Fantasy Grounds - Port Forwarding - Transparent Op
  • Fantasy Grounds - Port Forwarding and a "transparent" OpenVPN setup
  • General
    • Introduction - F.G.Comms
    • GM's machine barriers
    • Internet connection barriers
    • Some NO-GO Situations
    • VPN solutions
  • Proposed Solution
    • "Transparent" OpenVPN-based Port Forwarding
    • Tools
    • Amazon Web Services
    • Setup process overview
  • Local setup - Step-by-step
    • Step 0 : Preparation
    • Step 1 : OpenVPN + Easy-RSA & "new-PKI"
    • Step 2 : Create your own PKI
    • Step 3 : Setup OpenVPN connections
  • AWS Setup - Click-by-Click
    • Step 4 : Your AWS environment
    • 4.1-Creating the IAM Role
    • 4.2-Choosing the AWS Region
    • 4.3-Creating the S3 bucket
    • 4.4-Virtual Private Cloud - Default VPC
    • 4.5-Creating an AWS Key Pair
    • 4.6-Creating an AWS Security Group
    • 4.7-Filling the bucket
    • 4.8-Building the Launch Template
  • Transfer & First Test
    • Step 5 : Transfer to S3
    • Step 6 : Launch time !
    • Step 7 : Connect, test, fix glitches
    • Step 8 : Destroy/"Terminate" after use
  • Use your server
    • Regular Usage Pattern
  • Simultaneous FG games / 1 VPN Server
    • Lifting the "1 GM at-a-time" restriction
    • FGU vs. FGC networking
    • VPNs for both FGC + FGU (LAN mode)
  • Upgrading our setup for "N-at-a-time", FGC/FGU
    • Untitled
  • Appendixes
    • Acronyms and definitions
    • AWS acronyms
    • AWS admin user + API access key
    • AWS, DNS, DDNS, CRL...
    • Possible (?) developments
  • Links
    • Fantasy Grounds Web
    • Fantasy Grounds Discord
    • FG College Web
    • FG College Discord
    • FG College KB
    • Our "EU" Discord
    • OpenVPN
    • AWS
Powered by GitBook
On this page
  • "Closed" VPNs
  • Other VPN offers
  • Your own 1 GM-only VPN server based on industry standards
  • Always remember...

Was this helpful?

  1. General

VPN solutions

PreviousSome NO-GO SituationsNext"Transparent" OpenVPN-based Port Forwarding

Last updated 4 years ago

Was this helpful?

Thankfully, if you find yourself in a NO-GO situation, and as long as your can establish outgoing connections to the Internet, you should be able to use a VPN-based solution.

There are multiple commercial offers for VPN (=Virtual Private Network) services available nowadays.

Many of them are targetted at either hiding your own public IP address for privacy reasons, or gaining full access to the Internet in countries where the government imposes harsh restrictions.

Others provide one or multiple kinds of "real" VPN functionnality like "closed VPNs".

Some of them (like , which is well known in the gaming sphere) provide a free tier.

I have not actively tested commercial VPN offers other than Hamachi.

Hamachi is a very neat solution for "closed" VPNs with multiple options for network setup and it supports Windows, Mac, Linux and mobile platforms.

Their free tier is very good and quite sufficient for FG-like requirements (you can host 4 players in a free VPN and create multiple VPNs simultaneously for more players if needed).

If you want to try out Hamachi, you'll find them at :

Be sure to read the Getting Started document available at :

"Closed" VPNs

Some offers (like the free Hamachi offer) enable setting up a "closed" VPN where only members of the VPN created by the GM are able to connect to the GM's machine (or to each other, depending on the networking options you choose).

"Closed" VPNs are actually what VPN technology was initially designed for.

My personnal preference, both as a GM and as a player, is to avoid using that kind of offer, because :

  • it implies that all players install the same VPN software and setup their access to the specific game or GM VPN

  • for Hamachi specifically : it maintains a permanent set of networking parameters in my machine, even when not in active use, that sometimes interfere with my own (rather complex) network settings: i am often connected to 2 or 3 other VPNs at a time for work, and my laptop also supports local networks for virtual machines all the while...

  • there may be advertising spam with some VPN suppliers...

  • I have my own VPN servers

But "closed" VPNs are a very valid option for a GM :

  • you can select the players who will be able to access your game by including / excluding people from your own VPN(s), or close/create new VPNs at will

  • with some "network topologies" (like the Hamachi "hub-and-spoke") you can maintain network isolation between players ("spokes"), enabling them to reach only the "hub" (your GM FG machine)

Other VPN offers

Given the new popularity of VPN services, this is a battlefield ! Just google "VPN Services" to find out...

Be cautious about several points :

  • subscribing to any VPN service offer implies some trust in the service company...

  • VPN service offers do not mandatorily have an available/reliable free tier

  • VPN service offers do not mandatorily support port forwarding

Your own 1 GM-only VPN server based on industry standards

What we propose in the following sections is :

Creating your own small VPN server to "break barriers 4-6"

  • mono-client : 1 GM (you) only

  • with pre-installed FG-only port forwarding (this is actually independant of the VPN itself)

  • for a cost of $0 (or a neglectable cost if you already exceed the Free Tier bounds due to other usage of AWS)

  • "transparent" for the players

  • non-intrusive for the GM's machine

I have used OpenVPN since 2004 both for professional and personal usage in various server and/or client configurations (with some machines being both multi-servers and multi-clients), on Linux/Windows/Android, and it is to this day by far my preferred VPN foundation, including for mobile platforms.

Quite a number of commercial VPN offers either rely on, or support OpenVPN.

Always remember...

Remember that whatever your network setup is, you still have to check your GM FG machine for barriers 1-3 !

based on SSL/TLS with edition

hosted on a minimalist Linux virtual server at (Amazon Web Services)

100% under your own control : you are the VPN provider, and you are your only client

It does require some initial setup effort, which then makes it a no-brainer to start/stop/destroy/recreate your very own Amazing Port-Forwarding OpenVPN-Powered Fantasy Grounds Hosting solution

If you are tech-savvy and want to discover more/advanced options, be sure to explore the OpenVPN + Linux combination : it has nearly endless possibilities.

If you want to know more about OpenVPN, read the Howto at and more generally browse the useful docs and articles available at

For a community with multiple GMs, start with the 1-GM-at-a-time setup, then continue with the new sections starting at

Don't worry, I know you'll have forgotten by the time you test ZeSolution ! I'll remind you...

😁
🙃
🤣
Hamachi
https://www.vpn.net/
https://secure.logmein.com/welcome/documentation/EN/pdf/Hamachi/LogMeIn_Hamachi_GettingStarted.pdf
OpenVPN Community
AWS
iptables
https://openvpn.net/community-resources/how-to/
https://openvpn.net/community-resources/
Lifting the "1 GM at-a-time" restriction
👆