Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 19724 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dota 2 on UTM 9

SoulDragon

Hello,

I am having issues connecting to games in dota 2.  I can connect to the client itself and browse through everything just fine, but when I try to join/spectate an actual game, it refuses to connect.  Its not even rejecting the connection it just hangs there trying to connect indefinitely until I manually stop it.  I am sure it is not my OS settings as all firewall/network security stuff has been disabled, and when I bypass the UTM device I can connect just fine.

I attempted the steps in https://community.sophos.com/products/unified-threat-management/f/general-discussion/82412/battlefield-1-on-sophos-utm-9 but did not get anywhere.  I've added exceptions to everything I can think of in UTM but it still isn't solving the issue.  Firewall log states packets are being allowed, web filter states all calls are being allowed, nothing showing up on intrusion protection log either....

Does anyone have any ideas or can help me troubleshoot this?

Current firmware version: 9.407-3 Your firmware is up to date.

Here is the log from the ingame console when it hangs (note the "connection already started" message appears even on a successful connection):


CL: Sending connect to 208.78.165.99:28101
CL: Received S2C_CHALLENGE [540558387 auth 3] from 208.78.165.99:28101
CL: Sending C2S_CONNECT [44 protocol 540558387 auth 3] to 208.78.165.99:28101
CL: Received S2C_CONNECTION from 208.78.165.99:28101 [addons:'']
CL: Connected to '208.78.165.99:28101'
CL: Suppress INetchannel::Transmit() in loopmode( remoteconnect )
CL: CLoopModeRemoteConnect::OnClientFrameSimulate switching to "levelload" loopmode with addons:
SwitchToLoop levelload requested: id [26] addons []
Failed to load image for cursor from resource\cursor\workshop\pw_chaos_cursors\cursor_inivisible.bmp: Couldn't open resource\cursor\workshop\pw_chaos_cursors\cursor_inivisible.bmp
ChangeGameUIState: DOTA_GAME_UI_STATE_DASHBOARD -> DOTA_GAME_UI_STATE_LOADING_SCREEN
CL: CNetworkGameClient::OnSwitchLoopModeFinished( levelload : success )
CL: Permit INetchannel::Transmit()
CL: CLoopModeLevelLoad::OnClientFrameSimulate switching to "game" loopmode with addons:
SwitchToLoop game requested: id [26] addons []
CL: CNetworkGameClient already exists for connection to '208.78.165.99:28101'
CL: connection to '208.78.165.99:28101' already started



This thread was automatically locked due to age.
  • 0

    Any troubleshooting steps at all I can take?  I just cannot figure this one out for the life of me.

  • 0 in reply to SoulDragon

    Start with #1 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Nothing shows in intrusion protection logs when I attempt to connect.

    Application control: 

    07:56:23 Application control rule #1 Steam  
    10.10.77.100 : 51702
    208.78.165.139 : 28076
    		 
    len=442 ttl=127 tos=0x00 srcmac=00:30:48:b1:cd:c1

    Rule #1 is allow

    Firewall:

    07:57:33 Packet filter rule #4 UDP  
    10.10.77.100 : 55222
    208.78.165.139 : 28076
    		 
    len=51 ttl=127 tos=0x00 srcmac=f4:6d:04:5b:fe:fa dstmac=00:30:48:b1:cd:c0

    Packet filter rule #4 is Internal LAN to any allow.

    I do not have any network definitions that aren't <<Any>> interface beyond my domain controller.

    Masquerading is Internal Network to Cable Modem.

    I have zero NATs set up.

    Link to wireshark: drive.google.com/.../view

     

  • 0 in reply to SoulDragon

    Also as a side note I just downloaded a VPN and while connected to it I was able to connect fine.  I spectated a game for a moment and the second I disconnected the VPN, I was unable to continue watching.

  • 0 in reply to SoulDragon

    It's just a guess, but your last two posts indicate that your ISP may be blocking this traffic.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I wish it were that easy, but as in OP when I bypass the UTM and plug directly into my modem, I can connect just fine as well.  I even plugged my tower directly into the internal port on the UTM to remove all other devices from the network and it did not help either.

  • 0 in reply to SoulDragon

    Does no one have any further things to try?  No hidden logs to check or config to look at?

  • 0 in reply to SoulDragon

    Hi, when it comes to custom applications that are not widely used, unfortunately you will have to be the first one to figure out how to make it work. Here are the steps I would take

    1. Turn off IPS

    2. Turn off webfiltering

    3. Create Dota 2 service definition http://dev.dota2.com/showthread.php?t=15261

    Type of definition UDP

    Destination Port 27015:28999

    Source Port 1:65535 (Narrow that range down once you get the application working to 27015:28999)

    4. Create a firwall rule Source your PC > Services Dota 2 > Destination > Internet. Enable logging on the rule.

    4. Test the application and keeping an eye on firewall log to see if anything is being blocked.

    5. If application doesn't work, look for what is being blocked and open additional ports that are being blocked.

    6. Once the application works, enable web filtering and IPS. You may need to make exceptions for your PC in webfiltering.

    I never understand why people run IPS on gaming networks. IPS will and does create lag in your network traffic and won't do anything positive for your experience.

    Hope this gives you some clues on how to make DOTA 2 work. 

  • 0 in reply to Billybob

    Ah well, I'm giving up.  I've already tried all the steps in your post to no avail beyond the specific firewall rule.  Firewall logs state every last thing is allowed.  Creating the specific rule with logging just revealed more things being allowed.  This suddenly started happening out of nowhere in the past two weeks, no configuration changes except adding the new domain controller.  Wireshark seems to state that replies are getting back but for some reason it just doesn't want to kick over.  I will probably blow out the config and start from scratch.  None of this makes any god damn sense.  Thanks for trying.

  • 0 in reply to SoulDragon

    Hello all, I'm Souldragon's buddy and both of us run UTM9 servers, we've been at this thing for a week now and have not come to any conclusion.

     

    But there is one thing I have noticed, ever since the last patch things have gotten funky. I had issues with all my wildcards and had to recreate all those without the *., so I do not know if the lastest patch has broken something or has changed something.

     

    We are both at a loss.

Unfiltered HTML