UPnP not allowing multiple PS4s.
Ok so first off, I have been researching this for the better part of 2 months. I'm baffled, I have no idea why this is consistently happening.
(Also wasn't sure if this went under this section of the forum or the gaming section, sorry in advance.)
(Can an admin move this to the gaming section, might help get this post more attention, thanks.)
The problem is that either UPnP is not responding correctly or a setting that I am completely unaware of is incorrectly set. It seems that specific games / services use it differently. So, what may work for you, may not work for others. It seems that all home routers handle this just fine. Which leads me to believe that the problem is somehow part of UPnP not communicating the way that it should to specific games. (Keep in mind, I am pointing my finger at UPnP because that is what looks like to be the weak link in the chain. I often wonder if there is another setting that these odd games depend on that is not obvious in the information online.)
This has been a problem on 2.3.3 and the previous versions.
I'll list the problems and symptoms in order of discovery.
Keep in mind, this first console to request the ports goes the spoils, the rest suffer.
I limited the info down to turning on two PS4s, adding more didn't change the results.
The IP addresses in the UPnP Listing are turned on in the order of .9  then .74 . I own more PS4s but that only yielded the results you would expect.
Voice chat in the game "Tom Clancy's The Division" only works with one console at a time.
Testing the Network settings provide a good status. ONLY IF they are tested a small amount time separated from each other.
Testing the Network settings immediately one after another forces all PS4s after the first to report problems (or Type 3, rarely)
Playing the game "Star Wars: Battlefront (2015)" only allows the first console to enter a game. The others just error out.
Any PS4 after the first is only able to get a random port for a PS4 party (Image: Port 55136). Nothing else.
Port 9308 is obtained by First system startup. (ports image)
Port 9307 is obtained by First system joining a PS4 Party. (ports image)
Port 3659 is obtained by First system Running "Star Wars: Battlefront". (ports image)
Port 55136 is a random port obtained by a subsequent system joining a PS4 Party. (ports image)
All game consoles work perfectly fine on a Linksys EA4500.
All game consoles work perfectly fine on a Synology RT1900ac.
There may be more games and applications that are affected, but, i'm assuming this probably covers all the bases.
I also found a program that "Tests UPnP" so heres the output:
TEST 1 - Operating System Support - PASSED
TEST 2 - SSDP Service Running Check - FAILED
TEST 3 - SSDP Service Automatic Check - FAILED
TEST 4 - UPnPHost Service Running Check - FAILED
TEST 5 - UPnPHost Service Automatic Check - FAILED
TEST 6 - UPnP Framework Firewall Exception Check - PASSED
TEST 7 - Adapter #0 - 10.74.1.74 - PASSED
TEST 8 - Get External IP Address (Result: XX.XX.XX.XX) - PASSED
UPnP Test Program … blah blah blah
I do not understand what these exactly mean, due to the fact that I am unfamiliar with the inner workings of UPnP processes.
The UPnP ports image was a fresh attempt at trying to play "Star Wars: Battlefront" with two PS4s.
If you need more information or need another image of one of my configuration pages. Please let me know.
I have found that pretty much nearly every "Home" SoHo Router will appropriately handle the multiple game consoles just fine.
I have also discovered that the problems will depend on which game and/or service your attempting to use. As it seems that Battlefront shares the same problem as Battlefield 1 as well. So you may be able to recreate the issue with games that attempt to use "EA Tunnel".
I believe this problem will persist with Xbox One with these same games, but, i am unable to test due to not owning either games on those consoles. (I do own 3 Xbox Ones tho)
(I have researched more of this online, but have found that this article (https://digiex.net/threads/pfsense-step-by-step-guide-to-multiple-xbox-ones-open-nat-play-together-2-3-x.15094/) was the easiest to read and contained all of the information that my research into the matter deemed relevant.)
Every change I turned off the pfsense, the switch, and all consoles for a minimum of 5 min. The consoles were turned completely off, not put into standby.
Tested by connecting both consoles up to a fresh install of the pfsense at default settings. ( Failed,  Failed)
Turned on all of UPnP. ( Connect,  Failed)
Turned on Nat Reflection (Pure NAT). ( Connect,  Failed)
Turned on Nat Reflection (Nat+Proxy). ( Connect,  Failed)
Grand Theft Auto 5 (Working)
Battlefield 1 (Failed)
Star Wars: Battlefront (Failed)
Motherboard: GIGABYTE GA-B250-HD3
Processor: Intel 2.9 GHz Dual Core BX80677G3930 Celeron
RAM: G.SKILL 8GB (2 x 4GB) F4-2133C15D-8GVR
SSD: Kingfast F6 32gb
Network Card: HP NC364T PCIe 4Pt Gigabit Server Adptr
Power Supply: EVGA 500 B1, 80+ BRONZE 500W
(Images are attached, so if you need to see them you will need to login.)
That is exactly how things are setup for my 2*XBOX One and it works fine (including both hosting games at the same time). I only have 1 PS4, so can't test that the same way as you can, but on 1st glance I would have set it up exactly the same as you did…
Added and updated more information.
For those curious, I will be documenting everything on this subject until it is resolved.
When the situation is solved, if its by my hands, will be posted and documented here as well.
I love pfSense and want to see it grow to be the perfect firewall for homes too!
If anyone needs any other documents or information please ask. I will provide it as soon as i can.
I intend to complete this post in all its entirety to help those in the future diagnose these set of problems as well. Unless this is an actual bug and an update is required. (of which i will post that as well.)
FYI, if this post takes much longer, i may end up trying to post it on the issue tracker for pfSense. Just thought i'd try here before bothering the developers with this.
Did you ever get this resolved?
Negative. Still on the search for a solution.
I'm having the same issue with two PS4s. Here's to hoping that v2.4 somehow fixes this…
Like i said, to anyone that is monitoring this thread, the EXACT moment i come across a fix for this situation, I will be sharing it here. Whether it be a pfsense update, or, some other method, that will be described here.
Where I work, I have this posted on the office job board to always remind me that this problem still exists. The reason why, we are interested in sharing pfsense with residential customers, but, at this time, we cant because a lot of residential customers have multiple consoles and feel it would negatively impact us because of our recommendation of it, in its current state.
I have the same issue with 2.4.2.
I have 2 ps4s and only the first one gets upnp with nat 2
The second to boot up shows nothing in upnp and gets nat type 3.
Both are configured with hybrid nat and static ports (pure nat).
Even tried a 3rd nic and different subnet but still have the same results.
Other routers seem to do fine but I really want this to work on pfsense.
Anyone ever get this figured out ??
MORGiON last edited by
I have 4 PS4s connecting via upnp, Nat 2
I dont have the games you do to test but all 4 get Nat 2 running the network test in the PS4 OS.
I did find that using Nat reflection stopped multiple consoles using upnp for me.
I also only use outbound Nat static port for the consoles not the entire network.
I do believe a better implementation of upnp is needed as development for the current version seems to be pretty much non existent according to the git, and pfSense seems to be using an older version
The NAT reflection shouldn't be needed here. This is primarily used so that a host on the inside of the network can connect to a service that you have port forwarded through, such as a web server. If it were me, and I was trying to get this to work, I'd disable that option entirely.
My $0.02, for whatever its worth.
"pfsense is the only firewall that I've used that randomizes source ports in that way"
You do not understand how NAPT works then… If you did not change the source port and used static source ports on the outbound you would constantly run into problems with multiple clients behind a single IP... You only have the 65k possible source ports to work with per IP... So if you had multiple clients all making outbound sessions to stuff on the internet with all the clients using random ports above 1024.. Client A happens to pick source port 2048 to talk to www.google.com 443... And client B just happens to use that same source port in some session its using to www.yahoo.com how would the NAPT handle that..
If you only had a couple of devices you might not run into the problem very often.. But what if you have 100 clients, or 1000 - how often do you think you would run into a problem with clients source ports stepping on each other..
NAPT has always be designed to change the source port on the outbound connection.. Why its called Network Address PORT Translation… Setting your whole network for outbound nat to use static ports is BORKED plain and simple...
That any game would need static source port is beyond stupidity... And limits the number of clients that could work from the same IP maybe that is what they are trying to prevent? You should set static ports in your outbound ONLY On the specific applications that might require it.. Say ISAKMP which uses UDP 500..
If game X need source port XYZ, how is console A going to use the same source port and console B when you only have 1 public IP? If the game doesn't care if its the same source port then you can set console A to be static and console B to use static.. But will be stop pfsense from changing the source port on the outbound connection.. But they would not be able to use the same port.. Setting your whole network to try and be static is going to cause issues - the more clients the more likely it will be to run into problems.
Sorry, I should have been more clear. When I said this:
"pfsense is the only firewall that I've used that randomizes source ports in that way"
What I meant was that pfsense randomizes the source port all the time, even if the original source port is available. So, for example, if I make a TCP connection outbound sourcing from port 17210, pfsense will change that to something else, even if port 17210 is not currently in use on the outside interface. Linux doesn't do this. Cisco doesn't do this. On those platforms if the source port is available, that's the one you get. If the port is not available, because something is already using it, then, and only then, is the source port translated.
I was mistaken with how the static port option worked. I was under the impression that it disabled the 100%, all the time, randomization of source ports, even when it wasn't necessary, but, still changed the source port when it was already in use. It seems, based on some quick VM testing, that this isn't the case, so I'll go edit my previous reply.
edit: so, turns out, if it can't accomodate the source port, because static port is enabled, what it does is just ship the packet out the outside interface without doing any translation at all.
edit2: actually, it only sends out the packet without nat if the destination IP and port are the same. If they're different it will send out nat'ed packets, from two different inside hosts, using the same source port. Interesting.
I Have the same issues with 2 Xbox One.
The NAT is open for Xbox Live, but not possible to join a session in warframe (no probleme with rocket league).