The pfSense Store

Author Topic: PS4 NAT Type Failed  (Read 27898 times)

0 Members and 1 Guest are viewing this topic.

Offline turbopuer

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
PS4 NAT Type Failed
« on: November 17, 2013, 06:26:55 pm »
My PS3 doesn't have any issues  and always has reported NAT type 2 which is expected.

The PS4 on the other hand just reports failed. I have tried port forwarding, 1:1 NAT, setting up a DMZ on a different port and forwarding all ports in and out to that PS4's IP Address, all other tricks in the book and still nothing. The only way I have gotten it to work is by plugging it directly into the cable modem which needless to say isn't really a solution.

After first I thought there was an issue with UPnP on my pfsense box, but after digging through some packet captures and comparing it to the working PS3 that doesn't appear to be the case. The PS4 is able to talk to miniupnp, map a port and use it. My PFSense box sees that upnp request, maps the port and allows the traffic per the logs (confirmed with a tcpdump).

However, after comparing a packet capture of a network test from the PS3 and PS4 I do notice a subtle difference between stages where the systems attempt to transverse the NAT using CLASSIC STUN. I captured the traffic from both the WAN side and the LAN side of the PFsense and am wondering if this squarely points an issue on the PS4/upsteam server responsible for NAT transversal setup or if my PFsense could still be causing issues.

I doubt Sony will do anything on their end if its some sort of weird bug but I would just like to pull my PFsense out of the possible causes category.

Additional Info:

PFsense 2.1 running on NetGate Device
UPnP Enable
No extra NAT rules and automatic outbound NAT rule generation is on
Both PS3 and XBOX 360 have zero issues with this setup currently.

I have attached captures showing the NAT Transversal setup from both the LAN and WAN sides of a PS3 and PS4 network test (pcap format).

Offline izala

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #1 on: November 17, 2013, 06:41:53 pm »
I can verify that I am having the exact same issue: PS4 reports NAT Type: Failed, I am unable to connect to multiplayer games or utilize the party chat feature at all.

I have UPNP enabled, and my PS3 attached to the same pfsense device works without any issues.

Offline AhnHEL

  • Sr. Member
  • ****
  • Posts: 596
  • Karma: +6/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #2 on: November 17, 2013, 07:36:17 pm »
Can you post a screenshot of your UPnP settings page?  Setup Manual Outbound NAT (Advanced Outbound NAT) and above your LAN entry, create a duplicate rule using your PS4's IP as Source and select Static Port.

« Last Edit: November 17, 2013, 10:02:18 pm by AhnHEL »
AhnHEL (Angel)
NYC

3 pfSense sites: 2.2 RELEASE (amd64)
Dell 745 SFF E4400 @ 2.0Ghz, 2GB RAM,   20/5 Mbps
Dell 755 SFF E6550 @ 2.3Ghz, 2GB RAM,   20/5 Mbps
Dell 760 SFF E8400 @ 3.0Ghz, 4GB RAM, 84/92 Mbps.
OpenVPN (Peer to Peer, Road Warrior), Traffic Shaping, Suricata.

Offline turbopuer

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #3 on: November 17, 2013, 07:52:13 pm »
I had tried that setup before as well and still no go. However, I went through the steps again, just to be sure and still failed. The automatic rule generation should take care of this though. Granted it may not set the entry it creates as static, but I would assume that if both my PS3 and XBOX have no issues under the settings I normally run (UPnP Enabled, automatic outbound NAT rule generation, no port forwards). Then I would assume the PS4 to have no issues as well.

Screenshots attached.

Offline AhnHEL

  • Sr. Member
  • ****
  • Posts: 596
  • Karma: +6/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #4 on: November 17, 2013, 08:33:01 pm »
The AON rules are handled top to bottom and it looks like your rule that you posted is at the very bottom.  It needs to be above your LAN rule.  Once done, shut off your PS4, clear your states, restart the UPnP service and then turn on PS4 again.  Give that a shot plz.
AhnHEL (Angel)
NYC

3 pfSense sites: 2.2 RELEASE (amd64)
Dell 745 SFF E4400 @ 2.0Ghz, 2GB RAM,   20/5 Mbps
Dell 755 SFF E6550 @ 2.3Ghz, 2GB RAM,   20/5 Mbps
Dell 760 SFF E8400 @ 3.0Ghz, 4GB RAM, 84/92 Mbps.
OpenVPN (Peer to Peer, Road Warrior), Traffic Shaping, Suricata.

Offline turbopuer

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #5 on: November 17, 2013, 08:49:18 pm »
There we go! -- THANKS!!!!

Put it at the top of the ruleset and it worked. However I have a bunch of openVPN bridges and stuff on this firewall and there are alot of rules that I may have to manage now. Is there a way to add an oubound rule with also maintaining my automatic status? Or perhaps on option in the advanced settings/tunables that allow me to make automatic generation set the rule for the LAN that is generated to static?
« Last Edit: November 17, 2013, 09:10:10 pm by turbopuer »

Offline AhnHEL

  • Sr. Member
  • ****
  • Posts: 596
  • Karma: +6/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #6 on: November 17, 2013, 09:17:21 pm »
There we go! -- THANKS!!!!

Put it at the top of the ruleset and it worked. However I have a bunch of openVPN bridges and stuff on this firewall and there are alot of rules that I may have to manage now. Is there a way to add an oubound rule with also maintaining my automatic status?

You're very welcome.

I feel you on the "a lot of rules that I may have to manage now."  You need the Static Port option that Advanced Outbound NAT gives you to make UPnP work with gaming consoles and NAT Type.  Personally I have 11 AON rules and it looks daunting but still rather easy to setup because for the most part the entries are repetitive.

Nothing written in the Docs about any tunables for static port that I know of.

https://doc.pfsense.org/index.php/Static_Port
« Last Edit: November 17, 2013, 09:27:43 pm by AhnHEL »
AhnHEL (Angel)
NYC

3 pfSense sites: 2.2 RELEASE (amd64)
Dell 745 SFF E4400 @ 2.0Ghz, 2GB RAM,   20/5 Mbps
Dell 755 SFF E6550 @ 2.3Ghz, 2GB RAM,   20/5 Mbps
Dell 760 SFF E8400 @ 3.0Ghz, 4GB RAM, 84/92 Mbps.
OpenVPN (Peer to Peer, Road Warrior), Traffic Shaping, Suricata.

Offline turbopuer

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #7 on: November 17, 2013, 09:33:04 pm »
Yeah I have 25 now. Not a huge deal just one more thing I will have to remember to keep an eye on when adding things later.

I wonder if its possible to modify the rule form the command line. The Auto rule creation does make a rule for the LAN network to WAN just doesn't set static. If you could use pfctl to change that autocreated rule from static=no to static=yes I supposed you can use cron to enforce it.

Though to be honest, it would be nice to allow both automatic create and static rules to be defined instead of ignoring them like the gui says it does. This way you can cherry pick rules you need and let the system manage the more mundane/simple rules; and it could put them on top of the auto generated e rule set for you.

Anyways, thank again!

Offline blarnath

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #8 on: November 20, 2013, 02:32:59 pm »
Hey guys,

I'm wondering if someone else is having these issues or if it's just me.  I have successfully configured NAT for the PS4 and it reports Type 2 but I'm still having issues with BF4 as well as Netflix that are resolved by moving my PS4 to the provider router.  For Battlefield 4 I can't maintain a connection to EA, at first I thought this was EA but moving to the edge fixes the problem.  The symptoms are that I cannot get server listings in multiplayer, and when I am able to join a quickmatch game I'll be disconnected after a short (but varying) amount of time.  Disconnection does not log anything on the PS4, it just takes me back to the multiplayer menu.

The problem with netflix is that it can't connect to Netflix server 2 and 3 with an error of NW-4-7 which on the PS3 was a DNS error, but I don't this this is the case as I have 4 other devices that do Netflix fine.  Moving the PS4 off of the pfSense router also resolves this.

Another thing that I've noticed is that the network test on the PS4 is reporting extremely low upload rates, the download is normal (~15Mbs) where as I'm getting about 8Kbs reported in the upload while behind pfSense.  I'm running 2.1-RELEASE and I've stripped down my NAT rules to just the 3 that were created by default for testing.  I moved the LAN rule to the top and enabled Static Ports to get type 2 working, but something else is breaking and I'm wondering if it's just me or if others are having similar issues.

I can provide packet captures and any other information if needed.  I'm planning on troubleshooting this more later, but need to get my BF4 fix in and thought I'd just ask first.

Thanks in advance!

Offline blarnath

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #9 on: November 20, 2013, 02:35:37 pm »
I should add that the only 2 packages I'm running are Avahi and Darkstat, noticed some Origin problems related to HAVP and wanted to exclude that right off the bat.

thx

Offline AhnHEL

  • Sr. Member
  • ****
  • Posts: 596
  • Karma: +6/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #10 on: November 20, 2013, 08:25:24 pm »
How are you getting NAT Type 2 though?  Port Forward Method or UPnP?  Screenshots of your AON rules and UPnP or Port Forward Settings would help.
AhnHEL (Angel)
NYC

3 pfSense sites: 2.2 RELEASE (amd64)
Dell 745 SFF E4400 @ 2.0Ghz, 2GB RAM,   20/5 Mbps
Dell 755 SFF E6550 @ 2.3Ghz, 2GB RAM,   20/5 Mbps
Dell 760 SFF E8400 @ 3.0Ghz, 4GB RAM, 84/92 Mbps.
OpenVPN (Peer to Peer, Road Warrior), Traffic Shaping, Suricata.

Offline svfusion

  • Newbie
  • *
  • Posts: 16
  • Karma: +1/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #11 on: November 23, 2013, 10:53:43 am »
I am also having these issue and don't really even know where to start..

I have made no special rules,
NAT Outbound is set to,
Automatic outbound NAT rule generation
          (IPsec passthrough included)
Here is a pic of my upnp setup,

Offline AhnHEL

  • Sr. Member
  • ****
  • Posts: 596
  • Karma: +6/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #12 on: November 23, 2013, 06:33:40 pm »
For this to work, you're going to have to use Manual Outbound NAT rule generation, setup a rule for the fixed LAN IP address you have assigned to your PS4 checking the Static Port checkbox.  Save that rule above your default Outbound NAT LAN rule and you should be good to go.

Refer to Turbopuer's screenshots above, just be sure to put the PS4 NAT rule above the LAN rule, unlike in his screenshot.
« Last Edit: November 25, 2013, 10:46:56 pm by AhnHEL »
AhnHEL (Angel)
NYC

3 pfSense sites: 2.2 RELEASE (amd64)
Dell 745 SFF E4400 @ 2.0Ghz, 2GB RAM,   20/5 Mbps
Dell 755 SFF E6550 @ 2.3Ghz, 2GB RAM,   20/5 Mbps
Dell 760 SFF E8400 @ 3.0Ghz, 4GB RAM, 84/92 Mbps.
OpenVPN (Peer to Peer, Road Warrior), Traffic Shaping, Suricata.

Offline svfusion

  • Newbie
  • *
  • Posts: 16
  • Karma: +1/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #13 on: December 01, 2013, 01:50:27 pm »
Hey guys,

I'm wondering if someone else is having these issues or if it's just me.  I have successfully configured NAT for the PS4 and it reports Type 2 but I'm still having issues with BF4 as well as Netflix that are resolved by moving my PS4 to the provider router.  For Battlefield 4 I can't maintain a connection to EA, at first I thought this was EA but moving to the edge fixes the problem.  The symptoms are that I cannot get server listings in multiplayer, and when I am able to join a quickmatch game I'll be disconnected after a short (but varying) amount of time.  Disconnection does not log anything on the PS4, it just takes me back to the multiplayer menu.

The problem with netflix is that it can't connect to Netflix server 2 and 3 with an error of NW-4-7 which on the PS3 was a DNS error, but I don't this this is the case as I have 4 other devices that do Netflix fine.  Moving the PS4 off of the pfSense router also resolves this.

Another thing that I've noticed is that the network test on the PS4 is reporting extremely low upload rates, the download is normal (~15Mbs) where as I'm getting about 8Kbs reported in the upload while behind pfSense.  I'm running 2.1-RELEASE and I've stripped down my NAT rules to just the 3 that were created by default for testing.  I moved the LAN rule to the top and enabled Static Ports to get type 2 working, but something else is breaking and I'm wondering if it's just me or if others are having similar issues.

I can provide packet captures and any other information if needed.  I'm planning on troubleshooting this more later, but need to get my BF4 fix in and thought I'd just ask first.

Thanks in advance!

Did you ever fix this? I configured my Pfsense like the screen shots, reports NAT 2, but still can't play Need for Speed, says it can't connect to EA Servers.

Offline AhnHEL

  • Sr. Member
  • ****
  • Posts: 596
  • Karma: +6/-0
    • View Profile
Re: PS4 NAT Type Failed
« Reply #14 on: December 01, 2013, 03:41:55 pm »
This might not be a pfSense issue at all.

http://answers.ea.com/t5/Madden-NFL-Football-25/Cannot-log-into-EA-servers-Madden-25-PS4/td-p/1847549

If you google "ps4 cant connect to EA server," there are posts for all sorts of games with the same error all related to EA.
« Last Edit: December 01, 2013, 03:45:13 pm by AhnHEL »
AhnHEL (Angel)
NYC

3 pfSense sites: 2.2 RELEASE (amd64)
Dell 745 SFF E4400 @ 2.0Ghz, 2GB RAM,   20/5 Mbps
Dell 755 SFF E6550 @ 2.3Ghz, 2GB RAM,   20/5 Mbps
Dell 760 SFF E8400 @ 3.0Ghz, 4GB RAM, 84/92 Mbps.
OpenVPN (Peer to Peer, Road Warrior), Traffic Shaping, Suricata.