Jump to content

karu

Web Development Lead [WDL]
  • Posts

    1152
  • Joined

  • Donations

    0.00 USD 

Posts posted by karu

  1. 6 hours ago, Zarg said:

    This thread is nearly 3 years old, and the main page hasn't been updated in quite some time.   Is there a way that those of us still actively contributing to it can be added permissions to do things like update it/fix errors in the main page?

     

     

     

    main page is admin only. which section you want to change?  It should be possible to include page content in main page that users can edit.

  2. The error "please use default launcher"  means that server sees different IP's for non-https TCP and HTTPS traffic.

    If mobile ISP is using automatic proxy, then making sure that proxy is set to manual/off (not automatic) in internet options may help.

    If ISP is doing creative routing/nat, then you need to use vpn.

  3. I did some tests with clean win10 install

     

    works out of the box ("run as admin" checkbox on launcher shortcut, copy-paste "install" in c:/games)

    works with avast web shield on/off (sunrise page shows avast cert, "best before" date same as real cert)

    works with revocation check on/off

    works if clock is backward (3 apr 2018)

    INV-300 if clock is forward (23rd apr 2018), without exiting game and fixing clock (auto in windows settings) login worked

  4. auth.ini is correct, authlogin.dll has registry keys inside, but game probably ignores them.

     

    You have no ip overrides in c:/windows/system32/drivers/etc/hosts file for net-7.org domains (like play.net-7.org / sunrise.net-7.org)

    IE (not chrome, not firefox, not edge... I do mean IE) connects to https://sunrise.net-7.org/AuthLogin fine.

    IE proxy settings are off.

    You do not run thrird party internet firewall / packet filtering.

    Your router/ISP does not do https man-in-the-middle attack (changing certificates) to inspect https.

     

    No idea. Install windows into VM (from microsoft) and check it there? Dont know how directx7 (i think) is supported in those.

  5. You people happen to have HKEY_LOCAL_MACHINE\SOFTWARE\EACom\AuthAuth registry key perhaps?

    .. or maybe AAIUrl in EnB\data\client\ini\auth.ini file does not point to right place? Launcher should modify it, but maybe there is permission issues.

     

    If you know what wireshark is, then it would be interesting to know which certificate is served when client tries to connect.

    Some so called "Internet Security" soft might intercept all https traffic from non-whitelisted programs and doing the man-in-the-middle attack to switch out certificate with its own to decrypt the traffic. It may also be your ISP, but that does not explain how IE gets thru (local soft doing whitelist mitm does)

  6. On 3/10/2018 at 10:53 PM, seanhhs said:

    I was using the avatar transfer feature of the net-7 site, and my TE seems to have the entire ship and inventory of my TS.

     

    It should not be possible to transfer if there is any data in target tables, so ...

     

    How long was TS offline? Were you logged off to char select or game closed?

     

    What data did TS kept and what did it lose? I take name, appearance for avatar/ship was "intact", but what about inventory/vault?

     

  7. 9 hours ago, Cobie said:

     

    Thanks for your answer, basicly you tell me that you do not know what ports are used or that the number of ports used are very large that a firewall is useless.

    cheers.

     

     

    You have wrong/limited understanding what firewall does.

     

    Firewall monitors outgoing packets and allows incoming responses for those connections. Thats even with incoming:blocked (correct linux wording is INPUT:DROP).

     

    Net7 server does not send random incoming packets to clients and so you do not need any special firewall configuration.

     

    If you configuring firewall manually then you do need to take care of certain things, but those are not related to net7.

     

    If you want to block outgoing traffic by default, then yes you do need to add proper rules (easiest is to whitelist sunrise IP than do it per port).

     

    "ufw enable" is all you need to have secure firewall under ubuntu.

     

    When you do need special treatment, is if you using stupid/broken router that "forgets" udp packets. Those fail to remember outgoing packets and drop valid incoming responses. In those cases you open incoming ports and do port forwarding to PC (ie DMZ). Flashing router with LEDE if you own the router is an option aswell.

  8. 15 hours ago, Cobie said:

    i do not use NAT.

     

    If you using router, you do use NAT. I very much doubt your PC has routable public IP.

     

    Anyway... for firewall you only need incoming:blocked, outgoing:open, forward:allow. If you dont use virtual machines then forward can be blocked aswell.

     

    If you using ubuntu and ufw, then no other rules are needed except 'ufw enable'

     

×
×
  • Create New...