The Network Theory
A computer or any equipment connected to Internet has an IP address attributed, and connections can be sent or received by your computer (more exactly from your network card) by Ports, which are virtual elements that you can't physically see or touch (there are 65635 of them, don't try to find them in your computer's case).
When you execute a connection, you are the client, but if you receive the connection, you are then the server, which implies that some of your ports must be opened and on a listening state.
Theses 65635 ports act as gates, they can be either all closed, all opened, or some closed and some opened, that's called exceptions. Theses ports exceptions are managed by a software called Firewall.
Firewalls can be encountered at different levels on the path of your connections.
▬ There is almost always one that comes with your system (Windows Firewall) .
▬ Sometimes, you might have a security suite antivirus + anti-spam + firewall ...). Theses software sometimes have an active firewall.
▬ Your home internet connection is brought by your ISP, and the equipment (modem) they lease you is a Router/Modem, or at least acts like it, assuming that it also has an active Firewall, and more or less networking abilities, than a simple modem.
Basically, all the ports managed by a firewall will refuse all incoming connections if you are the host (so the server), either on your computer's firewall, or router's firewall.
Router usage is multiple; it allows you to share an Internet connection between several computers. A router has its own ip address in your home LAN, and your computer will then be attributed a local ip address by the router.
With the router's ip, it's configuration become possible (and it's firewall's), you can access it by the local side, and not the other side, the public one, Internet, where you are seen as another ip, your public ip address (attributed by ISP).
You might then have 3 probably active firewalls in your router and your computer, which could cause you connecting problems, hosting problems or joining problems (Italic / black box / NAT firewall warnings on gameranger or voobly).
the Voobly fast proxy is used when your ports are not correctly configured, having your ports and firewalls fully configured will allow you to use NAT Direct Tunnel mode in Voobly, which is the fastest.
Configure the router firewall ports
To be able to play online Age of empires 2 on Gameranger and Voobly, we will open / redirect specifics ports used by AOE2, and by the multiplayer software you want to use, both on computer's firewall and router's firewall.
A single connection can be executed either in TCP or in UDP protocol (TCP is more reliable, UDP is faster).
Ports to open are the following:
For Age of empires 2 : ports 47624 on UDP, and from 2300 to 2400 on TCP and UDP .
For Gameranger : port 16000 on UDP (gameranger network support)
For Voobly : port 5000 on UDP (Voobly NAT Traversal)
Note that you can edit voobly options > settings > Nat traversal to also use port 16000.
If your firewall doesn't let you make ports ranges (like 2300 to 2400), simply enter port number 2300 on TCP and UDP.
Configuring the computer's firewall is easy. Go to Network connections, in your start menu, or via the computer's control panel.
You can see your connection devices, Local Area connection (network cable), and possibly Wireless local network connection (wifi).
You have 1 local ip address by connection, which means, one local IP for the cable connection and another one for the Wifi connection.
Firewall exceptions that you create will redirect the ports to one or the other of theses connections. Ensure that the ports are forwarded to the correct connection / IP address.
Choose the connection that you use (cable or wifi, cable is recommended as its way faster), and observe the connection's icon, if a padlock is visible, the firewall is active.
To configure this firewall, do a right click this connection icon and click on Properties, then click on Advanced , and on Parameters, in the sub menu saying Windows Firewall.
Here you can enable or disable totally the firewall, disabling it is not recommended, so click on Exceptions tab. You are now to the main firewall configuration window, with the list of active exceptions.
If an Age of Empires 2 exception is here it is probably a program exception, in this case don't change anything (you probably allowed this program before, when the firewall asked it).
Click on add a port..., and in the new window that popped up, in the name field, type aoe2 udp (or whatever you want, its an optional name for the exceptions list).
In the next field, Port number, enter 47624, and then click to select UDP. This is how you add a port exception. Following this way, open the ports needed :
▬ Name = aoe2 udp, port = 47624 on UDP
▬ Name = aoe2 tcp1, port = 2300 on TCP
▬ Name = aoe2 udp1, port = 2300 on UDP
▬ Name = Gameranger, port = 16000 on UDP
▬ Name = Voobly, port = 5000 on UDP
At this step, you should see your 5 exceptions in the list aoe2 udp, aoe2 tcp1, aoe2 udp1, Gameranger, Voobly.
If you see them, your computer firewall is now configured. Click now on OK on all the windows to clearly confirm all the changes, and come back now to the network connections window.
Until now, it has been easy, but router's firewall is a bit more difficult to configure. We need first to get the exact ip address of your router.
Still on your Network connections window, re-do a right click on the connection's icon that you just configured, and this time, click on Status, and then click on the Support tab.
The ip address you see at the Default Gateway line is your router ip, in the Ip Address line, it is your computer local ip address. Let's assume this ip is 192.168.1.1 in our example.
To access your router's configuration page, start your web browser, type http://192.168.1.1 (Your actual Default gateway) in your browser's address bar, then press Enter, you should see your router login page.
Most routers have a default password which can be either admin, ADMIN, an empty password, or something else, according to the router you use. You can find the default password for most router models with pages like routerpasswords.com.
Once you know your router's password, enter in the router's configuration, you must now search and find in the menus a section that can be called as NAT, Administration, Firewall, or Security, Port Forwarding or maybe Virtual Servers, or something else. More information on portforward.com, guides and manuals for many routers.
Despite that all the routers have the same options, they are all different, and theses options can have either a different name or a different location in it's menus, so explore everywhere in your router, searching options' names suggested above.
Once you've found the firewall section (or its equivalent), you should see a menu, looking like the computer's firewall one, which means there will be text fields, in which you will have to write the ports number to redirect, with the associated protocol (TCP, UDP or both, if you router supports it).
Main difference with the computer's firewall is that there are extra text fields, in use for the local ip address (the computer) you want to redirect router's ports to.
Yes, since the router is used to share the connection between several computers, you have to specify the computer by its local ip address, that you can get as explained before, Network connections, right click on connection's icon, Status, and Support tab, the ip address is the one on the line IP address, the one you have to specify in router's firewall settings as local ip, along with the ports numbers.
Once you created the 5 exceptions (Gameranger port, Voobly port and the 3 AOE2 ports) in router's firewall, your second firewall should now be correctly configured. You might want to run the options > Network Diagnostics when you are in a Voobly lobby.
Antivirus / Security suites users
Once your 2 firewalls are configured, the road should be clear, but you will have to control that in your antivirus or security software options if there isn't a firewall running.
If yes, keep in mind that Windows Firewall, and your router's Firewall might be active, so it's 3 firewalls, including 2 on the computer. You should pick one to use, and disable the other ones.
If you decide to use your antivirus' firewall rather than Windows Firewall, you will have to configure it, and recreate the programs / ports exceptions, like explained before (you should be able to do it following explanations relative to Windows Firewall above).
Having 2 active firewalls on your computer is not really efficient in terms of performance, you get more to loose in connection and execution time, than to gain in security (this would make 3 actives firewalls including the router's one). Each new barrier will make the connection time longer (which might make you a late joiner). Also, if your antivirus does a continuous scan on everything incoming or outgoing, this might slow the connection, lag your/other's game.
When you play a 8 players game, each of them having 200 population, its 1600 units to be managed by the game.
Because of that, you are advised either to exclude GameRanger, Voobly and Age of Empires II of theses continuous scans, programs that are anyway known and trusted, by disabling some components in your antivirus like an eventual resident network scan, or file scan.
You must imagine the road taken by the data, when it arrives:
▬ Router, port check by the firewall, and redirection to the local ip address ( the computer )
▬ Computer, port and program check by the computer's firewall
▬ Eventual antivirus, scanning incoming data
▬ Connection allowed
If a problem occurs, then its somewhere in theses steps . But if u managed to assimilate and do what we explained, you should nott have problems anymore either to host games, or to join games, in a fast way (fast joiner).
This part concerns you if you have several computers or equipments (for instance a game console) connected in your router, you will then have to set 2 or 3 more things to ensure rules are applied to the correct computer.
As its been said, the router creates the local network, and attributes local ip addresses to the connected devices. By default, ips are attributed in a automatic way, this local ip / computer association is kept valid for a given time after the device disconnection or it's shutdown. This time is called Leasing time.
Now, assuming that this Leasing time is 30 minutes, imagine that you shutdown your computer, then you shutdown your console ( or any other equipment ) for more than 30 minutes; all the leases computer / ip address will be canceled, which means that at this point, if you switch back on the console before the computer, it will be attributed the local ip address that have been using by your computer, before you switch it off, the same local ip address to which you created the firewall rules and redirected the needed ports.
And in this case, router's needed ports wouldn't be redirected to your computer anymore, but to your console, which is not what we want.
You have to ensure that the computer you want to use to play has always the same local ip address attributed, the one to which the ports are redirected ( in our example, 192.168.1.2 ).
The option in your router's configuration pages is called DHCP, it is representing the service that managing the ip address automatic attribution, and theirs leasing times. 3 solutions are possible:
▬ In DHCP options, you can edit the Leasing time, and you can set it to forever, this means the computer will always be attributed the same local ip that he actually uses, regardless of time constraints, even after it's shutdown ( this implies your computer has already the correct local ip attributed, the same one we used to redirect the ports to).
▬ This is the safest solution, also the hardest one.
Still in your router's DHCP options, you can notice that you can change the range of local ip available for the attribution, this solution consists in exclude from this ip addresses range the ip address you wish to be used by your computer.
Assuming that your router (ip 192.168.1.1) allows 20 automatic addresses, you will have to change in the editable DHCP options, FROM 192.168.1.2 TO 192.168.1.22, for instance. You can:
► leave this ip addresses range as it, and choose a local ip address 192.168.1.23, which is out of the range (you will have to edit router's firewall exceptions with your new local ip if you choose that solution).
► leave your ip address 192.168.1.2 as it, and edit the ip range by excluding this ip, redefining the ip range as : FROM 192.168.1.3 TO 192.168.2.22 , to keep 192.168.1.2 free.
Whatever is the solution you choose, your computer won't be automatically attributed an ip address anymore, which will avoid ip address conflicts; similar ip addresses in the same network.
But your network card, that is most likely auto-configured, must be now be manually configured in order to attribute a static local ip address to it.
Come back to the Network connections window, and right click on the connection icon, then click Properties.
In the sub menu This connection uses the following elements, you have various components working with your connection, including, in the list, Internet Protocol ( TCP/IP ), double click on this option . The default choice for it should be get an automatic ip address, or something like that (which we don't want).
click on Use the following ip address, and in the ip address field, write the ip address you want according to the method you chose (in our example, ip 192.168.1.2 or ip 192.168.1.23).
The line Subnet mask should auto-complete itself once you entered the ip address ( most of time 255.255.255.0).
For Default gateway, and the next sub menu, selecting Use the following DNS server address, enter your router's ip address (in our example, 192.168.1.1, your router is also the DNS server of your local area network).
This is basically the same automatic configuration, but we remake in a static way, that doesn't change, so your firewall rules keep being active on your computer, independently of shutdowns.
▬ The third solution is called Static DHCP, but not all routers support this feature. Nevertheless, if your router supports it, it tends to be the best and the simpliest solution.
Any device connectable to Internet ( Wifi network card, cable network card, for instance ) has a physical address that never changes, like a serial number, which is also called MAC address, and is in an hexadecimal format 00-00-00-00-00-00.
Static DHCP simply consists in associating the MAC address to the local IP address.
As this MAC address never changes, neither the local ip address attributed will, moreover, this Static DHCP configuration lets you keep an automatic configuration for the computer connection ( no need to configure it manually like the second method, and also no leasing time problems ) . But as said above, all the routers doesn't offer this function.
▬ Avoid to download files while you play.
▬ Consider closing opened programs in the system tray, and eventual web pages, and if you still lag, consider disable antivirus temporarly while you play.
▬ Prefer a connection with network cable, eventually disable your Wifi network card, in the Network connections window.
▬ When you are in game, read what others say, they will either call you by your nickname, or your player number ( p3, p5 ... ), or your color.
If they call you that's because you need either to change your color or to re-set your team, and to click i'm ready so the host can launch the game.