pfSense: Guide to Fix Nintendo Switch 2618-0516 Unable to Connect to others console / NAT traversal

Discussion in 'Networking Guides' started by Nimrod, Mar 25, 2017.

  1. Nimrod

    Nimrod Exotic Vendor

    Joined:
    Jun 1, 2007
    Messages:
    1,986
    Likes Received:
    413
    Location:
    London, United Kingdom
    If you've ever tried to play online with a Nintendo Switch behind a pfSense or similar router/firewall, you will likely find out of the box it doesn't quite work alright. Everytime you try to go online on either Splatoon, Mario Kart 8 Deluxe or even Fast RMX you'll just get constant errors when trying to join with the Error Code '2618-0516' Unable to connect to the other user's console / NAT Traversal Process has failed.

    2017032414563200-1AB131B6E6571375B79964211BB3F5AE.jpg
    2017032414563900-1AB131B6E6571375B79964211BB3F5AE.jpg

    This is due to pfSense's out of the box security model with randomizing ports on outgoing connections. It can be easily resolved though by taking the following steps in your Router Config:


    Static IP and Static Port

    Firstly, you'll need to give your Nintendo Switch a Static IP address in pfSense.

    Assuming you are using the out of the box setup you will have your router at 192.168.1.1 and a DHCP server running which is handing IP's out between 192.168.1.100-192.168.1.200. If you are using a different setup, adjust the below steps accordingly.

    Browse to Services > DHCP Server > LAN and then scroll down to "DHCP Static Mappings for this Interface" and click Add.

    Screen Shot 2017-03-25 at 13.30.54.png

    If you are unsure of your Nintendo Switch's Mac, you can get it from by going on the Nintendo Switch's Settings application and selecting 'Internet' and Connection Status. Please remember, if you use an ethernet adaptor when in the Dock you will have a different MAC address for ethernet vs wireless. If you intend to use both methods, you should repeat this for each.

    In the example I used, I gave my Nintendo Switch the IP of 192.168.1.13 because it is within the subnet of the Router's LAN interface but outside of the normal DHCP Pool of random addresses (100-200) meaning the Switch can always have it.

    Apply the changes once done in pfSense, and hard reboot the Nintendo Switch (Press and hold power until the Power Options display and select 'Power Off' as oppose to 'Sleep' as this will turn off the network interface). Then boot up your Switch fresh and you should find it gets its new IP address.

    Next up, we need to add a Static Port in the NAT Firewall section of pfSense. To do this, browse to Firewall > NAT like so and then select the Outbound Tab as seen below.

    Screen Shot 2017-03-24 at 13.26.32.png

    You need to then select 'Hybrid Outbound NAT' and click Save and then Apply the changes.

    The Mapping section just underneath should now become available and you can click the Green 'Add' button to setup your Static Port rule.

    Screen Shot 2017-03-25 at 13.31.20.png

    For the rule, you will need to add the Nintendo Switch's IP to the 'Source', tick the 'Static Port' in the Translation area and then give your rule a nice description. Then you can Save the rule and then click the Apply button to set the rules live on your pfSense box.

    All going well, you should now be able to join other users games when playing on the Nintendo Switch.

    However, all is not over - You currently won't be able to host your own games doing this setup. But that's solvable in the next step.


    Enabling UPnP

    The Nintendo Switch supports UPnP which is a really simple yet clever protocol which can be used on your home network which allows devices to request ports be opened on demand on the firewall / NAT to allow the Switch to make itself connectable to the wider world which in turn lets you become the host on games or host your own private sessions for friends.

    To enable it in pfSense all you need to do is browse to Services > UPnP & NAT-PMP and enable it:

    Screen Shot 2017-03-24 at 13.27.29.png

    Tick the 'Enable' box, as well as UPnP and NAT-PMP specific boxes. You will need to make sure the External Interface is set to WAN and your local network (LAN) interface is selected at the bottom as seen above.

    Click Save at the bottom and the UPnP Service will start.


    Summary and NAT Types

    Once these changes are made, you should find no problem connecting to Games or hosting your own on your Nintendo Switch.

    An interesting point is that Nintendo has added 'NAT Types' to the Nintendo Switch which can be seen when doing Connection Tests:

    2017032512015400-57B4628D2267231D57E0FC1078C0596D.png

    When I first did one out of the box with pfSense; my NAT Type was D and I was unable to join games without getting the 2618-0516 Error. After making the changes in this guide, I got it to C when just doing the Static Port and could join other games and I got it to B once UPnP was also enabled and could also host my own games to.

    After doing some digging, it seems NAT Type A which is perfect can only be achieved when there is no Firewall or NAT taking place (ie; the Nintendo Switch is directly connected to the internet with an external IP address). As such, a Grade B is the best you can expect when the Switch is behind any Router sharing an IP address and is a good enough grade to both join and host online games when playing on the Nintendo Switch.

    I hope this guide helps, and any questions please drop below and we will do our best to assist :)
     
    LaPatrona and InsaneNutter like this.
  2. LaPatrona

    LaPatrona New Member

    Joined:
    Mar 29, 2017
    Messages:
    1
    Likes Received:
    0
    This worked perfectly!
    Thank you so much! ^_^
     
  3. freelivorno

    freelivorno New Member

    Joined:
    Apr 28, 2017
    Messages:
    1
    Likes Received:
    0
    Hi, my router is tp link tl wdr4300, you can see it on pic. How i can set nat?
     

    Attached Files:

  4. wrldwzrd89

    wrldwzrd89 Well-Known Member

    Joined:
    Apr 16, 2017
    Messages:
    46
    Likes Received:
    5
    Thanks for posting this! I need a new router anyway, so I might as well use this guide to pick one to pair with my eventual Nintendo Switch.
     
  5. Leang Kah Heng

    Leang Kah Heng New Member

    Joined:
    Apr 30, 2017
    Messages:
    1
    Likes Received:
    0
    if without pfsense i cannot solve the problem? as i dont know how to install pfsense >.< i have try every method that suggested when i search through google (set the ip at DMZ, port forwading the port 1~65535) enable UPnP. i solve it for 2 days but im still current having NAT TYPE D seriously i dont know what to do anymore...............
     
  6. Tangeek

    Tangeek Member

    Joined:
    Aug 17, 2017
    Messages:
    8
    Likes Received:
    0
    Location:
    Belgium
    Thanks for this awesome guide ! I finally learned what the f* UPnP was. xD Seems crazy but all these years I've never found out.

    Now the remaining question is... Should I do it at work ? ^o^
     
  7. InsaneNutter

    InsaneNutter Resident Nutter Staff Member

    Joined:
    Jun 1, 2007
    Messages:
    10,978
    Likes Received:
    2,983
    Location:
    Yorkshire, England
    UPnP should remain disabled on any sort of work related network, it's a security risk as your allowing anything that supports UPnP to open ports in your firewall and allow remote access your network.

    If you had a WiFi network for employees personal devices running on a different pfSense interface it might be acceptable, as at least that can't access anything on your work related network. Regardless I wouldn't personally.
     
  8. Tangeek

    Tangeek Member

    Joined:
    Aug 17, 2017
    Messages:
    8
    Likes Received:
    0
    Location:
    Belgium
    I was trying to be funny, but hey, thank you for the actually interesting answer. :) I thought about it on my own and came to the same conclusion (while playing Splatoon, but don't judge, you'd do the same, right ?).
    I tested it on a different gateway we use for "dangerous experiments" and I found out that I manage to get a "B" grade just by setting a fixed port in a NAT rule. I don't need the UPnP. I don't know why (we don't have a very complex setup, it's pretty much out of the box), maybe a different version ? I've used pfSense 2.3.4. Absolutely not a problem, I just thought I should mention it. For science.
     
  9. Nimrod

    Nimrod Exotic Vendor

    Joined:
    Jun 1, 2007
    Messages:
    1,986
    Likes Received:
    413
    Location:
    London, United Kingdom
    Interesting, when I was doing my initial testing I was struggling not getting above Grade C before I introduced UPnP. Similarly I was struggling a bit on Mario Kart 8 joining games before I did.
    The one thing I did do with my UPNP Setup though was lock it down so ONLY Games Consoles could access it:

    Screen Shot 2017-08-26 at 17.28.34.png
     
  10. Tangeek

    Tangeek Member

    Joined:
    Aug 17, 2017
    Messages:
    8
    Likes Received:
    0
    Location:
    Belgium
    Oh, so you can filter UPnP by host. I've missed it, thanks. I'll keep UPnP active but filter it, just in case a game needs it (I haven't tested with Mario Kart or any other, I only own Splatoon for now). I'll try to dig into why I manage to have a B setup without it, though. Who knows, maybe I'll find a security issue in our network. :D
     
  11. DDDave

    DDDave New Member

    Joined:
    Apr 1, 2018
    Messages:
    1
    Likes Received:
    0
    Thanks for the great info, I was attempting all sorts of complexity to push through a unique IP via a VPN just for the switch with all ports forwarded. It looks as if just changing the NAT mode to apply static ports against that single host, worked perfectly in PFSense. Previously I always had NAT Type D = No multiplayer in Mario Kart! As soon as the NAT rules were changed to apply "Static Port" to the Nintendo Switch only, it instantly changed to NAT Type B, and multiplayer worked perfectly.

    Very very happy I found your post - thank you!!!!


    Everything I found suggests that the Nintendo Switch does not support uPnP - has this changed now in which case I'll enable it for that host - however given its a security risk, can anyone confirm uPNP is supported as of 2018, and does assist the switches multiplayer game hosting? (There's a lot of outdated / miss-information on the web about this?).

    Thanks again!!!
     
  12. Nimrod

    Nimrod Exotic Vendor

    Joined:
    Jun 1, 2007
    Messages:
    1,986
    Likes Received:
    413
    Location:
    London, United Kingdom
    To be honest @DDDave, I don't think anyone knows for sure.
    My belief right now as of todays date from looking at the UPnP logs is the Nintendo Switch never requests open ports (at least in my setup, but I never host games - I'm always joining others), but with constant firmware updates and game updates I think it's only time until a network implementation in some game does use it, either at a device level, or the application level itself.

    To put it into perspective, both the Xbox One and Playstation 4 use it - and as the Nintendo Switch online play catches up to those two, I can only assume it's a matter of time as oppose to never - but I'm happy to be wrong!

    If you look at my post a few above I've setup UPnP by default to be blocked on all devices, then add Games Consoles to the allow list for UPnP.
    While UPnP certainly has a lot of security risks with any device being able to open ports, I think it's safe to say Games Consoles are relatively safe to give that permission to - it's not as if they run unsigned code or ever been hacked from having open network ports. The benefit of using pfSense is you can fine tune those settings to have UPnP Enabled but denied by default to all network devices with an exception on an 'allowed list' which would contain Games Consoles like below.

    [​IMG]
    In this setup, my two games consoles (Xbox and Nintendo Switch), can open any ports between 80-65535 and any other devices on my network will be rejected if they request ports.

    Hope this helps! If anyone does have any UPnP Activity on their Nintendo Switch playing various games online, it could be good to know so we can get a proper answer to this.
     

Share This Page