OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: perfectchaos on May 04, 2018, 01:31:44 am
-
I am new to opnsense and I'm trying to get UPnP working.
I've installed the plugin and configured it in services. Specifically I'm trying to get warframe working, it complains on startup that UPnP is malfunctioning. Not missing, as it did before I installed the plugin.
What I observe is that briefly the ports appear in the status page, but quickly disappear.
I'm not sure if there is more logging somewhere, but I see the following in /var/log/routing.log
May 3 18:26:55 OPNsense miniupnpd[60795]: HTTP listening on port 2189
May 3 18:26:55 OPNsense miniupnpd[60795]: no HTTP IPv6 address, disabling IPv6
May 3 18:26:55 OPNsense miniupnpd[60795]: Listening for NAT-PMP/PCP traffic on port 5351
May 3 18:26:57 OPNsense miniupnpd[60795]: upnp_event_recv: recv(): Connection reset by peer
Now the connection reset didn't happen at the same time as the attempt to connect so I'm not sure if it's related.
Here's a wireshark capture of the handshake between warframe and the upnp server. There is a HTTP 500 in there, I'm assuming this is related to the problem.
https://www.dropbox.com/s/qjn6idqk8i48o3d/warframe_handshake.pcap?dl=0 (https://www.dropbox.com/s/qjn6idqk8i48o3d/warframe_handshake.pcap?dl=0)
UPnP Error code 713: SpecifiedArrayIndexInvalid
I've seen suggestions to re-install the plugin, though that seems related to updates to the kernel. I have attempted to re-install and reboots, but I'm not getting anywhere. More help debugging would be greatly appreciated.
-
What's your settings screen lock like? I use UPNP with my PS4 and XB without issue. I'm running on the current version 18.1.7 now as I just patched.
Mine looks like this:
(https://i.imgur.com/STEARkA.png)
-
Well it looks like this. But through some more testing I believe this is actually working. Regardless of what the software is telling me.
Xbox complains that NAT is strict, and I have a double NAT. Well true. But my firewall is in the DMZ of the comcast router. Port-Forwarding on OPNsense works to my internal network.
Now I thought that little refresh looking icon at the top, was just that, a refresh, but maybe it is clearing? Which led me to believe it was disappearing. Whenever I click that, the rules get cleared... anyways
I got on an external server and 'nc -u host 3074' and starting throwing packets at it.
Using wireshark I can see packets coming through the 3074 port Xbox opens up to talk to XBL and test the NAT settings. They are only allowed through once the test starts and the rule is added in the list.
ssh root@opnsense 'tcpdump -i em1 -w - port 3074' | /drives/c/Program\ Files/Wireshark/Wireshark.exe -k -i -
So even though warframe complains, and Xbox is telling me the NAT is strict. I think it is actually working..... maybe? At least I can see the packets that I send through. However, I never see any other packets make it through. So I could be wrong. It really is not adding up.
I can't tell outside of what Warframe and Xbox tell me. From all other tests, and looking in the logs. I don't really see a problem. Except for the 500 error that Warframe gets while talking to UPnP daemon. I see one for the Xbox too except the error is different and inconsistent.
To me it appears that the port actually opens, why Xbox and Warframe complain is confusing though.
-
Mine stays if I check the status:
(https://i.imgur.com/wiQ02Za.png)
I'm not quite sure I'm following the setup and the double NAT as you'd have to forward the port on the secondary router and in that case, you might be better off doing just port forwards.
Any chance to simply the config and remove the one NAT?
-
I'm thinking about trying this. I have an Xfinity router, but untill tonight I didn't realize I could put it into bridged mode. I have my opnsense machine plugged into it, and the IP is static and set to be the in the DMZ it worked fine when I used clearOS but that box had only a single nic and the USB dongle for the second one was truncating my bandwidth so when I got a new machine with a double nic I decided to try opnsense. I had no problem before this so I don't know but I expect miniupnp implements it slightly differently. Once I remove the second NAT I kind of expect I'll have the same problem but I won't know until I try.
-
Would definitely recommend to move to bridge mode is possible as it reduces the complexity and makes the UPNP actually viable to use.
In your setup if UPNP requests a port, it maps on the first NAT and than you have to manually map that on the second router for the double NAT to even work. Doesn't seem useful or you can just remove the UPNP at all and if you have on 1 XB in the house, just use straight up port forwarding on all the ports and set them up in both.
UPNP really becomes 'useful' if you have more than 1 XB in the house as it needs to register something other than the default ports.
-
Well due to the DMZ I don't need to do any port forwarding on the Xfinity side. All unroutable packets get sent to the DMZ which then get routed to the local network through opnsense. Definitely less complexity though. Will try tonight.