Upnp issue
-
Hi,
I have configure Upnp and NAT to allow multiple XBOX to play together in the same network with no issue at all.
Also I setup the WAN to be through PPPoE to prevent double NAT.
My internet provider change the WAN IP minimum every 3 days.
When the WAN IP get changed, Upnp get broken and not work properly, and games start to act weird (not join game for example).
The only solution I have is to go to Services > UPNP > Disable then Enable.
I know this is not optimized solution , but I'm looking for a practical one.
Thanks,
-
@Yasir I think this is a limitation of miniupnp used in pfsense and perhaps it's worth it requesting a feature upgrade...
A workaround would be to create a script that restarts UPnP whenever the WAN changes or is initiated.
-
DISCLAIMER: I am not a gamer, but I have been told others have used a MESH VPN. UPnP and port forwarding creates point of entry for hackers to compromise your network, and is not recommended by security professionals.
Example:
You only need one instance of Tailscale client running on each network (Windows, Mac, *nix, *BSD, Apple TV, etc.) and advertise sub-net routes to access any IP based device on any network. You can use the Tailscale assigned IP or if each network is on a unique sub-net, you can reach any IP based device using it's local LAN IP address (assuming it has either a static IP or assigned a static DHCP reservation). Tailscale has a free tier with 3 users/100 devices, and clients for almost every OS on the planet. Tailscale will traverse any level of NAT, including CGNAT, and does not require a static public IP address or require any open ports.
-
@elvisimprsntr said in Upnp issue:
port forwarding creates point of entry for hackers to compromise your network, and is not recommended by security professionals.
Sure thing, but sometimes we may have to do that, if we host servers for example.
And games are a quite particular about ports and the way they are used. Specifically when you play online, you want what is often referred to as Open NAT. Which is from the perspective of the game vs the servers and other players. And unless you have some specific ports open, during the game session, you may or may not be able to play online. At the very least you will most likely not be able to host a game to play with friends for example.
I don't really see how Tailscale would be useful for this?
And generally speaking, using any VPN when playing games would typically increase latency.The way UPnP has been implemented in pfsense makes it as secure as it possibly can be. At least if you use ACL settings correctly. Then it will only be the selected IP's, in this case the XBoxes, that can request ports to be opened and it would only be the ports needed (specified).
I only have ports 3074-3076 and 28960-28963 available on request to 2 IP's in my network, that's it... And that is all it takes for CoD games to get Open NAT. -
@Gblenn I do ACL and such , but the issue is with miniupnp when WAN IP changed the upnp get broken and game act weirdly and cannot join games until I disable/enable Upnp in GUI service settings.
Also script is not practical because it will trigger the miniupnp in the CLI level and will have 2 upnp service enabled which make things more complex.
-
@Yasir Yeah, well unfortunately that's the way it's implemented so unless you can push for and get an update/improvement of the implementation, a script is the only other solution.