Fantasy Grounds - Port Forwarding - Transparent Op
  • Fantasy Grounds - Port Forwarding and a "transparent" OpenVPN setup
  • General
    • Introduction - F.G.Comms
    • GM's machine barriers
    • Internet connection barriers
    • Some NO-GO Situations
    • VPN solutions
  • Proposed Solution
    • "Transparent" OpenVPN-based Port Forwarding
    • Tools
    • Amazon Web Services
    • Setup process overview
  • Local setup - Step-by-step
    • Step 0 : Preparation
    • Step 1 : OpenVPN + Easy-RSA & "new-PKI"
    • Step 2 : Create your own PKI
    • Step 3 : Setup OpenVPN connections
  • AWS Setup - Click-by-Click
    • Step 4 : Your AWS environment
    • 4.1-Creating the IAM Role
    • 4.2-Choosing the AWS Region
    • 4.3-Creating the S3 bucket
    • 4.4-Virtual Private Cloud - Default VPC
    • 4.5-Creating an AWS Key Pair
    • 4.6-Creating an AWS Security Group
    • 4.7-Filling the bucket
    • 4.8-Building the Launch Template
  • Transfer & First Test
    • Step 5 : Transfer to S3
    • Step 6 : Launch time !
    • Step 7 : Connect, test, fix glitches
    • Step 8 : Destroy/"Terminate" after use
  • Use your server
    • Regular Usage Pattern
  • Simultaneous FG games / 1 VPN Server
    • Lifting the "1 GM at-a-time" restriction
    • FGU vs. FGC networking
    • VPNs for both FGC + FGU (LAN mode)
  • Upgrading our setup for "N-at-a-time", FGC/FGU
    • Untitled
  • Appendixes
    • Acronyms and definitions
    • AWS acronyms
    • AWS admin user + API access key
    • AWS, DNS, DDNS, CRL...
    • Possible (?) developments
  • Links
    • Fantasy Grounds Web
    • Fantasy Grounds Discord
    • FG College Web
    • FG College Discord
    • FG College KB
    • Our "EU" Discord
    • OpenVPN
    • AWS
Powered by GitBook
On this page
  • 1-at-a-time /N : Time-sharing a single VPN Server + single GM connection/certificate
  • Nx 1-at-a-time : Each GM creates his own VPN server
  • N-at-a-time : Single VPN Server + Nx GM-dedicated connections/certificates

Was this helpful?

  1. Simultaneous FG games / 1 VPN Server

Lifting the "1 GM at-a-time" restriction

PreviousRegular Usage PatternNextFGU vs. FGC networking

Last updated 4 years ago

Was this helpful?

What if you have multiple GMs that need the VPN to host games ? For example, you may belong to a community of Fantasy Grounds players and GMs mostly based in "pure IPv6" countries.

There are several ways to manage such situations, that we'll explore below :

  • 1-at-a-time /N : Time-sharing a single VPN Server + single GM connection/certificate

  • Nx 1-at-a-time : Each GM creates his own VPN server following this guide

  • N-at-a-time : Single VPN Server + Nx GM-dedicated connections/certificates

Shared installations will preferably run 24x7, to avoid requiring the server owner availability (for start/stop or launch/terminate actions)

Remember that for "Barriers 1 to 3"

1-at-a-time /N : Time-sharing a single VPN Server + single GM connection/certificate

You share with other GMs the hard work you have already done following this guide :

  • you distribute to all you GM friends

  • each of them NB: They do NOT need to install EasyRSA2 or setup a PKI, only OpenVPN itself is required

  • each of them that you supplied

Pros :

  • lightweight solution

  • no technical skills required for other GMs

  • STILL 1-AT-A-TIME !

  • replacing the certificate requires installing the new set of parameters for all GMs

  • your own availability, required to start/launch the server and communicate the new Public IP if it only runs on-demand, as opposed to 24x7

  • time-sharing organization, usage planning and timezone errors, colliding time slots - 2 GMs connected at the same time => broken FG sessions - one day or another you'll encounter issues like those :

Nx 1-at-a-time : Each GM creates his own VPN server

This option is self-explanatory...

  • maximum flexibility

  • maximum setup work

  • technical skills required for GMs

N-at-a-time : Single VPN Server + Nx GM-dedicated connections/certificates

This option is quite neat as it enables several GMs to run multiple simultaneous FG games (N at a time) through the one and only VPN Server you already created, but :

  • It requires additional work to setup

  • It is not 100% transparent for players.

It is mostly suitable for a community with several GMs, running mid- to long-term FGC games (campaigns) since the extra complexity is managed up-front, once and for all.

To support multiple concurrent games going through our small VPN server, which has only ONE Public IP, we'll use a different communication port for each GM.

This solution extends our current setup by :

  • creating individual GM certificates in our PKI

  • transparently forwarding FG traffic to and from each specific GM for a specific FG port

  • removes the burden of time-sharing organization The GMs with dedicated connections can host FGC games at any time (while the VPN server is running) without fear of collision with other games. They can even forget to close their VPN connection...

  • compatible with the original "1-at-a-time" setup, which remains 100% transparent for players You can have both : GM-dedicated specific connections and time-shared setup you already created

  • gives more control over security by having specific connections/certificates per GM

  • it needs you to dive deeper into the OpenVPN server configuration We'll detail this with step-by-step instructions in next pages

  • it requires GMs and Players to create and use a customized shortcut to FGC (for ease of use) to run Fantasy Grounds Classic on a specific TCP port, different than the standard TCP 1802 Creating a specific shortcut to the FG program should not be an issue to play with a specific GM for multiple sessions in an on-going campaign; but it could be awkward for 1-shot games

This solution became possible when I finally understood how to run FG Classic on a custom TCP port... It only took me a bit more than 2 years after starting using the program, to find this info !...

Cons :

The main issue here is that some (most ?) of the other GMs may not be as geeky as you are (since you made it this far...), and may be daunted by this solution.

Pros :

Cons :

Pros :

Cons :

👎
😉
👍
👎
👍
👎
👍
each GM has to check his/her own machine
installs OpenVPN client
the same set of OpenVPN parameters and credentials
installs the set of parameters
Overlapping sessions
VPN not disconnected after a game session => next game delayed
GM: (sigh)...Ok ZeFerby, give me another Investigation roll...(sigh)...
GM: Finally!!! You find this info about the p flag, hidden under a loose floorboard in the FG Forums...