Good evening, everyone. As some of you know, I've been on a quest to help folks be able to run a Fantasy Grounds game as a GM when they are having trouble port-forwarding, are traveling and want to host a game, etc... I setup AlgoVPN and it worked great. Only caveat is it took me quite a while to set up. It was a pretty involved process.

Well, today I found ZeroTier. ZeroTier bills itself as a virtual networking layer that works the same everywhere. Pretty ambitious statement! So, without a huge expectation, I decided to test it. So, I went to www.zerotier.com, clicked on "Try Zero Tier" and downloaded the program. After setting up a network in a couple minutes, I was ready to test things. First off, it automatically assigns you an internal ip address that I believe is outside of the range of your current internal ip range (at least it did for me). That is the ip address that players will use to join your game. I remembered this after reviewing Damned's instructions on using Hamachi. I tested ZeroTier myself using a hotspot to make sure I wasn't on my home network and I connected just fine from a second laptop. Then I had a player I know download the software and connect. He connected to me just fine as well.

I suppose I need to do some speed testing, test if this will work from a hotel, etc.. Bottom line, though, I can't believe how simple it was to setup and get a connection! The players will have to download a program (like Hamachi I guess), but there is absolutely no adware, etc.. and it is very simple. And yes... absolutely free!!! So, rather than typing out a how-to, I made a quick video (9 minutes long) and posted to youtube. Sorry for some of the quality when I scroll. I was still on my hotspot. I was too excited, though and had to share. Please let me know if you try it and it works for you! This could be another great option for folks.

Here is the link to my youtube video:

https://youtu.be/Os1jjbQAFao

Nice one.

The big thing with any solution like this is getting the players to set it up, use it right, etc.. Even if it's "simple", it's another set of hoops for a player to jump through.

But, more possible options are always good. :)

Nice one.

The big thing with any solution like this is getting the players to set it up, use it right, etc.. Even if it's "simple", it's another set of hoops for a player to jump through.

But, more possible options are always good. :)

Yes. Definitely agree.

When I have a few minutes, I'll do another short video from the player side to show players how to set it up. Should only be another 5 min or so video.

Just a quick update. I sent Rob2e an email with a download link for ZeroTier, the network ID and the internal ip address of the virtual zero tier network I set up (which took about a minute to set up, seriously). He was able to connect immediately to my FG table while I had my table open at my office. So, I've now successfully tested this from my house using a hotspot (not on my home network) and from my work using the standard internet at my office. This is a very cool solution. Maybe Hamachi is just as easy, not sure, but really cool stuff. Still need to work on a "player" video that DM's could send out to players on how to connect to it.

Can a nice moderator sticky this somewhere? Maybe in the house of healing by the hamachi thread? Wherever you guys think it makes sense. Thanks!

Or maybe one post with links to all the various VPN solution threads?

Or maybe one post with links to all the various VPN solution threads?
I see it was already done :)
https://www.fantasygrounds.com/forums/showthread.php?43607-Port-Forward-Alternatives

I see it was already done :)
https://www.fantasygrounds.com/forums/showthread.php?43607-Port-Forward-Alternatives

Yep. Excellent idea!

after the players connect to the network through zerotier do they use the ip given by zero tier or the internal provided by fantasy grounds?

They use the ip address assigned to the FG host computer to connect. See attached screenshot. They use the "managed ip" which is the internal ip address assigned by zerotier. It is not going to match the internal or external ip address on the FG host launch screen so don't worry about that. If you watch my video (link in Post #1 above), you will see where I copy the ip address from. If you have any issues, let me know. Most likely it is allowing zerotier as a program in your firewall.

Oh.. and welcome to the forum! Great people here....

Awsome thank you! I have used this for awhile now to DM in person because I tried every route to port forward. Now I can finally us it to DM online.

Awsome thank you! I have used this for awhile now to DM in person because I tried every route to port forward. Now I can finally us it to DM online.

Awesome. Definitely test it out before you play but if you run into ANY issues, let me know and I'll try to help. Its worked really well as I have tested it with others. Just make sure to have the zero tier program whitelisted on your firewall. Happy Gaming!

Awsome thank you! I have used this for awhile now to DM in person because I tried every route to port forward. Now I can finally us it to DM online.

PureVPN and Hamachi avoid port forwarding as well.

One of my players expressed some security concerns regarding the use of ZeroTier (specifically, he was concerned that other network members could access his computer over the shared network) so I put together some Fantasy Grounds-specific Flow Rules to isolate the clients from one-another - these are based on the article here: https://blog.reconinfosec.com/locking-down-zerotier/



# Allow only IPv4 and IPv4 ARP Ethernet frames.
#
drop
not ethertype ipv4
and not ethertype arp
;

#
# Uncomment to drop non-ZeroTier issued and managed IP addresses.
#
# This prevents IP spoofing but also blocks manual IP management at the OS level and
# bridging unless special rules to exempt certain hosts or traffic are added before
# this rule.
#
drop
not chr ipauth
;

# Only permit clients to communicate with the Fantasy Grounds host.
accept
ipprotocol tcp
and ipdest [IP address]/32 # ZeroTier IP address of the FG host.
and dport 1802 # Default port for Fantasy Grounds.
;

# Drop TCP SYN,!ACK packets (new connections) not explicitly whitelisted above.
break
chr tcp_syn # TCP SYN (TCP flags will never match non-TCP packets)
and not chr tcp_ack # AND not TCP ACK
;

# Accept anything else. This is required since default is 'drop'.
accept;


Change to the ZeroTier IP address of your FG host (and remove the square brackets). Access control needs to be set to [I]'Private' and network members need to be authorised for them to be able to connect to Fantasy Grounds. Make a backup copy of the default rules (copy them into a text document) before changing them just in case it all goes FUBAR.

I would like to thank you for finding this.

This issue resovled my connection issue!

One of my players expressed some security concerns regarding the use of ZeroTier

Additionally if you dont use the above rules turn off the network when not using it. Same with Hamachi.

I would like to thank you for finding this.

This issue resovled my connection issue!

Awesome! So glad it helped.

I just tested this and am so happy to discover it got me connected! After the frustration of trying to get port forwarding to work, I'm really happy that this seems to have done the job. Thank you!

Do you know if there are any issues for people using different systems? I'm on a Windows laptop, as is my wife, but another player is on a Mac. Have you heard of any problems? Regardless, thanks for this!

I just tested this and am so happy to discover it got me connected! After the frustration of trying to get port forwarding to work, I'm really happy that this seems to have done the job. Thank you!

Do you know if there are any issues for people using different systems? I'm on a Windows laptop, as is my wife, but another player is on a Mac. Have you heard of any problems? Regardless, thanks for this!

I think it should work just fine with a Mac too.

It works fine on Mac and PC but if your wife is on the same network as you she can just connect to your LAN address while everyone else uses teh ZeroTier method.

Good evening, everyone. As some of you know, I've been on a quest to help folks be able to run a Fantasy Grounds game as a GM when they are having trouble port-forwarding, are traveling and want to host a game, etc... I setup AlgoVPN and it worked great. Only caveat is it took me quite a while to set up. It was a pretty involved process.

Well, today I found ZeroTier. ZeroTier bills itself as a virtual networking layer that works the same everywhere. Pretty ambitious statement! So, without a huge expectation, I decided to test it. So, I went to www.zerotier.com, clicked on "Try Zero Tier" and downloaded the program. After setting up a network in a couple minutes, I was ready to test things. First off, it automatically assigns you an internal ip address that I believe is outside of the range of your current internal ip range (at least it did for me). That is the ip address that players will use to join your game. I remembered this after reviewing Damned's instructions on using Hamachi. I tested ZeroTier myself using a hotspot to make sure I wasn't on my home network and I connected just fine from a second laptop. Then I had a player I know download the software and connect. He connected to me just fine as well.

I suppose I need to do some speed testing, test if this will work from a hotel, etc.. Bottom line, though, I can't believe how simple it was to setup and get a connection! The players will have to download a program (like Hamachi I guess), but there is absolutely no adware, etc.. and it is very simple. And yes... absolutely free!!! So, rather than typing out a how-to, I made a quick video (9 minutes long) and posted to youtube. Sorry for some of the quality when I scroll. I was still on my hotspot. I was too excited, though and had to share. Please let me know if you try it and it works for you! This could be another great option for folks.

Here is the link to my youtube video:

https://youtu.be/Os1jjbQAFao

Thanks man this totally saved my bacon i was pulling my hair out and i do not even have hair.

Awesome! Love hearing from people that some of these solutions help.

Your first video was great. Did a second one for players ever get made? :)
Jim

Firstly I wanna thank you for sharing the option. As for the issue, I did the procedures and my test players couldn't connect. We use windows notebooks and I'm not sure I got zerotier free from firewall blocking, as well as my players. Could it be the problem?

Firstly I wanna thank you for sharing the option. As for the issue, I did the procedures and my test players couldn't connect. We use windows notebooks and I'm not sure I got zerotier free from firewall blocking, as well as my players. Could it be the problem?

That definitely could be the issue. I would make sure all of you have “whitelisted” the zerotier executable. Also, sometimes it gets confusing which connection is which within zero tier. Make sure they players are trying to connect to the internal ip assigned by zero tier and confirm it is in fact your machine. Keep me posted.

Keep me posted.

Well, just checked on the whitelisting and they're checked as permited. ZeroTier and also Fantasy Grounds. Shall I add an exclusion for the program's specific folders on windows defender? Also the boxes for private and public network on the apps, some are checked and some aren't and I didn't do anything. They were already set up that way by default. Anyways, thanks for the quick response. I'm about to give up and just wait for the Unity update.

Make sure GMs ZeroTier interface is set to Public

Well, just checked on the whitelisting and they're checked as permited. ZeroTier and also Fantasy Grounds. Shall I add an exclusion for the program's specific folders on windows defender? Also the boxes for private and public network on the apps, some are checked and some aren't and I didn't do anything. They were already set up that way by default. Anyways, thanks for the quick response. I'm about to give up and just wait for the Unity update.

If you want to jump in my discord and post some screenshots of what zerotier looks like I can see if I can troubleshoot a bit. Here is a link:

https://discord.gg/ERJg3Es

Can’t jump in voice tonight but I can text chat a bit and see if I can see anything amiss if you’re interested.

If you want to jump in my discord and post some screenshots of what zerotier looks like I can see if I can troubleshoot a bit. Here is a link:

https://discord.gg/ERJg3Es

Can’t jump in voice tonight but I can text chat a bit and see if I can see anything amiss if you’re interested.

I'll do that as soon as possible, thank you for your disposition towards helping!

Make sure GMs ZeroTier interface is set to Public

It is!! :square::square:

Has anyone tried ZeroTier through an iPhone?
Once in a while I am in an internet underserved area; I cannot get internet service except via cellular.
I can hotspot my PC to my iPhone but you cannot port forward an iPhone (so I have been told, and I believe it to be true).
I’m hoping ZeroTier might provide me with a solution, other than driving 100 miles back home, to DM my games.

I've used PureVPN through both an Android and iPhone running as hotspots. Zero Tier should work...

Has anyone tried ZeroTier through an iPhone?
Once in a while I am in an internet underserved area; I cannot get internet service except via cellular.
I can hotspot my PC to my iPhone but you cannot port forward an iPhone (so I have been told, and I believe it to be true).
I’m hoping ZeroTier might provide me with a solution, other than driving 100 miles back home, to DM my games.

I routinely used my iPhone and PureVPN on my laptop to run fantasy grounds as the DM. Have not tried zero tier but PureVPN certainly worked.

Worked in China - local and roaming internet. Worked at home in California when my cable internet went down.

Worked in hotels over hotel internet. Worked in Hong Kong airport in the United lounge and the United shared Wi-Fi for the last fight of storm kings thunder.

I've used PureVPN through both an Android and iPhone running as hotspots. Zero Tier should work...

Thanks LordEntrails for the good news.

@Myrdin I know you’re a big fan of PureVPN. When you have a solution that works one can’t help but praise it.

I currently use NordVPN for streaming movies when I’m in Mexico (vacationing). Nord does not have dedicated (static) IP though. Other non gamer friends of mine have tried PureVPN in the past (for streaming) with lackluster results. So I’m am a bit skeptical that PureVPN can provide a solution for both issues. (To be honest I probably should be more skeptical of my “friends” as they’re non tech as well as non gamers.)

My NordVPN subscription is up for renewal this year so maybe I’ll try PureVPN for myself.

Thanks for the help.