PPTP and L2TP WARCRAFT 3

RouterOS General
1

Guys, I have a RB750 which is good for me. I wonder who could help me with VPN, already have two VPNs configured and it work perfectly, PPTP and L2TP. What I want to do is that the remote client to connect to the VPN could have the same subnet mask can find games like Warcraft 3 or Command & Conquer. Who can give a light I’m will be very grateful.

2

It’s been a long time since i did those warcraft 3 things… :slight_smile:
you just need 2 firewall/NAT rules to redirect tcp “battle.net” traffic to your IP

Linux iptables commands were

  /sbin/iptables -t nat -A PREROUTING -i [EXTERNAL_IP] -p tcp --dport 6112 -j DNAT --to-destination [CLIENT_IP]]:6112
  /sbin/iptables -t nat -A POSTROUTING -p tcp -d [CLIENT_IP] --dport 6112 -j SNAT --to-source [SERVER_IP]

Second line is mandatory only if the [VPN_SERVER] address is not the gateway of your client computer.
Obviously, those commands needs to be applied on the server side of the VPN. If it’s a Mikrotik you can access it’s easy; if it’s a third-party VPN provider, i think you’re in trouble.

For other games, i guess it’s the same, you just have to find out the port used and if it’s TCP or UDP.

3

Well, thanks! But i need this to RouterOS. Linux is different.

4

not that much different (Ros is linux-based); commands are very similar

/ip firewall nat
add action=dst-nat chain=dstnat dst-address=[EXTERNAL_IP] dst-port=6112 protocol=tcp to-addresses=[CLIENT_IP] to-ports=6112
add action=src-nat chain=srcnat dst-address=[CLIENT_IP] dst-port=6112 protocol=tcp to-addresses=[SERVER_IP]
5

This is kind of problematic with PPTP and L2TP, because game/hostdiscovery in warcraft 3 works by using broadcast packets,
which usually does not work over any PPP based connection. You are better off using an alternative solution like Hamachi (which I can confirm as working) or Tunngle.

Your best shot is enabling proxy-arp (which is required for PPTP/L2TP clients sharing the same subnet with your main LAN) on your LAN interface, and assigning the dial-in client a free address from your local subnet, and then trying again. I am however pretty confident it won’t be able to see the game session, maybe the game session will show up in WC3, but will fail to connect. I would really recommend using Hamachi instead.

6

Yep, you probably right!

7

Should enable proxy-arp on WAN(public) port???

8

No, only enable it on your LAN Port (Master-Port of switch-group, or on bridge, depending on what you use).
Still, I’d go for Hamachi in any case :slight_smile: