[cod] Waiting for CDKey Authentication [EXE_AWATINGCDKEYAUTH] never stop

Bryan Kuhn bryan at infinityward.com
Wed Nov 26 14:57:30 EST 2003


The ip the auth server sees is the client public ip address, not the
private nat address.

Wednesday, November 26, 2003, 11:57:45 AM, you wrote:
> Bryan Kuhn schrieb:

>> So far I don't think I've seen any case of the linux/windows server
>> not working correctly, its all just been firewall issues.
>> 
>> CD-key auth works like this
> thx for the info !
>> client - "connect xxx.xxx.xxx.xxx"
>> 
>> client -> cd-key -> auth server
>> auth server -> key-ok -> client
>> 
>> clients ip address is now authorized
> ok but what is if you play behind a nat machine your ip will have 
> 10.0.0.1 as example and maybe that ip is authed.

It will authorize whatever your public nat ip is. This is where the
problems come in, it authorizes say 216.239.57.99, but your server is
on 192.168.0.1 in a dmz, so you connect to the server as 10.0.0.1
since its all still behind your firewall, the server asks the auth
server about 10.0.0.1, and it knows nothing.

>> client -> connect -> server
>> server -> client ip -> auth server
>>            ^^ this IP address needs to be the same as in the client
>>            auth step
>> 
>> auth server -> ip is authorized -> server
>> server -> join -> client
> yep working fine if you join a server that also is behind nat but not if
> you join a server that is not behind nat right ?

The nat is just a layer of complexity, it all still works on public ip
addresses. A server on a private ip address doesn't know it is so it
still authorizes keys.

>> If your on the same subnet as the server you won't need to
>> authorize keys.
> I think we really see the problem now.
> If you are behind nat and want to play on a server without only private
> network around we have a problem.

> What do you think?

> Thx
> Daniel





More information about the Cod mailing list