Exposing game servers over Tailscale
Published on
I’ve recently been playing a lot of Factorio with a friend. I’ve been hosting, but my desktop computer is behind far too many layers of NAT, and I can’t be bothered dealing with setting up port forwards. Up until today we made do with Steam’s networking support, which in our case ended up relaying the connection via one of their servers. This is amazing as a free, no-hassle service, but the performance was so-so. We’d get random lag spikes, or the initial map download would crawl along at about 1/100th of the speed we should be able to get. We’re both fans of Tailscale though, so maybe there’s an easy solution there?
Tailscale even have an article on sharing a Factorio server but it’s a ten minute long video1, and focused on setting up an actual dedicated server in Docker rather than just clicking the convenient “Host” button in the game client. What we did instead was:
- I shared my desktop’s Tailscale node with my friend, by creating a sharing link in the Admin console
- My friend accepted the link, and could then see my machine in their admin panel
- I used
tailscale lockto sign my friend’s desktop’s node key, as I have tailnet lock enabled - I added a grant to my tailnet’s ACL to permit access from my friend to the specific IP/port on my tailnet:
{
"src": ["friend@example.com"],
"dst": ["100.0.0.42", "fd7a::42"],
"ip": ["udp:34197"],
}
After this, my friend could connect to Factorio by entering the Tailscale IP address, or the Tailscale hostname (as they use MagicDNS).
Running tailscale status shows that Tailscale managed to establish a direct connection despite the many layers of NAT involved,
and the performance improvements were significant and immediate.
We did a bit of testing, and confirmed that no other services on my machine are accessible. And sharing a machine by default only allows it to accept incoming connections, so I can’t get unwanted access to anything on my friend’s Tailnet, either.
I’ve written before about all the different ways I use Tailscale; this is yet another new way it’s solved a problem for me.
-
I’m not a fan of video tutorials at the best of times, but especially not when I want to do something as quickly as possible so I can get back to
my addictiongrowing the factory. ↩︎
Thanks for reading!
Have thoughts? Send me an e-mail!
Related posts
Avoiding the Consequences of Dumb Laws with Tailscale
More and more sites are implementing privacy-invading age checks or just completely blocking the UK thanks to the Online Safety Act. Protecting kids from some content online is certainly a noble goal, but the asinine guidance from Ofcom, threats of absolutely disproportionate fines, and the stupidly broad categories of content have resulted in companies just giving up or going through a tick-box e...
How I use Tailscale
I’ve been using Tailscale for around four years to connect my disparate devices, servers and apps together. I wanted to talk a bit about how I use it, some cool features you might not know about, and some stumbling blocks I encountered. I’m not sure Tailscale needs an introduction for the likely audience of this blog, but I’ll give one anyway. Tailscale is basically a WireGuard o...
Docker reverse proxying, redux
Six years ago, I described my system for configuring a reverse proxy for docker containers. It involved six containers including a key-value store and a webserver. Nothing in that system has persisted to this day. Don’t get me wrong – it worked – but there were a lot of rough edges and areas for improvement. Microservices and their limitations My goal was to follow the UNIX philo...
MD87
#nobridge
I've recently been playing a lot of [Factorio](https://factorio.com/) with a friend. I've been hosting, but my desktop computer is behind far too many layers of NAT, and I can't be bothered dealing ...