Messages

If someone wants this integrated in the GUI I'd appreciate a GitHub ticket more than these discussions after random releases breaking this stuff we never had integrated. ;)


Cheers,
Franco

Do I just open a request to have this functionality added? I'm happy to do so if that helps.

Mine is still not working with the code above. The openatt.sh script seems to work just fine, however, something is not working with wpa_supplicant. I tried manually executing the script in early and it gets to "daemonize" and gives me a permission denied. Any way to further debug it?

No need for the openatt.sh script using my method above. Just ensure certs are in the folders specified in the file.

On the identity piece, is that the RG modem's former MAC address like the same as the opnaatt.sh script or are you saying my WAN mac address on my opnsense box?

Mine is still not working with the code above. The openatt.sh script seems to work just fine, however, something is not working with wpa_supplicant. I tried manually executing the script in early and it gets to "daemonize" and gives me a permission denied. Any way to further debug it?

Are you using a static port on your outbound NAT rule? Port randomisation seems to break various games. I also find denying port 3074 using UPNP ACLs will force some XBL games to retry on other ports and has fixed a few problems.

I'm looking at my firewall now and can see about 25 different NAT rules generated by UPNP currently so it appears to be working.

FWIW we run gaming events with around 1,000 - 1,200 devices and UPNP worked well for us the past two events we ran.

I believe this is specific to Destiny 2 and it being extremely picky with UPnP. This post talks about the configuration changes needed for UPnP on OpenWRT:

On the main configuration page, the importation options are below:
Start UPnP and NAT-PMP service = enabled
Enable UPnP functionality = enabled
Enable NAT-PMP functionality = enabled
Enable IGDv1 mode = enabled (The important option, Destiny 2 does not like IGDv2)
Port = 0 (Allows automatic port selection)

I solved it by using a rule like this...



Gianluca

Hi Gianluca,

Static port mapping will work fine for a single console and give you moderate NAT. It won't help you when you have multiple.

Are you using a static port on your outbound NAT rule? Port randomisation seems to break various games. I also find denying port 3074 using UPNP ACLs will force some XBL games to retry on other ports and has fixed a few problems.

I'm looking at my firewall now and can see about 25 different NAT rules generated by UPNP currently so it appears to be working.

FWIW we run gaming events with around 1,000 - 1,200 devices and UPNP worked well for us the past two events we ran.

Hi Tawmu, your fixes to UPnP were working fine up until 3/21/2023.

Bungie has changed something in the game that I believe requires IGDv1 for UPnP to work properly.

Some individuals on reddit are saying their DumaOS based routers are still getting port maps set up properly.

I don't see how I could compile a miniupnpd that would support IGDv1, I'd need development support as I'm not deep on this code base.

I've confirmed it also doesn't work on an OpenWRT based ER605 Omada router.

There were no changes to upnp since the initial 23.1 version. And those changes seem to work fine - I don't see reports piling up, not generally and not specifically for 23.1.4.


Cheers,
Franco

I've updated the original post with other people complaining about this issue on Bungie's forums. Is this something I could work with someone on to troubleshoot?

Thanks!

This post is no longer relevant

I'm familiar with reading the log files in the firewall and I've also SSH'd into my opnsense box but I'm unsure how to find the actual miniupnpd logs that should show the requests and responses.

Can anyone point me in the right direction?

Thanks

Hi Bondi,

I used to have ACLs set up, but as part of debugging I've removed them.

As far as your second question, I don't have rules set to specifically allow traffic to the gateway as it's always worked fine without it.

Everything was working fine until 3/21. I tried going back to 22.7 and I also tried a pfsense build and I was experiencing the same issue. I'm wondering if it's something else?

I did a tcpdump and I can see the SSDP packets going to the 239.whatever address but I'm not able to capture the response. Any ideas how to debug further?

Thank you for adding your experience!

I went back to 22.7 and did pkg install os-upnp-devel as root.

It installed the latest UPNP that's included with 23.1 but it still doesn't work. I'm pretty sure something has changed recently.

Hi franco,

I did a fresh install of 23.1 last night and did not restore my configuration.

I simply installed os-upnp and reinstalled Destiny 2 and the port forwards are not being made.

There is the possibility that Bungie broke this but I highly doubt it. My next test will be to reinstall an older version of opnsense and see if it works there.

I doubt you will see tons of reports on this issue as it would require multiple people in the same private network trying to play a game that requires UPNP.

This is still broken on 23.1.5.

Can someone please take a look at this? I've used wireshark and captured the packets going to the server but I can't find any logs that would tell me what is going on.

does anyone know how to troubleshoot or debug the upnp daemon?

Thanks!

UPDATE:

There are several posts on Bungie's forums about this issue for both OPNSense and pfsense.

Please see here:https://www.bungie.net/en/Forums/Post/254054012 and https://www.bungie.net/en/Forums/Post/262675756?sort=0&page=0

Is there some configuration changes that can be made to improve the compatibility with this game?

This person states the following:

On the main configuration page, the importation options are below:
Start UPnP and NAT-PMP service = enabled
Enable UPnP functionality = enabled
Enable NAT-PMP functionality = enabled
Enable IGDv1 mode = enabled (The important option, Destiny 2 does not like IGDv2)
Port = 0 (Allows automatic port selection)
On the Advanced Configuration page, you must add the following options:
Announced Serial Number : <Any integer you want>
Announced Model Number : <Any integer you want>
Presentation URL : http://<ip-address-of-router>;

My question is, how do we make miniupnpd run in IGDv1 mode?


They also stated the following:

Plume is running OpenWRT under the hood and also uses miniupnpd, but there are some minor differences in how it handles uuids; I'm going to do a deep dive of the miniupnpd.conf file later and see if I can get miniupnpd.conf on pfsense to match exactly what OpenWRT is doing and test that to see if Destiny likes it any better.

Thanks for the reply!

Looks like it's a known issue:

https://github.com/opnsense/plugins/commit/1781291d7f0627883cd01383a18931ce2977587c