Running a private Rust server (pfeiffermax/rust-game-server:latest-oxide) in Docker on a Proxmox LXC. Friends connect over Tailscale, no public ports forwarded.
I can connect fine (I'm ownerid/auth level 2). Every friend over Tailscale gets:
Rejecting connection - Steam Auth Error: NetworkIdentityFailure
kicked: Steam Auth Failed
Server logs SteamServer Connected cleanly at startup, so the server side of GSLS is healthy.
What I've already tried:
+server.secure 0and+server.encryption 0(both confirmed parsed in the command-line echo)- Tailscale subnet router so friends connect to the LXC's LAN IP
- instead of the
100.xtailnet IP. They reach it (tailscale pingworks), Steam still rejects. - Friend launched
RustClient.exe(no EAC) instead ofRust.exe. Same error.
My theory: Steam's GSLS validates the auth ticket against the public IP my server registered with, and the connection arriving from a (Tailscale CGNAT) source fails the network identity check. Radmin VPN reportedly works for the same use case because it uses (DoD space) which Steam treats as ordinary public IP.
Has anyone actually gotten a Steam-auth game working over Tailscale? Considering Headscale with a custom prefix to replicate Radmin's trick, but want to confirm someone's done it before I burn a weekend on it.