"Failed to connect to server" error - SOLVED

[Vantha]

Hi

I always got the "Failed to connect to server ..." error when trying to join any game in the multiplayer lobby. I know how frustrating it is and I've seen quite a few players having the same problem. There are a few forum posts etc. about this error but none of the suggested solutions worked for me. 

I managed to solve the issue  and for me the problem was something I've never seen mentioned anywhere else. I'm making this post to help other players who might have the same issue as me.

 

At first check if your firewall or antivirus is blocking 0ad, try port forwarding 20595 and so on ( like mentioned in other posts). But as I said, for me that didn't help.

 

For me the problem was that my ISP was using CGNAT. CGNAT basically means that your router does not have an individual public IP address. It shares a public IP with other devices on the internet.

This is how to check if your ISP uses cgnat:

https://www.purevpn.com/blog/how-to-check-whether-or-not-your-isp-performs-cgnat/

 

If your ISP uses cgnat than thats probably what's causing the issue. Just call your the customer support of your ISP and ask them to give your router a public IP address that's not behind cgnat. In my case that solved the problem and it took like 5 minutes.

 

(Also don't explain the problem to them it will just overcomplicate everything).

 

To check if your ISP has given you a public IP that's not behind cgnat just follow the steps in the link above to check.

If the issue remains with a public IP address not behind cgnat, call them again and explain your problem in details this time.

 

If the customer support tells you they can't give you a public IP that's not behind cgnat or you need to pay extra just call a few times. sometimes it depends on who picks up wether they want to do this for you. If they really can't and you've tried everything else and the issue remains then the only option I see is to change ISP.

 

I don't how common cgnat is the reason causing this error...but maybe cgnat should be mentioned somewhere in the error message to make it more clear.

 

Also, please note that I'm not a networking pro so feel free to correct me. 

Edited March 28, 2023 by Vantha

[Lion.Kanzen]

@Stan`

[Stan`]

Thanks for the report!

Unfortunately there is not much we can do here. Glad you figured it out

[Norse_Harold]

I've been telling people about Carrier-Grade NAT for a while. It seems to disrupt STUN negotiation. It's unfortunate that the users who are least likely to be knowledgeable about networking and troubleshooting are also the most likely to be using Internet connections that have CGNAT. It's increasingly common now, due to IPv4 address exhaustion. It's also another step toward creating consumers out of us instead of content creators and empowered Internet peers.

How to diagnose whether you have CG-NAT? Login to the administration interface of your modem and check the WAN or Internet IP address. If it's a private IP address (192.168.x.x, 172.16.x.x, 10.x.x.x, 100.x.x.x, or 0.0.0.0) then you likely have Carrier-Grade NAT. Also check your public address with whatismyip.com or similar websites. If the modem's admin interface indicated IP does not match the IP listed by whatismyip.com then you likely have Carrier-Grade NAT.

If you have Carrier-Grade NAT and you want to request "public IP address service" then this document could help you with explaining to your ISP what you want. There's usually an additional monthly fee for the service.

I'll add a mention of this to the FAQ.

Edited January 9 by Norse_Harold

[Vantha]

Yeah, Cgnat seems to block peer to peer connections.

 

12 hours ago, Norse_Harold said:

There's usually an additional monthly fee for the service.

It depends on your ISP. At my ISP some people at the customer support would tell you that you need to pay extra and some would just do it for you. 

[Vantha]

On 27/03/2023 at 11:14 PM, Norse_Harold said:

It's unfortunate that the users who are least likely to be knowledgeable about networking and troubleshooting are also the most likely to be using Internet connections that have CGNAT.

Thats why I suggest to include in the error message that cgnat could be what's causing the issue

Edited March 28, 2023 by Vantha

[phosit]

We should make the network-error messages more detiled. e.g. Detecting that a ISP does block UDP should be possible.

[Norse_Harold]

I don't think that the issue is UDP being blocked by the ISP. It's more complex than that.

It's already known that STUN doesn't work in all cases. It depends on the network configuration of each peer.

There's software that can be used to test STUN. The Linux package is named something like stun-client. A Windows version is available here. Here's the manpage for it. Alternatively, if your web browser supports WebRTC, there's a website-based STUN test available here.

Here's the output that I get when I run tests 0, 1 and 2. I don't have CGNAT. Notice that the return value of test 0 is 0x000010, and the return value of tests 1 and 2 is 0x000000.

STUN client version 0.97
running test number 0
Bad length string 15
problem parsing ServerName
Bad length string 15
problem parsing ServerName
Bad length string 15
problem parsing ServerName
Bad length string 15
problem parsing ServerName
Primary: Open	
Return value is 0x000010
STUN client version 0.97
running test number 1
Bad length string 15
problem parsing ServerName

Return value is 0x000000
STUN client version 0.97
running test number 2
Bad length string 15
problem parsing ServerName

Return value is 0x000000

Can someone with CGNAT please post the output of this command?

stun -v lobby.wildfiregames.com 0 ; stun -v lobby.wildfiregames.com 1 ; stun -v lobby.wildfiregames.com 2

Edited March 30, 2023 by Norse_Harold

[Norse_Harold]

I found an article that explains why STUN doesn't work when Carrier-Grade NAT is involved.

STUN assumes that the network address translation (NAT) mapping and firewalling preserves the NAT mapping and firewall opening, for return traffic to the source UDP port, regardless of the destination address. CGNAT has endpoint-dependent NAT and firewalling, so STUN doesn't work with it.

Solutions for people who have CGNAT.

1. Sign up for public IPv4 address service

or,

2. Use a VPN that has endpoint-independent NAT and firewalling.

or,

3. Use a VPN that has endpoint-dependent NAT and firewalling, but that supports port forwarding. Enable a port forward to your public address. Host the game on the port that you have forwarded.

or,

4. Same as solution 3, but instead of hosting, apply a patch to the game to control the source port for the outgoing connection. Ensure that 0ad uses the port number that you have forwarded as its source port for the outgoing connection. Connect to the friend's game as a client.

Edited August 1, 2023 by Norse_Harold

[Gurken Khan]

Alternatively you can ask your ISP to change to a service where you have a real IP address instead of CGNAT; or change your ISP. (I recently read about the first case in a blog.)

[Vantha]

On 30/03/2023 at 3:36 AM, Norse_Harold said:

Can someone with CGNAT please post the output of this command?

@Norse_Harold I dont know if you still need it, but here it is anyway:

Quote

Encoding stun message:
Encoding ChangeRequest: 0

About to send msg of len 28 to 136.243.44.163:3478
Encoding stun message:
Encoding ChangeRequest: 4

About to send msg of len 28 to 136.243.44.163:3478
Encoding stun message:
Encoding ChangeRequest: 2

About to send msg of len 28 to 136.243.44.163:3478
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName
Received message of type 273  id=1
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName
Received message of type 273  id=2
Encoding stun message:
Encoding ChangeRequest: 2

About to send msg of len 28 to 136.243.44.163:3478
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName
Received message of type 273  id=3
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName
Received message of type 273  id=3
test I = 1
test II = 1
test III = 1
test I(2) = 0
is nat  = 0
mapped IP same = 1
hairpin = 0
preserver port = 0
Primary: Open    
Return value is 0x000010
STUN client version 0.97
running test number 1
Opened port 20502 with fd 3
Encoding stun message:
Encoding ChangeRequest: 0

About to send msg of len 28 to 136.243.44.163:3478
Got a response
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName

Return value is 0x000000
STUN client version 0.97
running test number 2
Opened port 25099 with fd 3
Encoding stun message:
Encoding ChangeRequest: 4

About to send msg of len 28 to 136.243.44.163:3478
Got a response
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName
 

Return value is 0x000000

 

The return values are the same as in your test, but i can confirm the test was run on a device connected to a router behind CGNAT.

[Dunedan]

I know I'm a bit late to this party, but CGNAT shouldn't be the cause for not being able to connect to games hosted by other players. Being behind CGNAT is a cause for not being able to host games, but connecting to existing games should work with CGNAT as well.

@Vantha I understand that getting your ISP to switch you from CGNAT to a public IP address solved the issue for you, but I guess there was more to it than just this change. My guess is that your ISP does something like filtering traffic for CGNAT users (for example blocking UDP traffic from "unknown" ports), which isn't there for users without CGNAT.

[Vantha]

As I said in the PR, yes, players behind CGNAT are able to join some hosts (who have an open, server-like connection), but not the average one. And that's the frustrating about this problem. It might just be, because CGNAT often goes hand-in-hand with some strange and unpredictable port mapping or blocking performed by the ISP.

About a year and a half ago, me and @Norse_Harold did a thorough investigation on this issue. This thread was really only the beginning. The information from my side here is quite superficial and outdated. The FAQ entry is a much better and up-to-date summary of my/our understanding of the issue.

@Dunedan I don't know what terms you are on with @Norse_Harold right now and neither what he's been up to lately. But if you want to dig into this issue, I highly recommend you to contact him. He's the real expert on this topic.

[Stan`]

1 hour ago, Vantha said:

As I said in the PR, yes, players behind CGNAT are able to join some hosts (who have an open, server-like connection), but not the average one. And that's the frustrating about this problem. It might just be, because CGNAT often goes hand-in-hand with some strange and unpredictable port mapping or blocking performed by the ISP.

About a year and a half ago, me and @Norse_Harold did a thorough investigation on this issue. This thread was really only the beginning. The information from my side here is quite superficial and outdated. The FAQ entry is a much better and up-to-date summary of my/our understanding of the issue.

@Dunedan I don't know what terms you are on with @Norse_Harold right now and neither what he's been up to lately. But if you want to dig into this issue, I highly recommend you to contact him. He's the real expert on this topic.

It could be that people like me who have a shared IP cannot access all the ports, because some of them are used for another router. STUN might try to use them though and give up? E.g. I cannot forward the 20595 port because it's given to another person with my IP

[Vantha]

15 hours ago, Stan` said:

It could be that people like me who have a shared IP cannot access all the ports, because some of them are used for another router. STUN might try to use them though and give up? E.g. I cannot forward the 20595 port because it's given to another person with my IP

Not really. As far as I remember, 20595 is only chosen as the port on the host side and on the first gateway (in the case of CGNAT, your own router). The ISP's router at the head of that second, larger network, should ensure to consistently forward packets over and to the same ports. They just often do a terrible job at this. As soon as this consistency is lost (between contacting the STUN server and the target host) is precisely when STUN breaks.

Whether this actually means that STUN would work with an ideal Double NAT / CGNAT: I don't know. It's difficult to reliably test stuff like this.