Enabling UPnP causes packet loss
About a week ago I noticed a serious problem. I was seeing packet loss between my router and a secondary gateway on my LAN on the Gateways dashboard widget. After some testing I realized that all devices pinging my router would get ~20-30% packet loss, which also explained why my internet was acting strange on VoIP sessions.
After much testing and a complete fresh install of pfsense I've now narrowed it down to the miniupnpd service. When I enable it, the packet loss immediately returns. I don't see anything of relevance in my logs. While disabled, the router has been running fine for about a week under normal load.
I have a pretty basic setup: My Lan is on a LAGG (but the problem is the same if I break the LAGG and use a single eth for LAN). I have a static route added, one additional gateway on the LAN. I run a OpenVPN Client, and OpenVPN Server. No IPv6. Fresh install of offense with update to 2.3.3-RELEASE-p1. No packages except OpenVPN Client Export. Hardware is less than 3 months old.
I would like to see UPnP re-enabled on my network. Any ideas that could help?
I doubt your voip would be even usable with 20 to 30% packet loss.. And enabling UPnP makes zero sense.. Is something creating some sort of rules via UPnP - if so what.. You can see them in the UPnP section of pfsense.
So when you say you have a secondary gateway.. You mean a downstream router in your network - and its connected via a transit network? Or does it connect via your lan that you have hosts on?
Thank you for the reply.
My additional gateway is simply a separate network on my LAN, a video network that has very little traffic being routed between it and my primary lan. I'm not as advanced as you, so my apologies if I'm using the wrong terms.
The packet loss between my primary (pfsense) router and the second gateway was only what alerted me to the problem. There was no packet loss between my router and the WAN. Once I diagnosed further, I realized that any LAN based device was experiencing packet loss to the pfsense router (and vice versa). This happened only when uPNP was turned on, and without even any port mapping rules being established by any client.
In testing further yesterday, I found out that the problem only occurs when DLNA is enabled on my WAP while uPNP is enabled on the pfsense router. If one or the other is disabled, network seems to be fine. Very frustrating. Even if I do have a rogue device on my wireless network, it shouldn't have this affect.
I don't absolutely need uPNP enabled. I just find this annoying and want to identify the cause. Let me know if you have any more ideas.
DLNA on a wap?? huh?? What are you using as a wap, and what exactly are you enabling?
It's a DLNA content filtering feature, allowing or prohibiting clients from consuming or advertising DLNA services. The WAP is a Aruba. It's part of their AirGroup feature.
So I take it your enabling it and this is causing you problems? Or you say when you disable it then you have problems?
Configuration causing problems:
#1: DLNA enabled on WAP clients, uPnP enabled on router
Configuration seemingly not having problems:
#2: DLNA filtered / disabled on WAP clients, uPnP enabled on router
#3: DLNA enabled on WAP clients, uPnP disabled on router
I'm currently operating under configuration #3 and not noticing any issues.