Messages

I have the same issue. I can't get it to work.

I've done the same things as said in this thread - I installed the uPnP package in the administration section, (I did get some stuff about anchor creation, that I don't understand), enabled it, and enabled the NAT setting to allow hybrid outbound rule generation.

Still, no uPnP, and my users are complaining (7 and 11 year old lol) that my internets suck. :D

Can someone please help me in a step-by-step fashion, as I really can't figure this out on my own.

Add the rules to Firewall: NAT: Outbound that match mine. Then, after applying them, on the xbox, go into Settings -> Network -> Advanced settings -> Alternate port selection and set something other then 3074. It should work. Then, tomorrow go back and set this back to automatic.

Nevermind, upnp is now working, but only kinda. Some app on my Mac can do upnp just fine, however the Xboxes still all fail. I do see the port getting requested in "Services: Universal Plug and Play: Status". They just don't actually seem to work.

Edit.
  Ok. I understand what is happening now. By default OPNsense changes the outgoing port randomly. For XBOXLIVE to work correctly it is required that nat NOT do this. (I believe they do this so ISPs and carrier will prioritize ports XBOXLIVE traffic uses.)

IE;
When the xbox sends a packet from xboxip:3074 -> xboxlive:3074 the NAT packet filter changes both source IP and destination. So, the packet becomes wanip:randomport -> xboxlive:3074 . This breaks XBOXLIVE.

  So, if you are gaming behind your OPNsense what can you do? Well, you have to change the outbound behavior.
Go into into Firewall -> NAT -> Outbound .
See the automatic rules added on the bottom? ISAKMP is also known to break if the source port changes, so OPNsense comes with a rule to not change source port when sending to port 500. Essentially you have to recreate the rules so that outbound NAT has "Static Port" enabled.

Take note!
  If you haven't turned your xbox yet you should be all set. However, you've probably already turned your xbox on and it has conducted a upnp test, so it probably isn't going to work right away. I am not sure why; my guess is somethign to do with either established states or, XBL caching something. Even hard rebooting the xbox will not help But, not to fear! You can force it by going into the xbox setting setting an alternate port under the "advances settings" on the xbox. (Just remember to set it back to automatic later as there is no need to keep it that way. Normally the xbox and upnp are good about automatically figuring out which port to use if the default of 3074 is already active.)
  Also, booting and connecting a second xbox, then trying again with the first xbox will work, but only because the second takes 3074 and the first is forced to pick a different port. However, if you then reboot both and the first comes up first, it will go back to seeing strict nat again.


My suggestions for the future of OPNsense;
  I think that if spent some time capturing the xbox's packets before and after OPNsese we can could figure out exactly which ports it is using and add a default rule like the one for ISAKMP then this would all go more smoothly. Also, if I could isolate why exactly why once xbox see a strict nat it is stuck like that, and how to fix it, testing could go a lot faster. For these reasons I've simply configured all outbound connections to "static port" for now. As we have several gamers in the house I don't feel the benefits outweighs the complications for our use.

I think the new update broke stuff. Since updating my uPNP doesn't work, nor does the IPS. Even tail doesn't follow files as it is supposed to.  =/

Edit: I performed a full clean install and afterwards was easily able to enable uPNP by just installing the plug-in, and setting its settings. (I did NAT enable reflection before hand as part of setting up my static port forwards. I don't know if that matters for upnp.

Yes, agreed. It's totally unclear on how it is supposed to work. It worked so well before the update too.