iAmGnome

Proxy Setup Guide (Hide VPS IP)

Recommended Posts

Posted (edited)

Hello there,

Some of you might know this already and maybe have read the original guide for it. But for those who doesn't know it yet, see below.

Note: I’m sharing the steps on how to do it using CentOS7 for the proxy server/VM while the main server/VM will be anything you like as long as rAthena supports it.

Before everything else, I would like you to know that this guide will only work on CentOS7 and this doesn’t guarantee that it will provide low latency to your players since its main function is to HIDE the IP of your MAIN VPS to avoid being bombarded with unwanted traffic. In the event, you received lots of traffic on your proxy, you can just reject it on your main VPS via firewall rules/iptables.

Requirements

  1. Spare VPS to configure the proxy
  2. Patch your client using updated "Enable Proxy Support" patch provided by 4144's NEMO & Functor
  3. DO NOT patch "Skip Service Select" since you need it to choose from the multiple connections.
  4. Add multiple connection on your clientinfo.xml/sclientinfo.xml
  5. Configure subnet_athena.conf to prevent sending real IP in network packets from login and char servers. (Functor)
  6. (Optional) Enable "Cancel to Select Service" Patch

VPS Configuration (IMPORTANT)

Note: Again, make sure that your VPS is using CentOS7 since this was tested under the said OS and working 100%

Follow the commands provided below.

/* Port Forwarding CentOS 7 FirewallD */
// ========================================================================
// Please read the comments per line it is self-explanatory.
// Important Parameters:
// INSERT_ZONE = output of the get default zone
// INSERT_IP = is the public IP of your main VPS or server
// If you like the guide give it a thumbs up!
// ========================================================================

// This command is to get the default zone being used by your VM.
firewall-cmd --get-default-zone

// This command is to check all rules applied to your VM by the current active zone.
firewall-cmd --zone=INSERT_ZONE --list-all

// Enabling Masquerade Status (IP Forwarding). 
// This is the important configuration else below won't work
firewall-cmd --zone=INSERT_ZONE --add-masquerade --permanent

// IP/Traffic forwarding
// Make sure you have configured masquerade
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6900:proto=tcp:toport=6900:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6121:proto=tcp:toport=6121:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=5121:proto=tcp:toport=5121:toaddr=INSERT_IP --permanent

// Add rules for ro-ports (assuming that you didn't change the port)
firewall-cmd --zone=INSERT_ZONE --add-port=6900/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=6121/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=5121/tcp --permanent

// Reload rules to take effect
firewall-cmd --reload

clientinfo.xml/sclientinfo.xml Configuration (IMPORTANT)

The example below shows how to configure multiple connections/tunnel to your VPS. (P.S. I'm not quite sure how many connection is the limit that can be defined on the xml)

<?xml version="1.0" encoding="euc-kr" ?>
<clientinfo>
	<desc>Ragnarok Online Client Information</desc>
	<servicetype>america</servicetype>
	<servertype>primary</servertype>
	<connection>
		<display>^FF0000[ SE Asia ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to SEA Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US Central ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US Central Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US West ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US West Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
</clientinfo>

subnet_athena.conf (IMPORTANT)

Change the default value (shown below)

subnet: 255.0.0.0:127.0.0.1:127.0.0.1

TO

subnet: 0.0.0.0:127.0.0.1:127.0.0.1

As per Functor, "If you will just apply the patch of EXE - game client will not use these IPs from network packets. But players will be able to find real IP by using any network sniffer.".

That's it. If you have question, drop by a comment. ROK On!

Original Links: Ragnarok Proxy Setup (Hide your VPS IP)
Other: rAthena via GCP (In a nutshell)

Edited by iAmGnome
  • Upvote 5

Share this post


Link to post
Share on other sites
Posted (edited)

@iAmGnome You forgot about the important additional step. If you want to hide the IP of main VPS - you need to prevent sending real IP in network packets from login and char servers.

Because if you will just apply the patch of EXE - game client will not use these IPs from network packets. But players will be able to find real IP by using any network sniffer.

Open "../conf/subnet_athena.conf" and change:

subnet: 255.0.0.0:127.0.0.1:127.0.0.1

to:

subnet: 0.0.0.0:127.0.0.1:127.0.0.1

 

Edited by Functor
  • Upvote 2
  • Love 1

Share this post


Link to post
Share on other sites
On 4/30/2019 at 3:59 PM, iAmGnome said:

Hello there,

Some of you might know this already and maybe have read the original guide for it. But for those who doesn't know it yet, see below.

Note: I’m sharing the steps on how to do it using CentOS7 for the proxy server/VM while the main server/VM will be anything you like as long as rAthena supports it.

Before everything else, I would like you to know that this guide will only work on CentOS7 and this doesn’t guarantee that it will provide low latency to your players since its main function is to HIDE the IP of your MAIN VPS to avoid being bombarded with unwanted traffic. In the event, you received lots of traffic on your proxy, you can just reject it on your main VPS via firewall rules/iptables.

Requirements

  1. Spare VPS to configure the proxy
  2. Patch your client using updated "Enable Proxy Support" patch provided by 4144's NEMO & Functor
  3. DO NOT patch "Skip Service Select" since you need it to choose from the multiple connections.
  4. Add multiple connection on your clientinfo.xml/sclientinfo.xml
  5. Configure subnet_athena.conf to prevent sending real IP in network packets from login and char servers. (Functor)
  6. (Optional) Enable "Cancel to Select Service" Patch

VPS Configuration (IMPORTANT)

Note: Again, make sure that your VPS is using CentOS7 since this was tested under the said OS and working 100%

Follow the commands provided below.

/* Port Forwarding CentOS 7 FirewallD */
// ========================================================================
// Please read the comments per line it is self-explanatory.
// Important Parameters:
// INSERT_ZONE = output of the get default zone
// INSERT_IP = is the public IP of your main VPS or server
// If you like the guide give it a thumbs up!
// ========================================================================

// This command is to get the default zone being used by your VM.
firewall-cmd --get-default-zone

// This command is to check all rules applied to your VM by the current active zone.
firewall-cmd --zone=INSERT_ZONE --list-all

// Enabling Masquerade Status (IP Forwarding). 
// This is the important configuration else below won't work
firewall-cmd --zone=INSERT_ZONE --add-masquerade --permanent

// IP/Traffic forwarding
// Make sure you have configured masquerade
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6900:proto=tcp:toport=6900:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6121:proto=tcp:toport=6121:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=5121:proto=tcp:toport=5121:toaddr=INSERT_IP --permanent

// Add rules for ro-ports (assuming that you didn't change the port)
firewall-cmd --zone=INSERT_ZONE --add-port=6900/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=6121/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=5121/tcp --permanent

// Reload rules to take effect
firewall-cmd --reload

clientinfo.xml/sclientinfo.xml Configuration (IMPORTANT)

The example below shows how to configure multiple connections/tunnel to your VPS. (P.S. I'm not quite sure how many connection is the limit that can be defined on the xml)

<?xml version="1.0" encoding="euc-kr" ?>
<clientinfo>
	<desc>Ragnarok Online Client Information</desc>
	<servicetype>america</servicetype>
	<servertype>primary</servertype>
	<connection>
		<display>^FF0000[ SE Asia ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to SEA Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US Central ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US Central Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US West ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US West Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
</clientinfo>

subnet_athena.conf (IMPORTANT)

Change the default value (shown below)

subnet: 255.0.0.0:127.0.0.1:127.0.0.1

TO

subnet: 0.0.0.0:127.0.0.1:127.0.0.1

As per Functor, "If you will just apply the patch of EXE - game client will not use these IPs from network packets. But players will be able to find real IP by using any network sniffer.".

That's it. If you have question, drop by a comment. ROK On!

Original Links: Ragnarok Proxy Setup (Hide your VPS IP)
Other: rAthena via GCP (In a nutshell)

Would Cloudflare be enough? Or is it just for web? Also, we could also use Floating IPs from Digitalocean right?

Share this post


Link to post
Share on other sites
1 hour ago, Universe said:

Would Cloudflare be enough? Or is it just for web? Also, we could also use Floating IPs from Digitalocean right?

Not quite sure with regards to floating IPS of DigitalOcean. Better to try it but somehow it will work since it is integrated on their droplet which can use CentOS system. As for cloudfare, it won't work AFAIK since it only caters web traffic.

Share this post


Link to post
Share on other sites

Okay thanks, will try. Will update you if it works. Also, btw so i could know if it would work. how would i get the ip that the server is connecting to? From Packets

Share this post


Link to post
Share on other sites
Posted (edited)
54 minutes ago, Universe said:

Okay thanks, will try. Will update you if it works. Also, btw so i could know if it would work. how would i get the ip that the server is connecting to? From Packets

Use the command "@accinfo %playersname%" in-game. Tested this guide multiple times and it works like a charm.

Edited by Mosaic

Share this post


Link to post
Share on other sites
On 5/4/2019 at 10:31 PM, Mosaic said:

Use the command "@accinfo %playersname%" in-game. Tested this guide multiple times and it works like a charm.

Won't that give the ip of the player? And not the server's ip through packets?

On 5/4/2019 at 9:36 PM, iAmGnome said:

Not quite sure with regards to floating IPS of DigitalOcean. Better to try it but somehow it will work since it is integrated on their droplet which can use CentOS system. As for cloudfare, it won't work AFAIK since it only caters web traffic.

I havn't tested yet since i don't know how to get packets data. But i think ( not sure though. ) that floating ips are different ips that does the same what the original ip does. Basically like a proxy. Correct me if i'm wrong though.

Here's a blog, if you need a much clear description.
https://blog.digitalocean.com/floating-ips-start-architecting-your-applications-for-high-availability/

Share this post


Link to post
Share on other sites
On 5/5/2019 at 9:13 PM, melv0 said:

how about if i use debian?

Already have a guide provided on the link above.

 

On 5/5/2019 at 6:36 PM, Universe said:

I havn't tested yet since i don't know how to get packets data. But i think ( not sure though. ) that floating ips are different ips that does the same what the original ip does. Basically like a proxy. Correct me if i'm wrong though.

Here's a blog, if you need a much clear description.
https://blog.digitalocean.com/floating-ips-start-architecting-your-applications-for-high-availability/

Possible but not really. Floating IP can be classified as just an OM IP (not sure how to term it). It is where you deploy an instance (1+1) when an instance goes down you don't need to change the IP of it since the floating is routed to both instance. (weird explanation)  

Share this post


Link to post
Share on other sites

Question, this "spare vps" can be availed in gcp with the lowest possible price? Then do the setup guide above, right? If i choose a US data center but my main server ip is in asia, will it affect the latency? Like incease lag if I do so?

Share this post


Link to post
Share on other sites

@DeathStar the lowest price can be possible. The shared one (micro) type VM. After creating, follow the steps above. As for the latency, again the main objective of this tutorial is to hide your main IP. You can try it for yourself it it increases lag or decreases latency.

Share this post


Link to post
Share on other sites

I tested it myself. Yes it increases lag depending on the server

Share this post


Link to post
Share on other sites
24 minutes ago, pajodex said:

I tested it myself. Yes it increases lag depending on the server

Thanks for testing. As long as the main function works then its okay.

 

Share this post


Link to post
Share on other sites
On 5/6/2019 at 8:17 PM, iAmGnome said:

Possible but not really. Floating IP can be classified as just an OM IP (not sure how to term it). It is where you deploy an instance (1+1) when an instance goes down you don't need to change the IP of it since the floating is routed to both instance. (weird explanation)  

Why not just use the floating ip as the server ip?

Share this post


Link to post
Share on other sites
1 hour ago, Universe said:

Why not just use the floating ip as the server ip?

Floating is a single IP as far as I know.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...