This project enables the creation of additional servers that function as a Content Delivery Network (CDN) for World of Warcraft private servers. It allows you to conceal your main server IP from users. Players connect to the relay servers, which then handle and forward packets to the main server. This setup not only protects your main server from DDoS attacks but also provides a smoother gameplay experience by having CDNs at different locations.
This project reads and handles packets from the client for AuthServer and functions like a WoW Auth Server and WoW Client. Additionally, it edits the REALMLIST_PACKET to replace the main server IP with the relay IP. Contributions are welcome.
Contrary to what some may believe, adding another node can actually decrease ping for users. For instance, if your server is located in the EU, but you have players in North and South America, each player will have a different network route to the EU. If you establish a server in the US with a better route to your EU server, players can connect to your US server. This server will then forward packets via the better route, resulting in improved ping for players.
Most DDoS attacks utilize packet types such as UDP, ACK, SYN, etc. This tool does not forward all types of these attacks to your main server. By implementing rate limits on your UFW/IPtable, you can further protect your main server from DDoS attacks. If one of your servers is under attack, some users connected to that server may get disconnected, but others can still play. While this tool can help mitigate the effects of DDoS attacks, it does not provide 100% protection. It simply adds an additional layer of network security.
While you can use other tools to forward packets, load balancers, etc., it's important to understand that by default, TrinityCore/AzerothCore retrieves the user's IP from the remote socket IP. This means that when you use something like IPTable, the user's IP on the WoW server is your relay server's IP. For instance, if us-relay1's IP is 8.8.8.8, and a player connected to that server attempts the wrong password multiple times, the server will ban 8.8.8.8 instead of the user's IP. Consequently, no one can connect to the server from the us-relay1 node. For users connected to the WoW server from the us-relay1 node, the IP will always be 8.8.8.8, and in the game, if you cannot retrieve the real player's IP, you will always see the relay node IPs.
This project works like other forwarders by default, but with a difference: it only works for WoW and reads, parses, and handles packets. To fix the read-ip issue, we added a custom packet for WorldServer and AuthServer with these Opcodes:
RELAY_SERVER_CMD_AUTH = 0x64 // 100
RELAY_SERVER_CMD_WORLD = 0xA32 // 2610
If you enable send_relay_packet in the config file, this project will send a relay packet to the auth and world server after opening a socket connection. This packet includes a secret key and the real IP of the user. Your Auth and World servers need to parse this packet and replace the user IP with the IP inside this packet.
| Offset | Size | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | 1 | uint8 | OpCode | Opcode for relay custom packet. RELAY_SERVER_CMD_AUTH = 0x64 |
| 0x1 | 2 | uint16 | Secret_Len | Secret key length |
| 0x3 | 2 | uint16 | IP_len | The length of user IP |
| 0x5 | - | String | Secret_Key | The secret key value starts from 0x5 and ends with Secret_Len |
| - | - | String | User_IP | User IP address |
| Offset | Size | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | 2 | uint16 | Size | Packet Header - Size of Packet (Size of the packet including the opcode field.) |
| 0x2 | 4 | uint32 | CMD | Packet Header - Opcode or Command for relay custom packet. RELAY_SERVER_CMD_WORLD = 0xA32 |
| Offset | Size | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | - | String | Secret_Key | The secret key value starts from 0x6 and ends with Secret_Len. (Null terminated string) |
| - | - | String | User_IP | User IP address. (Null terminated string) |
For TrinityCore, you can refer to masterking32/TrinityCore-Relay-Support and this specific commit for version 3.3.5. These resources will guide you on how to make custom changes to your core to support handling and parsing of the relay packet.
Check these changes for AzerothCore
Please Note: If you haven't made any custom changes to the core, ensure that send_relay_packet is set to false. If you have made custom changes, set send_relay_packet to true and establish a secure secret_key that is between 32 to 64 characters long (the maximum allowed value is 64). This secret_key should be the same in both this project's config.js file and your core configuration files, authserver.conf and worldserver.conf.
-
Install the required packages:
apt install curl git nano sudo
-
Install NodeJS (version 20 or higher):
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo bash - sudo apt-get install -y nodejs -
Download the project:
git clone https://github.com/masterking32/WoW-Server-Relay cd WoW-Server-Relay -
Install NPM Packages:
npm install
-
Configure the project:
cp config.js.sample config.js nano config.js
-
Run the project:
node app.js
-
Run as Service/Startup:
npm install pm2 -g pm2 start app.js pm2 startup pm2 save
Note: For optimal performance, support for real user IP, and to ensure the IP ban function works on your server, you need to make some modifications to your core. Please read this section and apply the necessary changes to your core.
- Download and install the latest version of NodeJS.
- Download the project and extract the files.
- Navigate to the project directory and rename
config.js.sampletoconfig.js. - Modify the
config.jsfile with your server information. - Open the
Command Prompt, navigate to the project directory. - Run the command
node app.js. - Ensure that the necessary ports are open in your firewall.
Note: For optimal performance, support for real user IP, and to ensure the IP ban function works on your server, you need to make some modifications to your core. Please read this section and apply the necessary changes to your core.
This project was developed by Amin.MasterkinG. You can also find me on Github.