Port Forwarding removal

[xzalek25]

Hey guys!

i am writing because I have a feature request for the game. My parents and I'm sure other parents in the world feel the same way, but they raise security concerns about Port Forwarding in multiplayer.

Can a feature request be submitted for a fix to the game where you don't have to Port forward your router to play?

 

thanks

xzalek25

[imlegos]

I don't think this is physically possible.

(That's what Jimmy said)

[YoloSweggLord]

I don't either.

[imlegos]

Also, port forwarding is only required for hosts, not clients.

You can play MP without PFing, just not host.

[X7123M3-256]

57 minutes ago, xzalek25 said:

Hey guys!

i am writing because I have a feature request for the game. My parents and I'm sure other parents in the world feel the same way, but they raise security concerns about Port Forwarding in multiplayer.

Can a feature request be submitted for a fix to the game where you don't have to Port forward your router to play?

 

thanks

xzalek25

You don't need to port forward in order to play, only to host. Two points need making: firstly, port forwarding is not something the OpenRCT2 dev team have any control over. It has to do with internet architecture, and specifically, the fact that most home networks use network address translation, which assigns every device on your network it's own private IP. The router does not know which machine to direct incoming requests to unless you tell it, and that's what port forwarding does. You do not need to port forward if you are connected over LAN, only if you want to be accessible to players on the wider internet.

Why do we use NAT so widely? Because the IPV4 address space is all but exhausted and there simply aren't enough of them to give every device a globally unique IP. It's successor, IPV6, has a lot more addresses, but adoption has been slow (I guess if you're using IPV6 then you don't need to port forward? Someone with better networking knowledge than me please tell me if that's true)

That said, there exists a technique called hole punching, which can be used to establish a direct connection without the need to port forward. My understanding is that both servers first make outbound connections to a third server, which then relays details of the connection back to the clients so that they can connect directly to each other through the NAT. I have no idea if it is a viable option for OpenRCT2, but I think there are other games using a method similar to this, so maybe someone who works on the networking code could comment.

Secondly,  I'm not sure if this would improve security. My understanding is that simply port forwarding is not a security risk, it's having something listening on that port that is - because that server may have exploitable vulnerabilities (and there is no reason to believe OpenRCT2 is any exception). But, if you want to act as a server, you have to allow people to connect somehow, because that's what a server does. There may be other concerns that I'm not aware of, but you should be aware that the only totally secure machine is one not connected to the internet.

[YoloSweggLord]

16 minutes ago, X7123M3-256 said:

the only totally secure machine is one not connected to the internet.

Well said.

[cascadia]

4 hours ago, X7123M3-256 said:

the only totally secure machine is one not connected to the internet.

 

3 hours ago, YoloSweggLord said:

Well said.

 

And even then, hackers can just not use their computers and instead use social engineering to get access to the non-connected machines.  It's how Kevin Mitnick worked. 

[Broxzier]

"If you type and post your password, it appears as stars. Look: *********** Try it out!" - Kevin Mitnick

[MrAxist]

You can also use programs like Tunggle or Hamachi to host your local area network. This way you aren't required to open your ports.

[WDSnav91]

I am surprised no one has brought this up..uPnP. Most if not all routers support it these days and allows application to forward the ports automatically. Can this be done?