Discussion Need help with networking for Ark Survival Ascended, Odd Server Behavior.

[Chainsaw787]

I'm hosting an ark server for a group along side some other game servers. My current setup is a windows machine at home hosting the game servers and using Zerotier to connect the PC to a VPS running Ubuntu hosting a Caddy with the L4 module.

All my other game servers with this setup work perfectly, except for a small issue with ARK Survival Ascended. It shows up in the server browser but it always gives a "Joining Failed, Connection timed out" error every time you try and join, UNLESS you manually connect via the "open IP : PORT" command. Then it lets you join and play just fine.

On a direct LAN connection to the server everything works as its supposed to.

Outside connections coming in have this issue "Joining Failed, Connection timed out".

I noticed Nitrado (of which this save is migrated from) uses a HTTP Listener Override config in the Engine.ini file of the game, however my config shows the HTTP listener bound to 127.0.0.1, and using the config in the Engine.ini to change it to port 8888 which is what's already opened for it by default, and the IP to the Zerotier IP. It doesn't seem to change anything.

I've also tried using different Caddy Configs thinking something wasn't configured right, to no avail.

 

[bill001g]

You have a complex setup not sure someone here will know the details.

Do you have the ability to test this yourself. Note testing from the same internal network using the external IP adds a new set of strange issues related to what is called hairpin nat.
If you could test via a hotspot on your phone that might be a option....assuming it gets the same error.

All I can do is provide general troubleshooting for stuff I have never seen. What you want to do is run wireshark on the remote machine. The goal is to figure out what is different when you try to connect and it fails and the connection you use the open command.

I suspect it using a port other than the one you have forwarded.

You might start out with a brute force capture to be sure it is not talking to the wrong IP. Might get lots of data so a filter with just your external IP might help but again a filter might hide the real problem if the application is trying some other IP.

 

[Chainsaw787]

Testing with the hotspot is actually one of the first things I tried, and I did get the same error.

I did a thorough check my configs to make sure I wasn't missing anything and everything should be good. Although in doing that I found something interesting that using "netstat -aon" on my game server host machine. The query port I have open doesn't seem to be used at all for the ark server, just the one game port and RCON. That being said, it's working on LAN still... Interesting...

I'm very new to Linux let alone using Wireshark on Linux. But I do think that may tell me exactly what's going on.

 

[bill001g]

The wireshark app itself looks the same...If you have to do something special to get it to capture traffic I don't know. Linux has a native command that will capture traffic into a file. Been a long times since I messed with that.

Do you run linux on the client machine or just the server. You want to run wireshark on the client. Best if you could compare what it looks like when you run on the lan and when it is running though the hotspot.

 

[Chainsaw787]

Ohhhhh gotcha.

So my setup visually looks something like this.

(Win 11: Running game servers) > [Zerotier tunnel] > (Ubuntu VPS: Running Caddy with Layer4, Has Static Public IP and Domain) > Internet > Users: Windows 10/11, Ark Game Client.

So I would use Wireshark on MY machine then correct? Check from my Windows 11 machine the difference to the server on LAN vs the Hotspot?

 

[bill001g]

Yes you are just looking for a clue it still really does not tell you how to fix it.

You just have to hope both the one that works and the one that fails are not the same on the client machine.

You are still in the massively complex issue of how does game company software really run with the added complexity of running virtual machines in the path. Wireshark can run on even a virtual machine but it has been many years since i messed with anything like that. I am sure there are others on this forum who can help with linux stuff but you might have to repost into another forum. There are so many posts on this forum thing get lost quickly if they are in the wrong category.

But maybe you get lucky and get just enough of a clue to fix it.

 

[Chainsaw787]

Ok I found a big clue just now. I haven't used Wireshark yet, but my curiosity and stubbornness have just lead me to my reason why its doing what its doing. I did learn that the server only uses the single game port and the RCON port exclusively. No query port and no game port plus one like its online guide says interestingly enough.

But... I was helping configure some settings for the players using the server and at the same time was changing network settings to see if anything changes. And it didn't. But what caught my eye was when I did a port scan externally from the reverse proxy and saw that game port (quad-seven) was closed. And for some reason that reminded me of when I was hosting an enshrouded server, that server refused to start unless it had access to the internet to connect to steam before advertising to the server list, hence it got its internet through my regular network, then started to advertise through caddy to the public.

So I think I understand now that the ARK Survival Ascended server is doing something very similar. What I think is happening is ARK is trying to reach out through an internet connection as well to advertise the server but since the Zerotier connection doesn't provide internet access, (just connecting my server and the proxy through VLAN) ARK doesn't advertise the server to the Zerotier address. But manual connection still works since Caddy is doing the handover from the reverse proxy...

Now to figure out how the flipping heck to fix that... It should be honoring the multihome setting, but its not.

 

[cruisetung]

I don't play games so I could be wrong, but I wonder why you have to make it so complex.

In theory if you already have ZeroTier VPN running, you shouldn't have to have a public IP server running in the cloud as long as all devices (yours and your friends') joined the network you created, the intermediate caddy reverse proxy shouldn't be needed and all devices can see each other without any port forwarding.

 

[Chainsaw787]

I don't play games so I could be wrong, but I wonder why you have to make it so complex.

In theory if you already have ZeroTier VPN running, you shouldn't have to have a public IP server running in the cloud as long as all devices (yours and your friends') joined the network you created, the intermediate caddy reverse proxy shouldn't be needed and all devices can see each other without any port forwarding.

Yes you are absolutely correct, and that does 100% work.

But... This setup is intentional because of a few reasons.

Keeping it simple for the users joining the server: I would definitely use just ZeroTier if it was just a few people, but I have 10+ people and growing using my game servers. Not needing additional software to play on my servers is convenient for the players.

Security: If I'm not mistaken, a single infected computer has the potential to spread malware through the ZeroTier network as it's a virtual LAN connection. I know you can limit what it has access to by its flow rules, but I basically do the same in caddy anyway.

Scalability: I also host a website for controlling the game servers for the players that play on them. Gives them access to change server settings as they please, and let's them add mods and modify game files without my input and is fine tuned by the web software.

Future expansion: I can use server clustering in the future if I need to along with having the servers publicly available to my discord users.



Also from my current understanding even if I removed Caddy and the public IP, I don't see it fixing the issue with the server. ARK isn't advertising the server through the ZeroTier connection so you would still be required to command line in to join the server