Linux and OpenVPN Experts, I need your help

I live in an oppressive country which recently had some spare cash to invest into an advanced DPI that is blocking traffic to Xbox Live servers causing NAT to show as unavailable for everyone (regardless of the ISP) and also blocking online multiplayer in a few games as Forza Horizon 3, Destiny 2 Beta and voice chat in Overwatch, Battlefield 1 and Elder Scrolls Online.

I was able to deploy an OpenVPN server on Ubuntu 16.4.03 LTS to be used by the Xbox One console (through a VPN router). The Xbox One now shows NAT as Strict and multiplayer is still not working in Forza. I am assuming this is a firewall issue as I tried some VPN providers like VPN Unlimited (Strict but Forza works), and VyprVPN (Open and Forza works but expensive and they also don’t offer dedicated IPs so my online reputation will be really bad if I use it for accessing websites, even Google).

I need some help from experts here in the community to help me with the iptables firewall rules to make this VPN server compatible with Xbox Live.

I really appreciate any help provided. I have tried asking over at /r/Ubuntu and /r/OpenVPN but they are not experienced with how Xbox Live works so they were not able to do much. Thanks again

Would running upnp on Ubuntu work? Guess that could be the easiest option. I think that will allow all devices to open whatever ports they need though. (maybe someone else can clear that up)

Linky

Welcome to my world. I have a spare windows laptop set up for times when my ISP gives me shit. Same set up may work for you.

Here is what you need to do:

1. Get a cheap VPS Server. I am using BuyVM’s $15/year VPS. Cheapest I could find.
2. Install SoftEther Server on the VPS.
3. Install the SoftEther Admin and Client apps on your local machine.
4. Connecting to SoftEther will provide a tunnel interface. I use my WiFi connection to connect to ISP router.
5. Share the tunnel with your Ethernet interface and use network cable to connect Xbox.

My overall connection looks like this:

ISP Router -wifi-> Laptop -vpn-> Softether(Server) -ethernet-> Xbox

Let me know if you need more specifics.

https://buyvm.net/openvz-vps/
https://www.softether.org

Hi there, I will try to give you a hand but I must say I am not an expert on networking

There are two possible places that I can think of where configuration needs to be done (as I understand from your explanation) on your router as you need to set the network rules to make sure there is an open way between your Xbox and your VPN server. And in your VPN server you will need to set the IP tables to allow forwarding for the same ports

I am sure you have seen this page before (possibly many times now)
https://support.xbox.com/en-GB/xbox-one/networking/network-ports-used-xbox-live

I will recommend to check which ports are open on your router from your VPN server you could do this by using Nmap.

Some games use different ports or ALG options to be able to work properly so you may need to tweak your rules in a case by case basis.

One more thing check the security settings of your router (and the VPN exit point if possible) as this may be part of your headache.

Good luck! I Hope you will be playing in no time.

Here’s what I recommend you doing. Buy a raspberry pi 3. If the Zero has a WiFi card that’ll work too. Connect it directly to your modem or put it into DMZ. You must use the Ethernet port though.Add a proxy to it by adding the port and IP number to /etc/environment. Then bridge the wlan and eth0. Use apt to install hostapd and dnsmasq. Configure them and set up a access point and connect your console to it.

This might actually work! I will give it a shot once back home. Thanks

1. Is there a special advantage for using Softether over OpenVPN?
2. Do you get Open NAT when you do this, or is it Strict in the end?

Thanks. I really appreciate your help.

I applaud you for trying to help, I was expecting a childish response from immature kids telling this guy to get better internet, or move to a better country, or even worse.

If it did help him, good for you and I would give you reddit gold if I had it. But, if your solutions didn’t help, that’s even better. At least you tried to help, and that means more than anything, I hope you both can continue to figure out the problem and get it solved. Good luck to the both of you! =)

I think I found the main issue behind all this. It seems like Microsoft might have blocked access to Xbox Live from DigitalOcean IP blocks recently.

The reason I say this is that I have tried the same configuration on another host and it seems to be working fine but no matter how many hosts on DigitalOcean I try on, Xbox One always refuses to sign in to my account and act as if there is no internet.

I never heard of Microsoft banning certain IPs from access to Xbox Live but apparently it might be a new thing (maybe to lessen DDoSing as DigitalOcean is cheap of course).

1. Softether is multiprotocol. It supports OpenVPN, PPTP, L2TP and it’s own encrypted tunneling protocol. It’s just much easier to configure, run and change ports if your ISP decided to be a dick and starts blocking ports.

2. Open NAT

So what are you going to do about that?

Oh okay! That’s perfect!

Which OS are you using on the VPS btw? Did you need to fiddle around with firewall rules, or did Softether do all on its own?

You can generate .ovpn files using Softether, right? I need this as I will use a VPN router instead of leaving a PC on. Thanks again

I will end up using policy based routing on my router.

Will redirect all connections to Microsoft servers through a known VPN provider (VPN Unlimited or VyprVPN). This shows as Strict on Xbox One but party sometimes works somehow, at least it will allow me access to Forza Horizon 3 online.

Will redirect all connections to Battlefield 1 servers and Destiny 2 (both blocked here too) through the DigitalOcean VPS.

The reason I am splitting traffic is because the latency from VPN providers are highly unstable as they are mostly overloaded. This is never the case with DigitalOcean as it’s more dedicated.

Microsoft is not making it easy for me but I love Xbox. Despite having a PS4 Pro, I still keep using the One I have as a main and can’t wait for the One X

Using Ubuntu. I don’t remember how the firewall was configured but I can dump my iptables file for you. Just change IPs and you should be good to go.

Yes it can generate ovpn files.

What router do you have?

I would really appreciate this. Just try to remove your IP addresses for the security of your VPS.

I will try to install it on DigitalOcean first and see how it works. If it doesn’t, I will get a VPS from the site you mentioned. I wish they had servers in Germany or France where we have direct link to, but I think their Luxembourg server will do. Thanks again!

Asus RT-AC56R running Asus-Merlin.

Just double checked: SoftEther manages IPTables/Firewall by itself. No Need to create entries manually.

Here is the guide I followed to set it up some time ago: https://www.digitalocean.com/community/tutorials/how-to-setup-a-multi-protocol-vpn-server-using-softether

I use BuyVM because it’s the cheapest option I could find with decent speed/bandwidth.

Good Luck!

have you tried calling Microsoft up and explain your situation politely to them? They may be able to help

Yea that was the guide I was reading just a few minutes ago. Can’t believe Softether does all this and I have been struggling with a retarded OpenVPN console all these days!

Thanks! I really appreciate it! Will start testing in an hour or two max.