Pretendo not working with DNS settings method

[Silcat7794]

I'm trying to play Splatoon online, but it doesn't work. I tired MK8, and it also didn't work online.

[johnjelinek]

Same here, "A communications error occurred." Any updates on this?

[Silcat7794]

I think they only respond on discord? I would ask on there but I don't have discord

[xlados]

SSSL has been broken for weeks, i would just mod your wii u, it takes like 10 minutes at most is very easy and youll not only get the most out of pretendo that way but get the most out of your console. if you genuinely 100% have no means of doing that then you're out of luck until they work out why SSSL broke in the first place :p

https://wiiu.hacks.guide/

[Silcat7794]

Dang. I would mod my Wii U, but I'm a bit worried that I'll do something stupid and brick it. I do plan on having a friend give me his Wii U (he doesn't want it, and the memory is getting bricked) so I can "practice" hacking it then do it on my own.

[johnjelinek]

I don't get the impression that SSSL is broken. I am able to create a Network ID and login via the WiiU. The issue must be with communicating to the splatoon auth server. Is it communicating in a different way with homebrew method?

[Silcat7794]

It's not just Splatoon. I have MK8, and that doesn't work online either. I guess only the account side to it works?

[jonbarrow]

I don't get the impression that SSSL is broken. I am able to create a Network ID and login via the WiiU. The issue must be with communicating to the splatoon auth server. Is it communicating in a different way with homebrew method?

Correct. SSSL is not broken. There's no real way for it to break. It's an SSL exploit on the console, nothing short of a firmware update will ever break that.

The issues in Splatoon are simply because our BOSS server is undergoing maintenance/upgrades right now.

It's not just Splatoon. I have MK8, and that doesn't work online either. I guess only the account side to it works?

I've verified other games working besides Splatoon working just fine even with SSSL recently. You can also check your connection to the friends server.

The actual connection to game servers has nothing to do with SSSL. Game servers use an entirely different protocol.

[xlados]

rly? i heard in the announcements of the pretendo server that SSSL wasnt working rn

from may 4th: "SSSL doesn’t work because BOSS and SpotPass issues. There is no estimated timeline on a fix. As of now the only known solution (that I have heard of) is to HomeBrew your console and use Pretendo that way. I am sorry for any inconvenience this may cause.

Condolences, Luni Moon"

[jonbarrow]

rly? i heard in the announcements of the pretendo server that SSSL wasnt working rn

from may 4th:

"SSSL doesn’t work because BOSS and SpotPass issues. There is no estimated timeline on a fix. As of now the only known solution (that I have heard of) is to HomeBrew your console and use Pretendo that way. I am sorry for any inconvenience this may cause.

Condolences,

Luni Moon"

To start, Luni is not a dev and was told not to make announcements like this after they sent that.

Secondly, as I said Splatoon only has issues due to the BOSS server being under maintenance.

[xlados]

well thats my bad then, sorry abt that :p i did see after going back to read that that they weren't a dev so thought that might be the case... i kinda wish another announcement had been made correcting that tho

[johnjelinek]

What is the BOSS server? It sounds like if that's under maintenance, then it would impact homebrew WiiUs too. I'm devops (with golang experience), anything I can help with before my vacation is over?

[johnjelinek]

Ahh, I see, the SpotPass server. Looks like this issue is a duplicate of: https://github.com/PretendoNetwork/.github/issues/47

[johnjelinek]

On the question about homebrew WiiUs working for Splatoon and MK8: So, it looks to me like Nimble has a subset of patches from Inkay (both are Aroma modules). In both cases, it patches a list of URLs to hit for network communication, so DNS trick isn't necessary. However, some included patches cause games to not even communicate with some endpoints.

It seems to me that this means homebrew WiiUs have skipped the problem area. But the DNS trick has to have a reverse engineered solution (ie: all the hostnames have to be proxied/implemented) before it will work.

Did I get that right?

[johnjelinek]

If it was working previously via SSSL/DNS, then this is prolly the issue: https://github.com/PretendoNetwork/BOSS/issues/8

[jonbarrow]

If it was working previously via SSSL/DNS, then this is prolly the issue: https://github.com/PretendoNetwork/BOSS/issues/8

It's a combination of things, but yes this is one of them.

The original issue was a misconfiguration on the BOSS server which prevented the SSSL nginx server from communicating with the BOSS policylist endpoint. The policylist is downloaded at boot and is used to tell the console how to configure BOSS, such as which background tasks to enable. This was not caught initially because Nintendo's policylist was still being successful downloaded in these cases and at the time it was allowing BOSS to function as normal. Shortly after the shutdown, Nintendo changed their policylist to disable BOSS. This prevents any games which use it, such as Splatoon for rotations, to stop working as no titles would attempt to download their SpotPass data. This only affected SSSL users, as homebrew users didn't have to pass through the SSSL nginx reverse proxy.

After the release of SPR we found that the existing servers box was not sufficient for its load anymore, as it would eat through so much system resources that Mongo would crash. This issue affected all users, as it's an issue with the BOSS server.

At this point the misconfiguration was still not caught. @ashquarky then fixed their fork of HokakuCafe for 5.5.5+ users, which added the ability to intercept HTTPS traffic (a proxy server was not usable, since it wouldn't replicate the results). This revealed the configuration issue after seeing the policylist failed request.

We have since moved BOSS to a better box with around 4x the resources. This, temporarily, fixed things for everyone since now we had more resources and the misconfiguration was fixed. I tested it myself, and even had beta testers verify this. During this test, ONLY the policylist request was hitting the new server box.

We then shut off the old server and pointed all BOSS requests to the new box. This is why I suggested rebooting to get new DNS records in the announcement.

However now that the BOSS server had gotten more stable, more people were able to upload SPR data which has resulted in the issue you just linked.

[Silcat7794]

Hi again, according to the picture you included, SSSL for Splatoon works now...?

[jonbarrow]

Hi again, according to the picture you included, SSSL for Splatoon works now...?

Please read my response in full. As stated there are still issues, and that the screenshot was part of an isolated test.

[Silcat7794]

Ah, ok. I didn't understand it properly. 😅

[johnjelinek]

What are your costs for running mongo? Might it be worth exploring alternative Document DBs?

[jonbarrow]

What are your costs for running mongo? Might it be worth exploring alternative Document DBs?

Mongo itself is not the issue here. It's just being used poorly. Indexes would solve these issues, and there is no database where things like indexes are free. We don't have to swap databases, just decide where to use indexes to get the best performance.

[johnjelinek]

Sure, I wasn't suggesting about it based on a performance impediment perspective (I agree with the index improvements), but a cost-perspective. Like, upgrading to 4x the resources sounds expensive. But like, a mongo-compatible managed solution maybe doesn't come with an equivalent cost spike.

[jonbarrow]

Sure, I wasn't suggesting about it based on a performance impediment perspective (I agree with the index improvements), but a cost-perspective. Like, upgrading to 4x the resources sounds expensive. But like, a mongo-compatible managed solution maybe doesn't come with an equivalent cost spike.

My apologies, I thought you were asking about resource costs (since that's what I had mostly been talking about) not budget costs.

There weren't any cost increases, actually. When Pretendo started in 2017 we used DigitalOcean for all of our services, but the pricing at DigitalOcean is no longer competitive. We've since begun a (slow) migration to Hetzner, specifically their ARM boxes. We use a mix of their CAX11 and CAX21 options. CAX21 is what the BOSS server is currently running on, and has 4-8x the resources (depending on which you're looking at) as the original DigitalOcean Droplet for the exact same price.

The original Droplet had only a single vCPU available, a single GB of RAM, and 25GB of storage. This was actually more than enough for our needs pre-SPR, since all the server really needed to do is service some static content.

However I drastically miscalculated how much SPR would affect things. The new CAX21 box on Hetzner has 4 vCPUS, 8GB of RAM, and 80GB of storage, to account for the new SPR requirements. For the same price.

We have plans to move from the VPS boxes Hetzner offers though and into dedicated hardware "soon", @SuperMarioDaBom has brought up wanting to finalize those plans with the rest of the team at some point.

[jonbarrow]

This should be fixed. Confirmed working myself and with a beta tester.

Note that any error BESIDES 104-XXXX is not related to this issue.

Will close once confirmed by others as well.

[Silcat7794]

Wait, just to verify, the whole issue is fixed? I mean, SSSL works again?

[jonbarrow]

Wait, just to verify, the whole issue is fixed? I mean, SSSL works again?

[Silcat7794]

Oh, awesome! Thanks so much!

[johnjelinek]

Thank you!