Upgrade to 2.1.3 = No UPnP
-
My Oknyo needs Upnp to communicate with the mobile apps and according to my wife this breakage is WWIII. I also read in this topic that a xbox needs upnp for whatever reason.
-
If it's a matter of life and death, install the "system patches" package, then go to system->patches, click add ("+"), pick a description and put the following into the URL/Commit ID field:
https://github.com/pfsense/pfsense/commit/d973a602abeab78803fce467198c571ba25ec0cb
Also check the "auto-apply" box. Then click save, click "test", and click "apply", go to services->upnp, make sure "Listen on interface instead of interface's IPv4 address" is not checked, click "change", and everything should work as before again.
-
Thanks!!
-
You should be aware that the upnp implementation in pfSense, using miniupnpnd, only opens ports through the firewall. It does not do DLNA service discovery or anything like that. In other words only Internet Gateway Device not anything else listed here: http://en.wikipedia.org/wiki/Universal_Plug_and_Play
You should check what your receiver is doing that requires upnp on pfSense. About the only thing it could be doing is opening itself up general access from the internet.Steve
-
@stephen: That's what I was wondering about. I can understand an XBox needing specific ports for game matchmaking (even that is old-school) but an audio receiver? Those things are the last ones (with smart TVs etc.) I want to have access to the internet. Just my 2c.
-
I imagine it's so the companion app that was mentioned can access the receiver even if the phone is not on the local network. (Now, why you'd want to control a receiver from outside the home, I really don't know.)
-
I guess if it's some 'cloud' style control service. Seems like either lazy programming or a great excuse to monitor exactly what all your users are listening to. ::)
A common complaint with these types of apps is that they are streaming locally but use DLNA to 'find' the receiver/TV etc, there is no way of entering the IP address manually and it won't look outside it's own subnet. It's possible to proxy the DLNA discovery and announcement packets or to act as the 'directory' (for want of the technical term) across subnets and but pfSense cannot do that. miniupnpd is not designed to do that. Unfortunately all of these functions and more get lumped together under the term UPNP and people assume it can.Steve
Like this:
http://forum.eu.onkyo.com/viewtopic.php?f=53&t=67 -
She doesn't use it outside our lan, but that stupid My AV and Onkyo Remote app only works if uPNP is enabled. I've tried without it and it simply doens't work. She uses it to run shoutcast, TuneIn and Spotify on the receiver. This is the newest model that has all those apps on the receiver itself. With the remote app you can very easily control those apps.
-
Sounds like a pretty cool device. Watch out for someone finding an exploit in it though. ;) It's exactly the type of 'internet of things' style device where functionality is way ahead of security.
Take a look at the pfSense upnp status page, what is it doing? Is it the app or the receiver that's opening holes?
Consider locking down your upnp config so that only that device can do anything.Steve
-
Thanks for the tip! The receiver itself is freaking awesome. Picture quality and sound are superb and the DLNA function is also handy :)