Originally posted by kommie:

Need Help With Unable to perform NATPunch (66) Networking Error
Hi Larian Games... need your help understanding how to proceed through NAT Punch in order to make a direct connection. According to the networking log, I am getting the following error (where xxx.xxx.xxx.xxx is my ip).

[D:\Jenkins\workspace\Repo\FW4\Live\Stable\LSProjects\Framework\Code\GameNet\AbstractPeer.cpp 1539 net::AbstractPeer::ProcessPackets]: [NET] xxx.xxx.xxx.xxx:54045 <5765827437162631781> Punching ... FAILURE [] [D:\Jenkins\workspace\Repo\FW4\Live\Stable\LSProjects\Apps\Gustav\Code\EoCClient\Client\EocClient.cpp 1970 ecl::EocClient::HandleError]: Handling error: Unable to perform NATPunch (66)

So here's what I've tried to solve the Unable to perform NATPunch (66) error:

• I checked to make sure everything was plugged in correctly.
  
• I made certain I had no host firewalls or anything of the sort enabled for the tests.
  
• Upon looking up other games by Larian, I tried opening 23253-23262 and 23243-23252. I also opened port 61111 as that frequently showed up in my packet inspection. When I open the game I see packets successfully go through my router to your server at 18.168.89.46 and other things. But I still receive the error Unable to perform NATPunch (66).
  
• I tried enabling a UPnP service that allowed 1024-65535 10.10.10.0/24 1024-65535 (where 10.10.10.0/24 covers the IP range of my internal network).
  
• I tried doing all the above again, but enabling ICMP Echo Requests, on the off chance that your NAT Server worked similarly to this -> https://github.com/samyk/pwnat - I also opened it up on port 7 TCP/UDP.
  
• Because I really started to get frustrated, I opened ports 1024-65536, since I saw in your network log that it uses a random port each time (like 54045 above), but still was met with the same NATPunch (66) error.

None of the above solved the problem or resulted in different behavior by the game client.

This all leads me to conclude that there is some kind of additional thing needed to interact with the NATPunch server, but I don't know what. Can you tell me what I need to do exactly?

Preferably I'd like Gustav to answer as I have been trolled by his Jenkin's CI/CD for the last 36 hours. Thank you!

You want to send your message to support@larian.com via email.

Have you tried to write manually the code instead of pasting it?

Can you join random multiplayer games, or is this just attempting to connect to one particular host?

If it's every game, yeah it's probably on your end.

If it's just one host you have issues joining, it's probably them.

I've seen a few people in multiplayer get this issue, and just about every time it was solved by creating a new lobby and reloading the save.

have u solved it by any chance?

For those having this error in multiplayer and playing cross steam and gog, I hope this helps:

There were 3 of us on STEAM and one on GOG, impossible to play together in direct connection with NATpunch error. We finally succeeded by doing this:

- Player 1 on STEAM uses Direct Connect and sends the code ONLY to Player 2 on GOG

- ONLY AFTER player 2 joins the lobby, player 1 on Steam sends an invitation WITH STEAM (no code) to player 3 and player 4

So far so good doing it this way

Mine is not even cross play - it just happens on steam to steam

NAT Type Restrictions: NAT is a network technology that allows multiple devices on a local network to share a single public IP address. Different NAT types (e.g., Open, Moderate, Strict) can affect the ability to establish direct connections. If you or other players have a Strict NAT type, it can lead to NATPunch errors.

Firewall or Router Settings: Network security settings, including firewalls and router configurations, can block the necessary ports and protocols required for peer-to-peer connections. This can result in NATPunch errors.

Double NAT: If you have a router behind another router (double NAT), it can complicate NAT traversal and cause connectivity issues.

Network Congestion: Heavy network traffic or congestion can also disrupt the establishment of direct connections, leading to NATPunch errors.

To resolve a "NATPunch (66) error," you can try the following steps:

Check NAT Type: Ensure that your NAT type is set to Open or Moderate. You may need to adjust your router settings or contact your internet service provider (ISP) for assistance.

Port Forwarding: Configure port forwarding on your router to allow the necessary ports and protocols for the game or application you're using. The specific ports required can vary by game, so consult the game's documentation or support resources for guidance.

UPnP (Universal Plug and Play): If your router supports UPnP, make sure it's enabled. UPnP can help automatically open the required ports for online gaming.

Network Quality: Ensure that your internet connection is stable and not experiencing heavy congestion. Disconnecting other devices from the network while gaming can help improve performance.

Consider a VPN: In some cases, using a virtual private network (VPN) can help bypass certain NAT restrictions and improve connectivity.

OK so after weeks of just praying the game is gonna work me and my friend found something that works.

ZeroTier sort of VPN thing.

We both download that and run it , and then we just join the game under LAN and it works fine.

You need to create a *network* and join it on their site .

No lagg nothing it just ... fixes it .

I resolved this by allowing all incoming connections for the game's exe.

Start > windows firewall > incoming connection rules > I selected all the "bg3.exe" rules and set them to "allow".

My friend was then immediately able to connect to my direct connect ID.

Hi there,

I was able to fix this in the end. The issue was that the Larian server will keep using random ports to generate the connection, so depending on your router software, they will not allow the requests through (in my opinion, they shouldn't as it's a security risk, so it not working is probably the result of having more competent software by default).

However, I was able to enable my router software to generate the outbound NAT rules to allow the Larian server to communicate with it however it comes through, and I enable this only while playing Baldur's Gate.

If you're using OPNSense like me, after setting your port forwarding like normal for any game, go to Firewall > Nat > Outbound. The default is that there won't be anything automatically generated. Switch this to Hybrid for the IP of the person hosting the game, and any source port/any destination port/any destination.

This tells your router, no matter what is generated or how Larian load balances their server, to let the ports in to the IP specified.

Home consumer routers may not have this protection, and because it depends on your router firmware, the results and process will be variable for everyone.

Another simpler way to get around this issue is likely to put yourself and all of your friends (if you trust them) onto a VPN. I don't recommend ZeroTier or other such softwares even if they are "easier." You can just setup a Wireguard VPN (free and open source, not stealing your data) between you and your friends for this as a workaround. Then you use your Wireguard IPs to direct connect.

Good luck to anyone else having this issue.

Just a heads-up:

This won't fix issues where the host is using the game DRM-free or on GOG, has a CGNAT/Dual Stack Lite and/or didn't properly configure port forwards.

At least one of both sides (client or host) needs to have a dedicated IPv4 address and properly forwarded ports. If the host is on CGNAT/Dual Stack Lite, but the client isn't, connection reversal (host connecting to the client) will be attempted.

The ports are the same as those of Divinity Original Sin 2, in fact the netcode is the same, therefore enable UPnP (which will make BG3 request the needed ports from the router) or manually forward the following ports:
UDP 23243 to 23262

If both players are on Steam, the host needs to invite the friend to the game to make use of Steam Datagram Relay instead.

For optimal performance of SDR, set Steam Networking to always share your IP address, then, if you are not behind CGNAT nor Dual Stack Lite, forward the following ports:
UDP 27014 to 27030
UDP 3478
UDP 4379
UDP 4380

These settings will make SDR use a direct connection if physically possible (when at least one of both sides has a dedicated IPv4 address).

TL;DR: The game uses peer-to-peer. Players are therefore solely responsible for connectivity and being directly reachable is advised.

Originally posted by kommie:

Hi there,

I was able to fix this in the end. The issue was that the Larian server will keep using random ports to generate the connection, so depending on your router software, they will not allow the requests through (in my opinion, they shouldn't as it's a security risk, so it not working is probably the result of having more competent software by default).

However, I was able to enable my router software to generate the outbound NAT rules to allow the Larian server to communicate with it however it comes through, and I enable this only while playing Baldur's Gate.

If you're using OPNSense like me, after setting your port forwarding like normal for any game, go to Firewall > Nat > Outbound. The default is that there won't be anything automatically generated. Switch this to Hybrid for the IP of the person hosting the game, and any source port/any destination port/any destination.

This tells your router, no matter what is generated or how Larian load balances their server, to let the ports in to the IP specified.

Home consumer routers may not have this protection, and because it depends on your router firmware, the results and process will be variable for everyone.

Another simpler way to get around this issue is likely to put yourself and all of your friends (if you trust them) onto a VPN. I don't recommend ZeroTier or other such softwares even if they are "easier." You can just setup a Wireguard VPN (free and open source, not stealing your data) between you and your friends for this as a workaround. Then you use your Wireguard IPs to direct connect.

Good luck to anyone else having this issue.

In my experience, all of this is unnecessary. I never had to go further than the old "Have you tried turning it off and on again?". The "it" here being either the game only, or Steam.