HACKER Q&A
📣 xeonmc

tunneling service for self-hosted one-off gaming session with strangers?


With the recent Tailscale Funnel announcement, I briefly had my hopes up of perhaps finally being able to host one-off game sessions without asking everyone else to install clients or register accounts.

Simply give them a one-off URL that they type into their gameclient and they connect to it exactly like a public server, which I can then disable after the session.

However, it seems that Tailscale Funnel it is limited to TCP connections, for security reasons I suppose.

I then looked at ZeroTier but it seems like yet another Hamachi-clone, all participants are still required to install clients.

Is buying a VPS/opening your home internet firewall really still the only way in 2022?

I know that Steam Networking allows for p2p connections via their backbone, but it requires the game itself to have the API programmed, you cannot tunnel third-party programs through it.

I feel like this is a glaring product void that inexplicably nobody seems to have noticed? One would think that a gaming-focused company like Discord would have picked up on such a use case by now (coordinating short self-hosted gaming sessions with strangers without configuration).

  👤 themoonisachees Accepted Answer ✓
At the end of the day, your clients have to connect to a socket on a server somewhere. Either the server is in the cloud (ok, but who pays for that?), and your pc has a client on it that opens a tunnel from that cloud to your pc, or they have to connect to a socket on your home ip, for which you need to open a port in your router.

The only other thing that can exist, semantically, is nat hole-punching, which unless you have very good coordination with your friends can only be done through software (and also involves a server but less so).

Maybe reconsider why you can't forward ports on your router? If the server isn't listening for connections on that port it's undistinguishable from a closed port, and if it is then it is available as a game server.

👤 hayst4ck
I feel like no matter what, the game client acting as a server must have a hole in the firewall or a coordinating client.

> Simply give them a one-off URL that they type into their gameclient and they connect to it exactly like a public server, which I can then disable after the session.

What's the difference between this and a script that SSH's to your firewall and toggles a port's open-ness or alternatively a script that sends the required POST requests to authenticate and toggle your firewall (easily pulled out of the network dev tools in your browser as curl's)?

There's a hole in your firewall either way. What difference does it make if that hole that opens to your network is in tail-scales servers (with a public IP and port) or yours?

> I feel like this is a glaring product void that inexplicably nobody seems to have noticed?

I don't think this is a product void at all. The security cost of port forwarding to port in the non ephemeral range with no listening service is quite low.

👤 solardev
I don't understand what you're trying to tunnel. Don't most games these days work online anyway and have built in firewall / router traversal, usually via a hosted server or some such?

Worst case, can't you rent a dedicated server? Those are usually pretty cheap and people can just connect to them by IP.

👤 joenot443
Back in the day we used Hamachi for this. Looks like it's been acquired by LogMeIn (bleh), but perhaps the same functionality is there.

https://www.vpn.net/

Good luck!

👤 jacooper
Port-forwarding ?

Ngrok?

https://github.com/anderspitman/awesome-tunneling

👤 simne
You could tunnel udp through tcp, but have to install additional software on each machine, and could see some issues with speed/reliability.
👤 ergvgdvgrd
We play red alert with custom games by creating ssh tunnels to a public server. Not strictly necessary, but easy to do with ssh.