# Internet connection barriers {% hint style="info" %} **Applies to** : FGC (+ FGU in LAN mode) Default ports : FG "Classic" = TCP 1802, FG "Unity" = UDP 1802 {% endhint %} The last 3 points relate to your Internet connection. **Most GMs** have a single "Internet router" and **do not have to bother about Barrier 6.** ## Barrier 4 :japanese\_goblin: : The NAT/PAT frontier on the Internet router Most home Internet connections are delivered through a single all-in-one device we'll call an "Internet router", which actually does several jobs at once : * **Modem** : it adapts an electrical or optical signal on your ISP line to and from network traffic on your side (*depending on installations, this may actually be done by a secondary "adapter box" located just between your Internet router and the ISP line itself*) * **WIFI access point** : it enables wireless connection for your devices (PC/Mac, Tablet, Phone, SmartTV, etc) * **Router** : it routes network traffic between your own *private* "in-home" network space to and from the *public* Internet * Other roles : * **Ethernet mini Hub or Switch** : it can provide several ethernet ports for wired connections * **DHCP server** : it assigns private IP addresses to connected devices on your internal network (plus a minimal set of networking parameters) * **DNS forwarder** : it helps your connected devices getting DNS names (like [fantasygroundscollege.net](https://fantasygroundscollege.net) or [www.fantasygrounds.com](https://www.fantasygrounds.com)) resolved into public IP addresses * depending on the model, it may also provide **other services** like file or printer sharing, dynamic DNS updater, etc... The critical elements here are the **Router** and **DHCP Server** features of your "Internet router" : * when your devices are connected to it, it's **DHCP Server** feature delivers **one PRIVATE IP address to each device** on your home network; *your GM FG machine is one of those*. * when the "Internet router" is connected to your ISP / the Internet, the **Router** has a **single PUBLIC IP address** * the **Router** then uses something called NAT (Network Address Translation) or more specifically PAT (Port-Address Translation) to **"share" it's single public IP** for all your devices communicating through it with the Internet So **ALL your devices**, when communicating with the Internet via the Router, are seen as the same **single PUBLIC IP address** as the Router itself, and **your FG machine** (the GM's one) **is only one of many** such devices "using" the same public IP. When an **incoming communication request** comes in from a remote FG player, **the Router needs to know** specifically **where to route that request** (i.e. to your GM FG machine, not to your SmartTV ! :stuck\_out\_tongue: ); **otherwise the Router will just ignore** the communication request. {% hint style="warning" %} #### This is where **Port Forwarding** comes into play ! {% endhint %} **You have to** **give the Router a rule to accept TCP 1802 packets coming in on the single public IP from the Internet, and to forward them to your GM FG machine (on its private IP), still on port TCP 1802**. This is called a **Port Forwarding rule**. ### Port Forwarding Setting up port forwarding for FG means you usually have to : * enter the administration/setup facility of your "Internet router" (and you probably need the proper administrative username + password for that) * Best practice (may even be required, depending on your model) : **assign a Static Private IP address to your machine**\ :warning: ***See the Dynamic/Static Private IP point below*** :warning: * locate the Port Forwarding features, which may be called by many different names depending on the device brand; you will generally find them under a "NAT" / "PAT" / "Advanced" section... * enter a rule for Fantasy Grounds with basically : * (potentially) a name * the public / external port : **TCP 1802**\ \&#xNAN;*This is the port on which the Router will "listen" for connection requests incoming from remote FG players* * the destination machine : depending on your model's features, either choose from a list of devices, or enter an IP address - ***This must be your GM FG machine (private IP) !***\ :warning: ***See the Dynamic/Static Private IP point below*** :warning: * the destination / private / internal port : **TCP 1802**\ \&#xNAN;*This is the port of your GM FG machine on which FG listens to incoming player connections* * for some models you also will have to "Save the configuration" **As an example**, here is the rule i use at one of my network locations (my current W7 machine is called AST7NBEF, selected from a dropdown list, and I simply added a "custom" rule that I called "FG") : ![FG Port Forwarding rule](https://681104499-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhjKavWMofrik61tHfB%2F-LiDL52XttUkv-N2SoAn%2F-LiDLzmiHIrX07EJSmZh%2Fimage.png?alt=media\&token=aff9b845-f33e-4902-aac6-9dca0d62cf70) ### Dynamic/Static Private IP address {% hint style="warning" %} If your model of router records a port forwarding rule target as an IP address you should **assign your GM FG machine a Static Private IP address in the router DHCP section.** **It is a** :thumbsup: **good practice even if your router does not require it explicitely.** {% endhint %} This way, every time **your GM FG machine** will reconnect to your local "home" network, it **will always get the same Private IP address**. **Otherwise** it gets a (random) **Dynamic Private IP** address when reconnecting, and after a few hours/days being off-line that new Private IP **may not be the same as what you specified in your port forwarding rule**, which would then be useless... :weary: As an example, here is the network setup at the same location as above : ![Private IP addresses in the DHCP settings](https://681104499-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhjKavWMofrik61tHfB%2F-LiDL52XttUkv-N2SoAn%2F-LiDRnFWvGLwxUm4JYf3%2Fimage.png?alt=media\&token=c24a0d56-096e-44e6-acbd-83dcbedc9bf4) And here is the bottom of the page with the **static IP reservation** part, where you can see I have the private IP 172.30.131.11 reserved for my W7 and it will always get this private IP every time I come to this place : ![Static Private IP address](https://681104499-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhjKavWMofrik61tHfB%2F-LiDL52XttUkv-N2SoAn%2F-LiDQ0rAVM0F5G6cuZ58%2Fimage.png?alt=media\&token=16c30805-cc08-465f-8b95-825b533ce83e) {% hint style="warning" %} This has **NOTHING TO DO with your PUBLIC IP**, which can also be either *dynamic or static* depending on your Internet connection subscription. {% endhint %} {% hint style="success" %} A large info repository on many "Internet router" brands/models is available at where you may find more step-by-step instructions for your own specific model. ***Just be wary of all the links inciting you to purchase "magical" tools and/or subscriptions there !*** {% endhint %} ## Barrier 5 :thinking: : "Internet router" integrated firewall Some "Internet routers" also have integrated firewall settings that may totally ignore your port forwarding rules, and prevent any incoming connection request. So be sure to check your **Internet router settings to** :thumbsup: **remove firewalling at least for TCP 1802, used in your FG Port Forwarding Rule, or else...** :thumbsdown: {% hint style="success" %} **If :** * **you have cleared barriers 1 to 5** * **AND you have only 1 "Internet router" between your local network and the Internet** * **AND you are not in one of the NO-GO situations,** **then :** **You should be OK** :ok\_hand: **to host games on Fantasy Grounds !** :smiley\_cat: **without needing a VPN** :smile: {% endhint %} ## Barrier 6 :weary: : Cascaded devices with NAT/PAT Bad news ! **Each and every "layer"** from the most "outer" (= Internet) side **has to Port-Forward TCP 1802 to the next "inner" layer** : from router to router until the last one, which must port-forward to the GM FG machine as above. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zeferby.gitbook.io/transparent-openvpn-for-fantasy-grounds/general/internet-connection-barriers.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.