Page 2 of 2 First 12
  1. #11
    They use the ip address assigned to the FG host computer to connect. See attached screenshot. They use the "managed ip" which is the internal ip address assigned by zerotier. It is not going to match the internal or external ip address on the FG host launch screen so don't worry about that. If you watch my video (link in Post #1 above), you will see where I copy the ip address from. If you have any issues, let me know. Most likely it is allowing zerotier as a program in your firewall.

    Oh.. and welcome to the forum! Great people here....
    Attached Images Attached Images
    Live stream: https://www.twitch.tv/gwydione
    Youtube replays of fg sessions: https://www.youtube.com/channel/UCQr...bIpAauZB41z8gA

    Free stuff:
    D&D5e FAQ module for fg: http://www.dmsguild.com/product/196704/FAQs
    FG 5e Module Conversions: https://tinyurl.com/y6awo2la
    Map Maker Conversion: https://tinyurl.com/y3awlo4b

  2. #12
    Awsome thank you! I have used this for awhile now to DM in person because I tried every route to port forward. Now I can finally us it to DM online.

  3. #13
    Quote Originally Posted by jfbanks1986 View Post
    Awsome thank you! I have used this for awhile now to DM in person because I tried every route to port forward. Now I can finally us it to DM online.
    Awesome. Definitely test it out before you play but if you run into ANY issues, let me know and I'll try to help. Its worked really well as I have tested it with others. Just make sure to have the zero tier program whitelisted on your firewall. Happy Gaming!
    Live stream: https://www.twitch.tv/gwydione
    Youtube replays of fg sessions: https://www.youtube.com/channel/UCQr...bIpAauZB41z8gA

    Free stuff:
    D&D5e FAQ module for fg: http://www.dmsguild.com/product/196704/FAQs
    FG 5e Module Conversions: https://tinyurl.com/y6awo2la
    Map Maker Conversion: https://tinyurl.com/y3awlo4b

  4. #14
    Myrdin Potter's Avatar
    Join Date
    Oct 2015
    Location
    East Bay, SF
    Posts
    1,685
    Blog Entries
    4
    Quote Originally Posted by jfbanks1986 View Post
    Awsome thank you! I have used this for awhile now to DM in person because I tried every route to port forward. Now I can finally us it to DM online.
    PureVPN and Hamachi avoid port forwarding as well.
    Ultimate License. Running a 5e campaign blending together PoTA and SKT. Asks lots of questions. Mgpotter.com. PureVPN is a tested solution to run games when traveling. https://billing.purevpn.com/aff.php?aff=33044

  5. #15
    One of my players expressed some security concerns regarding the use of ZeroTier (specifically, he was concerned that other network members could access his computer over the shared network) so I put together some Fantasy Grounds-specific Flow Rules to isolate the clients from one-another - these are based on the article here: https://blog.reconinfosec.com/locking-down-zerotier/

    Code:
    # Allow only IPv4 and IPv4 ARP Ethernet frames.
    #
    drop
    	not ethertype ipv4
    	and not ethertype arp
    ;
    
    #
    # Uncomment to drop non-ZeroTier issued and managed IP addresses.
    #
    # This prevents IP spoofing but also blocks manual IP management at the OS level and
    # bridging unless special rules to exempt certain hosts or traffic are added before
    # this rule.
    #
    drop
    	not chr ipauth
    ;
    
    # Only permit clients to communicate with the Fantasy Grounds host.
    accept
      ipprotocol tcp
    		and ipdest [IP address]/32 		# ZeroTier IP address of the FG host.
    		and dport 1802                          # Default port for Fantasy Grounds.
    ;
    
    # Drop TCP SYN,!ACK packets (new connections) not explicitly whitelisted above.
    break
      chr tcp_syn             # TCP SYN (TCP flags will never match non-TCP packets)
      and not chr tcp_ack     # AND not TCP ACK
    ;
    
    # Accept anything else. This is required since default is 'drop'.
    accept;
    Change [IP address] to the ZeroTier IP address of your FG host (and remove the square brackets). Access control needs to be set to 'Private' and network members need to be authorised for them to be able to connect to Fantasy Grounds. Make a backup copy of the default rules (copy them into a text document) before changing them just in case it all goes FUBAR.
    Last edited by AegisPrime; October 21st, 2019 at 18:21.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in