Scott Alan Miller

Friday, November 18, 2005

AoE2 or Age of Empires II over the Internet

I realize that at this point this is a really old, legacy topic to talk about but it has been an ongoing discussion for years and I am getting tired of trying to support this and not being able to find anything written about it online so I am posting the necessary information here.

What is the issue? The issue is that Age of Empires 2 supports up to eight players in a "LAN" setting. Players with public IP addresses can play with each other as well. However, most players would like to be able to host their own game without needing to use the horrible "online" system that Microsoft came up with and need to be able to use regular networks that exists for home users today which include a single public, dynamic IP address with one or many users behind that firewall connected over the Internet to one or more other public IP addresses each with one or more players assigned to it. The issue is that AoE2 using Microsoft's DirectPlay peer to peer architecture which does not, in any way, support this structure.

What can be done easily is connecting many players playing from many sites as long as there is only a single player behind each public IP address. This is easy. Simply use port forwarding on each firewall to make each player's computer appear to be on the public Internet. A simple Google search will turn up which ports need to be forwarded.

The real challenge comes in when you want to have more than one player behind a single public IP address. There is no straight-forward way to do this. You cannot do this with port forwarding because of the dynamic and overlapping port assignments used by DirectPlay. Host based VPN solutions are difficult at best to attempt. DirectPlay does not appear to support the architecture necessary for many host based VPN solutions.

What is the real solution? After years of attempting to find a good solution to this problem I have found only one really useful solution. That is a network to network VPN solution using a transport such as IPSec. The option that we decided to try is the IPSec VPN hardware solution available from Netgear. The Netgear solutions that we tried our integrated router/VPN units that are simple to use and decently inexpensive. We have used them in a variety of configurations and they have worked reliably and solidly.

How does this work where other solutions do not? Unlike any other solutions, the IPSec N2N VPN solution works by hiding all levels of the VPN process from the host computers which are running AoE2. The public Internet is hidden 100% and all of the computers on the new virtual LAN are unaware that they are going over the Internet and they interact exactly as if they were on the LAN (although the broadcast domain is chopped so you do have to enter the server IP address instead of using broadcast based discovery methods.) This is different from host based VPNs because any host based solution has an opportunity for the DirectPlay layer to be "confused" or to detect the VPN and can "disallow" the communications.

Currently I have been working with someone who is trying to find a host based VPN solution to allow AoE2 to be played over the Internet with multiple users at a single site but, as of yet, the problems have remained consistent over the years. I am sure that there are many N2N VPN solutions that will also work but I have not had time to test any others. I am interested to see how well a SmoothWall firewall IPSec VPN will perform, for example.


  • Hey, you have a great blog here! You really are very talented and deserve an honest compliment, congradulations! I'm definitely going to bookmark you!

    I have a make money with mlm site/blog. It pretty much covers make money with mlm related stuff.

    Come and check it out if you get time, Scott :-)

    By Blogger Scott Edwards, at 4:14 PM  

  • please post an article on

    *IPsec* n2n

    By Blogger Fossil fuels are green, at 5:23 AM  

Post a Comment

<< Home