Arma Reforger RCON Terminal

About the Arma Reforger RCon Terminal

Arma Reforger's RCon runs over the BattlEye RCon protocol — a UDP-based admin channel with CRC32 packet integrity. Because browsers cannot speak UDP directly, this terminal goes through a stateless proxy on our server: your command hits the proxy, the proxy authenticates with your server using your RCon password, runs the single command, and returns the response. No session is kept open, nothing is logged, and the connection is torn down after each request.

Enabling RCon in your config.json

RCon is off by default in Arma Reforger. Add the rcon block to your config.json:

{
  "rcon": {
    "address": "0.0.0.0",
    "port": 19999,
    "password": "YourStrongRconPassword",
    "maxClients": 16,
    "permission": "admin",
    "blacklist": [],
    "whitelist": []
  }
}

• address — 0.0.0.0 listens on every interface; 127.0.0.1 restricts RCon to the server host only.
• port — UDP, default 19999. Must be open end-to-end.
• permission — admin (all commands) or monitor (read-only). Case-sensitive.
• whitelist — optional IP whitelist for RCon clients. Leave empty to allow any.

Use our Config Validator to catch the case-sensitive mistakes and port collisions before the server silently fails to start.

Who Can Run Which Command

Arma Reforger splits RCon clients into two roles and in-game admins into three. Most commands require an admin role; only a few are available to every player. The matrix below follows the official Bohemia wiki.

Set the RCon role in config.rcon.permission — use admin for your management UI and monitor for read-only stats dashboards.

Common RCon Command Recipes

> #players
< 123456789 PlayerOne
< 234567890 Griefer42
> #kick 234567890

> #ban create 234567890 86400 teamkilling
> #ban list
< BanID ; Player UID ; Duration

> #restart

> @logout

RCon Troubleshooting

• "Authentication failed" — password mismatch. Retype both sides rather than copy-pasting (invisible whitespace is the most common cause). Check both config.rcon.password and BEServer_x64.cfg RConPassword.
• Login succeeds, commands time out — usually a UDP issue with the command response. Your hosting provider may rate-limit outbound UDP, or a DDoS filter is flagging BattlEye packets. Open a ticket with your host and mention UDP 19999 specifically.
• "(command sent — no response body)" — not an error. #restart, #shutdown, #ban create all ack the RCon packet but never reply with a body. Check the server console log or #players to confirm the effect.
• Command returns "Insufficient permissions" or silently does nothing — your rcon.permission is probably set to monitor. Monitor can only run #players and @logout. Change to admin and restart the server.
• Rate limit (429) — our proxy caps each IP at 30 requests per minute. For higher-throughput automation, run your own RCon client against the server directly from a fixed admin IP.

Related Arma Reforger Admin Tools

• RCon Command Reference — full catalogue with verified/unverified flags and category filter.
• config.json Generator — generate the full server config including the RCon block.
• config.json Validator — catch typos in rcon.permission and port collisions before the server silently fails.
• BattlEye Config Helper — generate BEServer_x64.cfg lines including a separate BattlEye RCon password.

RCon Security Best Practice

• Dedicated password. RCon passwords leak — through screenshots, chat logs, or credential reuse. Never use the same password for RCon, SSH, and your hosting panel.
• Rotate regularly. Change the password whenever an admin leaves your team or a tool-chain vendor changes. Update config.json, restart the server, and update saved credentials in clients.
• Prefer IP whitelisting. Set rcon.whitelist to the fixed IPs your admin team uses. Attackers cannot brute-force a password from the wrong IP if RCon silently drops their packets.
• Monitor the server log. Arma Reforger logs every successful RCon login. Watch for logins from unexpected IPs.

Frequently Asked Questions