Sentry Tunnel for rAthena/Ragnarok

This guide explains how to create and configure a Sentry/VXLAN tunnel, using a Ragnarok Online server as an example (rAthena emulator running on 108.61.149.182:6900).

1. Setup

Follow the Sentry Tunnel General Setup guide here.

2. Whitelist VXLAN and Backend Ports

Your VPS/Dedicated server might have a firewall which is blocking outside connections by default (or a Security Group put in place by your Cloud Provider). In this case, it's important to make sure your server port and the VXLAN's port are both accepting connections. This can be achieved by using UFW or iptables.

Using UFW

ufw allow <port>/udp
ufw allow <port>/tcp

Then verify the status by running:

ufw status

Using iptables

iptables -A INPUT -p udp --dport <PORT> -j ACCEPT
iptables -A INPUT -p tcp --dport <PORT> -j ACCEPT
iptables -A OUTPUT -p tcp --sport <PORT> -j ACCEPT
iptables -A OUTPUT -p udp --sport <PORT> -j ACCEPT

Then verify your configuration by running:

3. Execution

Now you just need to run the provided script, once completed:

• Your server will now be reachable via the assigned public IP (e.g., 104.234.6.128).

• The server latency depends on the Anycast region and distance from your users.

You can verify that the tunnel was created by running:

Originally I have the Ragnarok server running on: 108.61.149.182:6900

After running the setup script, the players can now connect using: 104.234.6.128:6900

As you can see, only the IP changes — the service port remains the same. Only the address needs to be updated.

And that's it, your Sentry tunnel is now fully operational. Congratulations! You can now run your server with confidence, knowing that it's protected by TCPShield.

If you encounter any issues during setup or operation, please refer to our Debugging Guide for troubleshooting tips and common pitfalls.