AntiMomentum

Member
  • Content count

    59
  • Joined

  • Last visited

  • Raffle Tickets

    0

About AntiMomentum

Extra Information

  • Gender

Contact Methods

  1. Your internet speeds are certainly enough to host a halo server, even multiple servers so that's not the issue. Surprised you get more upload than download that's rare for a home connection. "What is the difference between actual VPSs that you purchase online and my laptop that has Windows Server Standard 2022?" It may not be the laptop. It could be your ISP's firewall (or dynamic network if they use that). But You mentioned the halo server dropping some pings from yourself. When you clicked on your server multiple times you were also on the same home network correct? If so I'd check and see if there are any driver updates fo'r the network interface card on the laptop from the NIC's manufacturer's website. I'd also run a packet capture tool like Wireshark on at least the laptop, for instance when clicking on the halo server multiple times if you see the laptop doesn't even send a packet out for one of the clicks, it's definitely a software issue on the laptop itself. With the small exception of a lose cable inside it. And it's likely the driver for the NIC but it could be some other software issue. Perhaps an old windows firewall bug or something else if you haven't updated it. Pretty sure like regular windows OSes the server versions will try to install generic net drivers if it can't find the correct manufacturer driver in its own lists.
  2. *edit* Moving my reply to the appropriate post. As for buyvm being out of stock that's unfortunate. But they are still active from what I see in the Discord so I'd keep checking for availability.
  3. np, I would be interested to know how it goes if you end up using anycast with ddos protection from them. This is by far the cheapest anycast provider I've found. AWS charges like $1000 /month for this sort of thing. Cloudflare itself charges $3000/month. There was another host that charges like $50/month for the anycast itself but I forgot what it was, but if BuyVM doesn't work out I'll try and find it again if you want to try it. As for the gateway it looks intimidating but really it's just a matter of picking the right guided install script for the linux distro OS of the vps, running it, and answering the 3 questions it will prompt you for in order to make configs (firewall and wireguard client files). Once it's done you copy client1.conf (or client2.conf) file it makes to the Windows server's Wireguard and click Activate. And run ./start.sh on the gateway. This completes both ends of tunnel (Wireguard has a Windows installer) Granted yeah you could run into issues like getting locked out of ssh or RDP but I don't mind helping out some if needed should you decide to try it. And as usual rebooting the vps will flush my firewall, along with wireguard rules on the gateway should it lock out.
  4. Buyvm has anycast without being ridiculously expensive, there's also OVH that has DDoS protection but no anycast or Dallas region. I haven't tried Buyvm yet though. Buyvm has a Discord too. If affordability is the main concern Linode doesn't even charge for incoming bandwidth. I don't think OVH does either. As long as you are running one of my iptables firewalls it will indeed prevent reflection so that you don't get any extra charges for outgoing bandwidth even if you get flooded constantly. This is true for any host that doesn't charge for incoming bandwidth. Linode also has an API for their outside/edge firewall so that you can send player ips up to it for whitelisting, but it takes 8 seconds to update and that is enough time for a larger attack to knock out players (most edge firewalls take longer than 8 seconds). https://github.com/antimomentum/haloce/tree/master/firewalls You could also use a Linux server as a gateway while the halo server runs at the other end of the tunnel on Windows or Linux or even MacOS since Wireguard works in those OSes. If you do that I would be sure the gateway is in the same region as the real halo server (unless you're doing anycast). So yeah you could have a gateway on Linode with say, a Windows Vultr server behind it running halo. https://github.com/antimomentum/haloce/tree/master/firewalls/vpngateway
  5. nice, the patched exe is now in halopull github repo and antimomentum/halo docker container
  6. When running the ufw rules in that order on the github the port is open. With 0.0.0.0 replaced with a specific ip address of course. iptables is sequential, and the first ufw rule (ufw allow 5901/tcp) already accepts all for 5901 To whitelist that port for a static ip adress (when used with your other rules) replace this rule: ufw allow 5901/tcp with this rule (the ip address here is just an example of course): ufw allow from 45.56.67.78 proto tcp to any port 5901 On a side note: ufw default reject incoming will still send an icmp destination unreachable response back to whatever ip sent the packet. Which can be useful for troubleshooting purposes. However this will just silently drop the packet: ufw default deny incoming
  7. This is a great tutorial for users to begin learning how setup a linux vps. I will say that VNC being less secure than SSH it would probably be good to add more security to it. Perhaps with a firewall rule to whitelist the ip or ips allowed to the 5901 port. Especially running it as root.
  8. 2/24 Keepalive has been added to the gateway guided installer scripts for clients. If a wireguard client was able to handshake with the gateway but still having issues despite using halo on port 2302 or default rdp, this Keepalive wireguard setting should fix that. Already made client.conf files can just have this line added to the bottom under the Endpoint line if needed (if you weren't having issues this isn't required): PersistentKeepalive = 10 2/18 update **RDP for Windows** RDP for Windows is finally fixed. RDP to the gateway ip on default rdp port (3389). Currently, RDP will only work for the client peer you use the client1.conf file for (10.0.0.2). To be able to RDP to multiple different Windows peers may involve adding more rules for different rdp ports. However, using a another wireguard client yourself should give access to to any windows peer default rdp port as well. Either method would work, but is not currently tested so I can't say that's support just yet. Eventually I'll have a private halo server version where clients use wireguard to see the Halo server in the LAN list, once that's working being able to RDP to multiple different peers will certainly be working by then. 2/15 update **guided installers for both the gateway and Linux clients.** https://github.com/antimomentum/haloce/tree/master/firewalls/vpngateway/guidedinstall client1.conf is 10.0.0.2 and default halo port 2302. the 2nd client file using 10.0.0.4 can host up to 200 halo servers through its connection. The Wireguard client works on a variety of operating systems, including Windows, and can be integrated with existing setups : https://www.wireguard.com/install/ Concept: Basically one Linux gateway server acts as the public ip for the vpn client halo server. This would be like if you connected to a vpn service, started the halo server, and the halo server showed in the list with the ip of the vpn server and not the machine you actually run halo from. Except in this case it would actually work since you control the firewall of the vpn server Wireguard is a vpn protocol like OpenVPN. VPN providers like NordVPN often use these open source protocols for their services. OpenVPN is more robust and has more developement and setups behind it. However the newer Wireguard protocol performs better (important for fps games) and is more secure on basic setups. It's also pretty quiet by itself. I've personally tested this for halo with both linux and windows clients and these do indeed work through the tunnel Last time I checked the Wireguard client for Android does indeed work as well. I've never hosted a halo server through a phone though, and I wouldn't even consider it without an unlimited data plan, and I would still not recommend it anyways. It would be important that the host you chose for the vpn gateway server is close to the actual halo server. Obviously, the further away the halo server the more latency will increase. I have left a notes page that gets into more of the required information to set this up. IPs you need to allow go in MDNS, ports you need to forward to the client server running halo go in the nat PREROUTING table like the example halo client ports are. https://github.com/antimomentum/haloce/tree/master/firewalls/vpngateway Windows clients will need the master server ip in the hosts file. For Windows this files is at: c:\windows\system32\drivers\etc\hosts add these two lines to the bottom of hosts: 34.197.71.170 hosthpc.com 34.197.71.170 s1.master.hosthpc.com Please read notes carefully, especially the client whitelisting section near the bottom if you decide to give this setup a go. I'd be glad to help answer any questions. Post them here, in DM, or message me on Discord. If asking questions be sure to remove any keys or client ip info.
  9. Oh yeah I already understood that, np though, I was just making the point that that the alternatives would still require something extra such as your Python script anyways. So like in terms of multiple halos on a single vps that's just totally up to preference. Docker in itself is going to be any more useful for halo than writing your own scripts. About literally the only benefit in this case would be that Docker can "pause" containers, but even then only useful if you want to preserve the state of the game while it's empty without using as much resources to keep the container open. And even then I'm not sure how long it can stay paused before something goes wrong with halo. But anyways you're probably already aware of this but regardless of the method for multiple vps: I'd be sure to have a unique identifier for your vps query responses. Like if you did this all via python, a unique key/string personal to your own servers. Or sent through ssh. That way the master controller (especially if it has the ability to spin up a vps and not just halo) isn't simply requiring the source ip to assume the query response is legit.
  10. Yeah Docker would still require a script or two since it has no built in way to tell when Halo servers are full/empty. (Chalwk made a lua script that simply outputs the player count to a file, a separate script on the host such as Python or Bash would still have to watch that/those output files to start new containers/servers based on that. The same would be true for a query approach rather than watching a file). As for shutdowns, maybe I'm a little confused but couldn't you have a tmux session for the script itself in order to kill it without killing the primary server? Or is that not even the issue for shutdowns?
  11. No problem! Are these actual high traffic floods to your server? If so, unfortunately blocking any vpn connection won't stop someone from getting the ip of any public halo server anyways. In order for floods to not happen towards the ip address of your halo server it would have to be a private halo server, and if someone leaks the ip it could get flooded anyways. I haven't used Azure specifically. But pretty much every cloud provider has some type of outside/edge firewall you can put your azure server behind. If it's free to use I recommend using that to block everything except for UDP to the port of your Halo server (default is port 2302) and whatever port you need open access your Azure server (default Linux ssh is TCP to port 22). The provider's outside/edge firewall will filter more efficiently than any firewall running inside a cloud vps. My firewall will still be useful though, just be sure to add your ip to MDNS in my firewall before you run my firewall: ipset add MDNS yourip otherwise my fw would lock you out. You can reboot your server to flush my entire firewall though if needed.
  12. Almost done editing. But for now, this would install Wine on Debian 9 and Ubuntu 18.04 LTS (or higher). All command line no gui, allowing you to host the haloceded.exe server console in Linux. If installing in Ubuntu and not Debian, be sure to comment out/remove this line: echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list Anyways here's the WIne install script: https://github.com/antimomentum/haloce/blob/master/wine/Debian9wineinstall.sh I also have Linux compatible Docker stuff on that Github if you want to containerize your Halo server Now as for Windows no gui I can't say I'm used to Powershell but it should be possible provided you upload working halo server files to the server. And actually I don't think the Halo server even uses an install like the client. So once you have the files on it, the halo server should run. But there is one last nuance to all this regardless of Linux or Windows and that's the file path you start haloceded.exe from. So a Windows CMD or .bat command to open Halo might be: haloceded -path C:\Halo but in the CMD (or Powershell) command line you could cd (change directory) into that Halo folder and use : halocded.exe -path . But what most would do in this case is just put halocded.exe -path . into a .bat file that's located next to haloceded.exe in the same directory because: the dot means relative to whatever folder the command is run from. And the dot is relative in Linux as well. Docker: The github Docker stuff is only tested in Linux. But provided you install Docker and upload your halo server files, the "Dockerfile" placed next to your Halo server folder will build the whole thing into a container. In Ubuntu 18.04 LTS or higher Ubuntu, Docker can usually be install just by doing: apt update apt-get install docker.io In Debian 9 this script uses Docker's official documented way of installing: https://github.com/antimomentum/haloce/blob/master/InstallDockerDebian.sh Here's more on Docker docs: https://docs.docker.com/engine/install/debian/ So an example build (with docker install and halo files ready): docker build -t gussil/haloce . If you make a username on Docker hub (free is fine) you can then upload your containers to the Docker Hub. This way on a new fresh vps all you'd have to do is get Docker install and you'll be able to start your Halo container just by doing a docker run command, and that will even auto download the container too.