2.4.5 broke UPNP

DmacDude

@stephenw10

I figured out my screw up on the vpn. 1) because of google not passing external ip address I had to do custom on the vpn to manually put in the address. The default option put in google's 192.168.x.x. Hopefully the ip doesn't change often, or I am screwed. If there is a way to put in the network automatically that would be helpful.

2. The tunnel network is a different network than any you are using. My network starts at x.x.x.10. So I thought I could do just the small 2-9 ips. I was wrong, had to do another network.

So now everything works.

I don't know how many pfsense google home users you have but they are all screwed with miniupnpd. I have a few xbox's so I'll have to deal with that at another time that I am in the office.

Thanks again for your awesome help!!!

Bob.Dig

According to tixati, a torrent app for Windows, UPnP is not working on 2.4.5 for me. I did this test on 2.5.0 before and it also wasn't working.

Spoiler

@stephenw10 said in 2.4.5 broke UPNP:

It does look like this is a change to the minipnpd daemon that will not open a connection when the client requests a public IP if it does not have one to give. You might be able to override that by giving it a public IP to pass as suggested.

My ISP is using 1:1 CG-NAT for IPv4 (100.65..). I can open ports though and pfSense uses the "true" internet-IP for DDNS and stuff.

stephenw10

Hmm, interesting. Kinda seems pointless them using CGN if they are 1:1...

But, yes, this will fail if your WAN is not public until we get a fix for it.

Steve

Bob.Dig

@stephenw10 said in 2.4.5 broke UPNP:

Hmm, interesting. Kinda seems pointless them using CGN if they are 1:1...

Thank goodness it is pointless.

stephenw10

You can edit /var/etc/miniupnpd.conf and add ext_ip=x.x.x.x.
Of course that will be lost is you make any changes to the upnp config etc but it should at least allow it to start for now.

Steve

Bob.Dig

@stephenw10 That didn't do it for me:

Spoiler

stephenw10

Hmm, you still see errors from miniupnpd logged?

Bob.Dig

@stephenw10 I anonymized it.

Apr 11 22:47:50 	miniupnpd 	87475 	HTTP listening on port 2189
Apr 11 22:47:50 	miniupnpd 	87475 	HTTP IPv6 address given to control points : [2a02:2450:x:x:x:x:x:x]
Apr 11 22:47:50 	miniupnpd 	87475 	setsockopt(udp, IPV6_RECVPKTINFO): Invalid argument
Apr 11 22:49:17 	miniupnpd 	87475 	shutting down MiniUPnPd 

stephenw10

Hmm, you're using IPv6? And that worked in 2.4.4p3?

stephenw10

You might also try this: https://forum.netgate.com/post/901337

However it looks like maybe you are hitting something different.

Steve

stephenw10

Adding the ext_ip line works for me, I looks like you're hitting some other issue:

steve@steve-MMLP7AP-00 ~ $ upnpc -s
upnpc : miniupnpc library test client. (c) 2005-2014 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://172.21.16.1:2189/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found a (not connected?) IGD : http://172.21.16.1:2189/ctl/IPConn
Trying to continue anyway
Local LAN ip address : 172.21.16.5
Connection Type : IP_Routed
Status : Connected, uptime=17s, LastConnectionError : ERROR_NONE
  Time started : Sun Apr 12 00:45:45 2020
MaxBitRateDown : 1000000000 bps (1000.0 Mbps)   MaxBitRateUp 1000000000 bps (1000.0 Mbps)
ExternalIPAddress = 1.2.3.4
Bytes:   Sent: 2881492721	Recv: 853789240
Packets: Sent: 36156776	Recv: 52749504

Steve

stephenw10

Ha, I should have read the bug report more carefully.

So no need to edit the file, you can create that line from the webgui using the override WAN IP field anyway. But it still doesn't work because: https://redmine.pfsense.org/issues/10398#note-2

Steve

Bob.Dig

@stephenw10 Thanks Steve, Let's hope it'll get fixed ore something is done like "Merlin" did, which is btw a great product(-enhancement).

Bob.Dig

So they probably fixed it, to bad I can't test it myself, because I have no clue how I would and don't asky my why I have an account on github in the first place...

stephenw10

...my account on github is only for complaining...

UTxCipo

Hi folks, I've just solved that issue setting the WAN interface as PPPoE.

stephenw10

It allows you to use a private IP as WAN for UPnP?

How do you get the IP if that's the case?

Steve

UTxCipo

@stephenw10 while trying, I've put in the operator router IP, and the WAN ip itself, UPnP in some case had started to respond but my services was still closed in...

With PPPoE the WAN interface now shows the operator router public IP

stephenw10

Oh you mean like PPPoE pass-through on the ISP device? So pfSense gets the public IP directly?

That would certainly do it but it's not usually an option. If it is you should be doing that anyway.

Steve

UTxCipo

@stephenw10 I mean here:

Nothing was done within the ISP device. :)