Files
punktfunk/docs-site/content/docs/troubleshooting.md
T
enricobuehler 62e0367f4b feat(punktfunk1): configurable data-plane UDP port (--data-port)
The native data plane used a random ephemeral UDP port (hole-punched), which a
strict firewall can't pre-open — so remote clients behind one couldn't connect.
Add an optional fixed data port:

- `Punktfunk1Options`/`NativeServe` gain `data_port`; `bind_data_socket` binds the
  fixed port (→ direct, no hole-punch) or falls back to a random port + hole-punch
  when unset or the fixed port is busy (a concurrent session already holds it).
- `UdpTransport::from_socket`/`from_socket_punch` adopt an already-bound socket, so
  the host keeps the SAME data socket from handshake through streaming — no
  drop-then-rebind window in which a concurrent session could steal a fixed port.
- `main.rs` wires the CLI flag through to `NativeServe`.
- Firewall docs updated (troubleshooting.md + apt/pacman/bazzite READMEs): control
  plane is the fixed UDP 9777; the data plane is a separate random port that usually
  needs no rule, with the fixed-port option for strict firewalls.

Unit-tested: default random+hole-punch, and fixed-port-then-fallback-when-busy.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-05 13:53:54 +00:00

7.0 KiB
Raw Blame History

title, description
title description
Troubleshooting Common problems setting up or using a punktfunk host, and how to fix them.

The host isn't found on the network

  • Make sure the host is actually running (systemctl --user status punktfunk-host, or you see it listening in the terminal).
  • Host and client must be on the same network/subnet. Discovery uses mDNS, which doesn't cross routed subnets or most VPNs-without-multicast. As a fallback, add the host by IP address in your client.
  • A firewall on the host can block it. The native protocol's control plane is a fixed UDP port, 9777 — open this one. The per-session data plane rides a separate, random UDP port and usually needs no firewall rule (see Video is slow to start, or fails across subnets for why, and the one case where opening it helps). GameStream/Moonlight (only with --gamestream) uses TCP 47984/47989/48010 + UDP 4799848010 (video/FEC 47998, ENet control 47999, audio 48000) + mDNS UDP 5353. Allow those on the host's firewall.

Video is slow to start, or fails across subnets

The native data plane (the raw UDP that carries video, separate from the 9777 control plane) uses a random, per-session UDP port — the host binds 0.0.0.0:0, then tells the client which port it got during the connect handshake. There is no fixed data port.

Video flows host → client, but the client sends the first packet: a small hole-punch datagram to that port. This is deliberate. It lets the host learn the client's real (possibly NAT-translated) source address and stream back to it, so a session can cross a NAT or a stateful inter-VLAN firewall without a forwarded data port. What it means for a host firewall:

  • Same LAN, no host firewall (or the port allowed): the punch arrives immediately and video starts at once. Nothing to configure.
  • Same LAN, host firewall that denies inbound (ufw/nftables/firewalld default): the punch is dropped, so the host waits ~2.5 s, then falls back to the address the client reported and streams anyway — a stateful firewall admits the return traffic because the host sent first. Net effect: it works, but each session takes ~2.5 s longer to start. That slow start is the symptom of a data-plane rule you're missing.
  • Across subnets / NAT: the same punch-then-fallback applies, as long as the host's outbound video can reach the client (the path's stateful firewall then admits the return). If the host itself is behind NAT reached only via a forwarded control port, the data path may not establish — this is the case a fixed, forwardable data port would solve.

To remove the ~2.5 s fallback delay, pin the data port with --data-port (or the PUNKTFUNK_DATA_PORT env in host.env) and open exactly that one port. The host then binds that fixed port, skips the punch-wait, and streams straight to the client — no timeout to pay:

punktfunk-host serve --data-port 9778     # or PUNKTFUNK_DATA_PORT=9778 in host.env
sudo ufw allow 9778/udp                    # open exactly that one port

Two caveats. A fixed data port serves one session at a time; a second concurrent session finds it busy and transparently falls back to a random port + hole-punch (logged). And --data-port streams to the client's reported address, so use it only where that address is reachable — a flat LAN, or a port-forward that doesn't remap the client's source. Leave it off (the default) to keep the NAT-crossing hole-punch. On a normal single-LAN setup you can also just leave the data port closed and accept the one-time ~2.5 s punch-timeout, or not run a host firewall on a trusted LAN at all.

nvidia-smi says it can't communicate with the driver

  • The NVIDIA kernel module didn't load. With Secure Boot enabled, enrol the module's signing key: sudo mokutil --import /var/lib/shim-signed/mok/MOK.der, reboot, Enrol MOK at the blue screen (or disable Secure Boot). On Fedora, follow RPM Fusion's Secure Boot steps.
  • After a kernel update the module may need a rebuild — reinstall the driver package.

The desktop won't start, or "GPU … not supported by EGL"

The NVIDIA GL/EGL userspace is missing — the base driver package doesn't always include it.

  • Ubuntu: sudo apt install libnvidia-gl-<version> (matching your driver).
  • Confirm /usr/share/glvnd/egl_vendor.d/10_nvidia.json exists and nvidia-drm modeset is Y.

Black screen / no picture, but the client connects

  • You must be on a Wayland session, not X11 (check the login-screen session picker).
  • KWin must be ≥ 6.5.6 (kwin_wayland --version); GNOME ≥ 48; gamescope ≥ 3.16.22.
  • Confirm PUNKTFUNK_COMPOSITOR in host.env matches your desktop.

Capture fails: "Session creation inhibited" (GNOME)

A locked GNOME session blocks screen capture. On an always-on/headless host, disable the lock:

gsettings set org.gnome.desktop.screensaver lock-enabled false
gsettings set org.gnome.desktop.session idle-delay 0

See Running as a Service.

A controller is detected but does nothing (Bazzite)

The host user needs to be in the input group. On Bazzite:

ujust add-user-to-input-group

Then log out and back in. On other distros this is sudo usermod -aG input $USER + re-login.

Pairing is rejected / the client can't connect

  • The host requires pairing by default. Arm pairing from the web console, then enter the PIN on the client. See Pairing & Trust.
  • If you re-installed the host, its identity changed — re-pair the client.

Stutter, drops, or high latency

  • Lower the bitrate. On a busy or Wi-Fi link, the requested bitrate may be too high — the native clients' speed test picks a safe value; with Moonlight, set it manually.
  • Prefer a wired connection or 5 GHz Wi-Fi between host and client.
  • Streaming to many devices at once shares the GPU encoder. The host serves several concurrent native sessions (up to 4 by default); heavy load is usually bitrate-bound, so lower the bitrate first.

Windows: "punktfunk Virtual Display" shows Code 10 in Device Manager

Sessions end with "pf-vdisplay driver interface not found" and Device Manager shows the punktfunk Virtual Display device failed with Code 10 (STATUS_DEVICE_POWER_FAILURE).

This means your Windows version is too old. The virtual-display driver requires the IddCx 1.10 driver framework, which first shipped in Windows 11 22H2 (build 22621) — on Windows 10 (including LTSC) and Windows 11 21H2 the driver installs but cannot start. Reinstalling won't help; the fix is updating to Windows 11 22H2 or newer. (Current installers refuse to run on older Windows for this reason; if you see this, the host was likely installed with an older installer.)

Still stuck?

Run the host with RUST_LOG=info (or debug) and check journalctl --user -u punktfunk-host for the error around the failed connect or capture.