yourname.ddns.net)

hold Ctrl+X
(Y)es
Enter

type: sudo /etc/init.d/ddclient restart


[updated the other tutorial to include this]

Hi guys, you're amazing, thank you for the detailed walkthroughs, the only single thing I had to learn has only been how to write a batch file :D .

I think this should be sticky and evident somewhere, if it isn't already (I came here by googling putty fantasy grounds).

Thank you so much gandhi39 and everyone!

Welcome to the FG forums.


I think this should be sticky and evident somewhere...
Yep, already done. Here: https://www.fantasygrounds.com/forums/showthread.php?43607-Port-Forward-Alternatives

Welcome to the forums and FG Community!

Thank you guys!

Now that all is set up, I loaded the Symbaroum campaign, "The promised land", and put a password as usual.

I just run the test with one of my players, he put my no-ip alias, which is liedl.ddns.net, and the password which I gave him, and all was fine!

Of course I first had to activate the batch file and to keep it open, and I was forgetting :rolleyes:

But beside that, everything was fine. Thank you so much gandhi39!!!

My final request for gandhi39 and all those savvy with this method: if running the batch it says "x packages can be updated, y updates are security updates, system restart required", do I want to ignore it or do I want to update? What are the command to update and to restart system?

I wrote "sudo apt-get update" and looks like updating but the above writing remains...

Hey guys. Where I live I have about 3 firewalls I have to go through before I hit the internet and have no way to configure 2 of them. So I'm one of those guys that can't easily publish port 1802 to the world for players to connect in to my home computer.

I also have a small public Linux server I use for hosting and I've been toying around with ways to publish 1802 on that server and tunnel the connection back into my Windows PC running Fantasy Grounds. I found a pretty easy way to do this with Putty and SSH tunneling and wrote up a little howto guide for it: Using Putty to bypass firewalls for Fantasy Grounds (https://tarsis.org/?p=5)

The end result being players should be able to type in "tarsis.org"(my server) for the host game to join and it'll route through to my home computer, simply by me logging into my remote server with Putty. I haven't run any full games doing this yet, I've just done local testing using multiple instances of FG, but it seems to be working pretty well so far.

Thanks for this method. It has worked well for me when AT&T started to aversely react to the inbound 1802 on their router with no way to configure a work around.
-Mark