com.unity.netcode.gameobjects icon indicating copy to clipboard operation
com.unity.netcode.gameobjects copied to clipboard
verified publisher icon Unity-Technologies

Secure connection over Relay UTP

Open Daniel4144 opened this issue 3 years ago • 5 comments

Hi, I am not able to establish a secure connection for NGO with the Relay Unity Transport. I have pretty much copied the code samples from the relay documentation which works fine, but if I modify the code to use a secure connection, host and client do not connect (no errors or warnings). I only added the isSecure=true parameter to the SetRelayData methods.

I had the same problem without the isSecure flag in the past in one specific network (the problem was the firewall blocking), but now it does not work in any network, so I thought maybe I am missing something else. I found very little documentation about the encryption, but I think the setup should be handled by the UnityTransport component?

Can someone confirm if this should work or does work for them in the current version?

Also, #1197 mentions DTLS without relay. How do you setup that? Only the SetRelayData methods contain a parameter for secure connection.

Unity 2021.2.10f1 NGO Version 1.0.0-pre.5 UTP for NGO Version 1.0.0-pre.5 Relay Version 1.0.1-pre.3 Platform: Windows 11

Sample project: test-ngo-relay.zip

Daniel4144 avatar Feb 22 '22 16:02 Daniel4144

Finally I got it working, I missed one step in the setup. A relay allocation contains several server endpoints, I had to select the secure one instead of using the default ip and port:

foreach (var endpoint in allocation.ServerEndpoints)
{
    if (endpoint.Secure)
    {
        ip = endpoint.Host;
        port = endpoint.Port;
        break;
    }
}

This has to be done on both the host for the Allocation and on the clients for the JoinAllocation.

Daniel4144 avatar Feb 23 '22 14:02 Daniel4144

I still do not know if as secure connection over UTP without the relay is possible, so I reopen the issue.

Daniel4144 avatar Feb 23 '22 14:02 Daniel4144

Same here, it would be useful to have a concrete documentation on encryption without relay

NaolShow avatar Mar 13 '22 11:03 NaolShow

@Daniel4144 you do not need the relay in order to have a secure connection via UTP.

You can do a NetworkSettings.WithSecureParameters and thus when you create the NetworkDriver with these settings it will properly use the SecureProtocol under the covers. It should be noted that the Relay uses its own protocol built on top of the secure protocol but if you want to use the secure protocol itself then you need to use the WithSecureParameters

wackoisgod avatar Mar 24 '22 16:03 wackoisgod

Thank you for your reply @wackoisgod. Normally it is not required to create a NetworkDriver manually, I assume that is done automatically under the hood when using Netcode with UnityTransport. Is there a sample project or documentation for how to configure that with a secure connection?

Daniel4144 avatar Mar 28 '22 11:03 Daniel4144