Bnetserver cannot login via public network, but server works on local ip, like 192.168.2.20

Help and Support Help and Support
1

non-English speaker,sorry for my bad english.
hello, i’m new to TC, and trying to built my own public server and share with my friends. i can play the game on local network, but cannot share it to public.

server in company local network . so i use frp map ports (1119,8081,8085,8086) to my home router ( which has public ip and banded free subdomain).
in company use set portal “Subdomain.domain.com” , can’t log in, client return “BLZ51901023”.
same time in company use set portal “192.168.2.10” , it works.

Branch
master = 10.1.5.50469

TC rev. hash/commit

bnetlog----when try to login from public

TrinityCore rev. 6be536a73bc8+ 2023-07-15 00:45:16 +0200 (master branch) (Unix, RelWithDebInfo, Static) (bnetserver)
to stop.

/__ \ __ _/\ _
//\ / _ __ /_\ ___ /_\ , \ __ __
\ \ /`‘__/\ \ /’ _ \/\ \ \ \/ /\ \/\ \ \ \ \ \ \/ \ \ \/\ \/\ \ \ \ \ \_\ \ \_\ \ \ \_\ \_\ \ \_\ \_\ \_\ \_\ \__\\/___
//// ////////// `//>
C O R E /_/
http://TrinityCore.org /_/
Using configuration file /home/bnetserver.conf.
Using SSL version: OpenSSL 1.1.1q 5 Jul 2022 (library: OpenSSL 1.1.1q 5 Jul 2022)
Using Boost version: 1.74.0
Automatic database updates are disabled for all databases!
Opening DatabasePool ‘dragon_auth’. Asynchronous connections: 1, synchronous connections: 1.
MySQL client library: 8.0.33
MySQL server ver: 8.0.33-0ubuntu0.22.04.2
Connected to MySQL database at 127.0.0.1
MySQL client library: 8.0.33
MySQL server ver: 8.0.33-0ubuntu0.22.04.2
Connected to MySQL database at 127.0.0.1
DatabasePool ‘dragon_auth’ opened successfully. 2 total connections running.
Started auth database connection pool.
[0 ms] SQL(p): SELECT digest FROM secret_digest WHERE id = 0
Loading IP Location Database…
Login service bound to http:// 0.0.0.0:8081
[1 ms] SQL: SELECT majorVersion, minorVersion, bugfixVersion, hotfixVersion, build, win64AuthSeed, mac64AuthSeed FROM build_info ORDER BY build ASC
Updating Realm List…
[0 ms] SQL(p): SELECT id, name, address, localAddress, port, icon, flag, timezone, allowedSecurityLevel, population, gamebuild, Region, Battlegroup FROM realmlist WHERE flag <> 3 ORDER BY name
Added realm “trinity” at Subdomain.domain. com:8085.
Network Thread Starting
Updating Realm List…
[1 ms] SQL(p): SELECT id, name, address, localAddress, port, icon, flag, timezone, allowedSecurityLevel, population, gamebuild, Region, Battlegroup FROM realmlist WHERE flag <> 3 ORDER BY name
Updating realm “trinity” at Subdomain.domain. com:8085.
Updating Realm List…
[1 ms] SQL(p): SELECT id, name, address, localAddress, port, icon, flag, timezone, allowedSecurityLevel, population, gamebuild, Region, Battlegroup FROM realmlist WHERE flag <> 3 ORDER BY name
Updating realm “trinity” at Subdomain.domain. com:8085.
[0 ms] SQL(p): DELETE FROM ip_banned WHERE unbandate<>bandate AND unbandate<=UNIX_TIMESTAMP()
[0 ms] SQL(p): SELECT unbandate > UNIX_TIMESTAMP() OR unbandate = bandate AS banned, NULL as country FROM ip_banned WHERE ip = ‘192.168.2.10’
Socket::CloseSocket: 192.168.2.10 errored when shutting down socket: 107 (Transport endpoint is not connected)
Updating Realm List…

2

auth.realmlist

address Subdomain.domain. com
localaddress 127.0.0.1

bnetserver.conf

LoginREST.Port = 8081
LoginREST.ExternalAddress=Subdomain.domain. com
LoginREST.LocalAddress=127.0.0.1
LoginREST.TicketDuration=3600

googled and try follows,did not work.

openssl genrsa -out RootCA.key 2048

openssl req -subj “/C=CN/ST=us/L=us/O=nav/OU=nav/CN=root/[email protected]” -new -out RootCA.csr -key RootCA.key -keyform PEM

openssl x509 -req -extfile /usr/local/ssl/openssl.cnf -extensions v3_req -in RootCA.csr -out RootCA.pem -signkey RootCA.key -CAcreateserial -days 3650

openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <(cat server.csr.cfg)

openssl x509 -req -in server.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -out server.pem -days 3650 -sha256 -extfile v3.ext

3

The certificate must be trusted on client pc, you either have to obtain a trusted certificate for your domain from a known source (for example lets encrypt) or if you want to use self-signed root CA certificate, you have to import that certificate into windows cert store

1 Like
4

Thanks for your kind reply, you enlighten me. Cost 2 days,can’t make self-signed root CA cert work. At last with bnetserver.cert, it works. More needs to be learned, I’ll keep trying . Thank you again.