How Protected 250 FPS Servers Work
A detailed explanation in simple terms.
Why?
To protect tournament servers from DDoS attacks, which I wrote about earlier.
How does the protection work?
Imagine a cyber cafe. The computers inside are connected to a local network. You can't connect to them from the outside because they don't have a public IP address, only a local one. We've done essentially the same thing, but over the internet — we've connected the game servers and participants into a virtual private network (VPN) with "local" addresses.
Do we need to hide the server IPs and be offline on Steam?
No. No one can connect to a server unless they are on the same virtual network. So direct connection via a public IP or through the Steam friends list is impossible.
What if a hacker gets into the network?
Access to the network is granted by an administrator, so attackers cannot use other people's computers for their attacks. If they use their own, they will be quickly identified and blocked.
Where are the servers located?
At different times, up to 8 servers were operating in our network: Moscow, Yekaterinburg, Nizhny Novgorod, Tallinn, Warsaw, Frankfurt, Stockholm, and Helsinki.
Does this affect ping?
Classic VPN services usually route traffic through an intermediary server (this is how they bypass geo-blocks). Such detours would significantly increase ping for most players. However, we use Tailscale, which allows for direct connections to the game servers. Therefore, the impact on ping is minimal.
Does timenudge work?
It turned out that the Quake Live client considers a server to be local not only based on its settings but also by the first two numbers in its IP address. In local networks, these are usually the same, so the game thinks you are nearby and disables timenudge. Fortunately, Tailscale allowed us to put the game servers in a separate subnet. So the game stopped recognizing the connection as local, and timenudge started working correctly.
Does this affect FPS?
No noticeable impact on FPS has been detected.
Will OBS and other programs break?
No. They have no reason to interact with the new virtual network.
Is this safe?
Tailscale is open-source. It is used by many well-known companies, so the software itself should not pose a threat. The established connections are also secure, as they use the WireGuard protocol, which encrypts all information on the client side. Direct connections between players are forbidden in our case.
What else?
We are testing the connection to one server through another, similar to ExitLag. In some cases, this can reduce ping or packet loss. You just connect to the game server via a special port, and the traffic goes through an alternative route.
How did you come up with this?
Many thanks to moderator_danpro for the idea and the competent implementation of this solution. It literally saved our league! Also, thanks to EGB for paying for the servers, thanks to yarrr and Siberiz for helping with the servers, and thanks to Shambler for keeping the network operational (connecting new players and streamers, regular server reboots).
Why?
To protect tournament servers from DDoS attacks, which I wrote about earlier.
How does the protection work?
Imagine a cyber cafe. The computers inside are connected to a local network. You can't connect to them from the outside because they don't have a public IP address, only a local one. We've done essentially the same thing, but over the internet — we've connected the game servers and participants into a virtual private network (VPN) with "local" addresses.
Do we need to hide the server IPs and be offline on Steam?
No. No one can connect to a server unless they are on the same virtual network. So direct connection via a public IP or through the Steam friends list is impossible.
What if a hacker gets into the network?
Access to the network is granted by an administrator, so attackers cannot use other people's computers for their attacks. If they use their own, they will be quickly identified and blocked.
Where are the servers located?
At different times, up to 8 servers were operating in our network: Moscow, Yekaterinburg, Nizhny Novgorod, Tallinn, Warsaw, Frankfurt, Stockholm, and Helsinki.
Does this affect ping?
Classic VPN services usually route traffic through an intermediary server (this is how they bypass geo-blocks). Such detours would significantly increase ping for most players. However, we use Tailscale, which allows for direct connections to the game servers. Therefore, the impact on ping is minimal.
Does timenudge work?
It turned out that the Quake Live client considers a server to be local not only based on its settings but also by the first two numbers in its IP address. In local networks, these are usually the same, so the game thinks you are nearby and disables timenudge. Fortunately, Tailscale allowed us to put the game servers in a separate subnet. So the game stopped recognizing the connection as local, and timenudge started working correctly.
Does this affect FPS?
No noticeable impact on FPS has been detected.
Will OBS and other programs break?
No. They have no reason to interact with the new virtual network.
Is this safe?
Tailscale is open-source. It is used by many well-known companies, so the software itself should not pose a threat. The established connections are also secure, as they use the WireGuard protocol, which encrypts all information on the client side. Direct connections between players are forbidden in our case.
What else?
We are testing the connection to one server through another, similar to ExitLag. In some cases, this can reduce ping or packet loss. You just connect to the game server via a special port, and the traffic goes through an alternative route.
How did you come up with this?
Many thanks to moderator_danpro for the idea and the competent implementation of this solution. It literally saved our league! Also, thanks to EGB for paying for the servers, thanks to yarrr and Siberiz for helping with the servers, and thanks to Shambler for keeping the network operational (connecting new players and streamers, regular server reboots).
