Hosting a DCS game server at home without obviously showing home IP (at a monthly cost)

TL;DR:

• Just an experimental idea, NOT tested by real attack
• Host your DCS Server at home on a separate/old PC
• Rent the cheapest low-end VM on Linode running at nearest datacenter ($5/month at time of writing)
• Follow Linode’s OpenVPN guide to setup OpenVPN service on the rental VM.
• Connect your DCS Server PC to your new private OpenVPN
• Setup DMZ (port forwarding) on the OpenVPN server to forward 10308 TCP/UDP to this client (your DCS Server PC).
• Show people the Linode VM’s IP. Not your home IP.

— — — — — — — — — — — — — — — — — — — — — — — -

Running a DCS game server on a home PC for a short period of time is usually OK: the only minor trouble people may have to go through is the initial port forwarding setup on their home router.

However, if a game server has to run for a long time, especially when the server is publicly listed and becomes popular enough to attract a few haters (probably because admin kicked someone TKing), the game server then may have to face cheap but effective paid attacks like DDoS.

For non-for-profit server owners, getting DDoS attacked is just a minor annoyance when the game server itself has to go down. There are plenty of other servers and other games worth playing. But if the game server is running at the owner’s home, exposing the home IP Address, there’s the additional trouble that the entire home internet may also go down, until the ISP provides additional help.

Previously I had tried just renting an Azure Windows VM to host DCS. Azure’s internet is sure super fast but Azure is also expensive. Windows VM isn’t cheap anywhere, and DCS only runs on Windows.

So, I’ve been thinking, can I setup a DCS server at home using my old PC, without having to expose my home IP Address all over the internet?

First, where can I get an additional IP address that’s not related to my home? Rent a shared VM with dedicated IP. In this case my experiment started with Linode since it looks somewhat more reliable than those random VPS companies that disappear every half year.

Then, how can I link the network between my old home PC and the rental VM’s IP? Here I use OpenVPN. Linode has a guide article on how to directly rent a Linode VM with OpenVPN Server pre-installed. During the setup it will ask you to set some OpenVPN server admin password. Make sure it’s very long and unique. Just use a password manager like your browser’s “remember password” feature. This is other people’s (Linode’s) computer. Don’t use your usual password there! Write it down if you have to. Longer is better. Also, remember to select the “Private IP” option.

Marketplace: select latest OpenVPN and set initial password

first time login, the username is openvpn

Once the OpenVPN server is up, you can login to it with default username openvpn. and the password you set during the Linode marketplace setup. Go to the “Admin” area.

In User Management, create a “dcs” user, allow it to auto-login, give it a different password, and most importantly, set the DMZ settings to “Yes”.

Then in DMZ IP Address, setup the ports you want the VPN Server to forward to the VPN Client with this user “dcs”.

For example:

203.0.113.123:tcp/10308
203.0.113.123:udp/10308
203.0.113.123:tcp/10309
203.0.113.123:udp/10309
203.0.113.123:tcp/5002
203.0.113.123:udp/5002

For minimum DCS setup you only need TCP and UDP 10308.

Additionally you may want to setup in-game voice service on 10309 and SRS Server (if installed) on 5002.

In the above example, 203.0.113.123 is your Linode OpenVPN Server’s IP Address.

Example openvpn user settings

Then, on the home PC for DCS Server, install OpenVPN Client. Connect to the newly setup OpenVPN Server using the “dcs” user. Now open a browser and search for “what is my ip” you should see the OpenVPN Server’s IP, not your home IP.

Then, run the DCS Server. Set it as public. The game server should internally connect to digitalcombatsimulator.com just like your browser and the website will see the VPN Server’s IP and show that to other players on the public server list.

Note:

• The DCS dedicate server application can serve on a low spec Windows PC, without a need for 3D graphics card.
• Linode’s VM rental _can_ get expensive if the total monthly data transfer goes beyond their limit
• Linode claims to have built-in DDoS protection for all customers but I never tried it. Supposedly $5 VM may get knocked down even before DDoS protection mechanism kicks in. But the main purpose is to contain the damage, so home network is still usable.
• The game’s network protocol may or may not still expose your home IP. This is not thoroughly checked.
• If you run SRS double check it doesn’t expose your IP. You may have to manually set the auto-connect IP in DCS server configurations to avoid leaking the home IP too easily.
• It is still possible that if the VPN goes down and DCS refreshes its connection to digitalcombatsimulator.com, the home IP may still leak out. This is not a 100% protection. It is only partial information hiding!