1
21.1 Legacy Series / Having some UPnP issues.
« on: April 02, 2021, 05:29:23 pm »
I'm am a long time pfSense user (at work) that has had a R7000 with FreshTomato on it at home. Since my R7000 is about 8 years old and the wifi is starting to have issues, I decided to roll my own stuff at home instead of getting Orbi's or a Netgear wifi 6 mesh system. I bought a Protectli box and was going to use pfSense, but decided to give opnsense a go. I installed everything last night and configured it for my network and got the new access points wired up to the new switch (it's a managed netgear switch with poe).
I installed the upnp plugin. At home, I have a PS4, a few gaming PCs, and 4 Nintendo Switches. The kids often play multiplayer Minecraft and I play Warzone on my PC, as well as some various multiplayer PS4 games.
On FreshTomato, it was just ticking off the boxes and going and I would get open nat in Warzone and minecraft worked fine for the kids. With opnsense, I'm not having any luck at all.
After many hours of troubleshooting, I'm kind of stuck now and need some assistance. I doesn't seem to be working at all. In the status page of the upnp plugin, no mappings ever show up. However! I downloaded a upnp tool that lets you send requests to discovered devices. So when I do the AddPortMapping request, it actually says success. If I use the GetSpecificPortMappingEntry request, it returns what I requested, but it still doesn't actually show up in the upnp status page.
I have default deny turned off, but I have also tried adding my PC's IP and a large port range to the permissions, and I got the same result. In the routing log, I don't see any errors for requests. And in outbound nat, I have it in hybrid mode, and a rule for source lan net with the wan address at the nat address and static port enabled. I did not try to put my specific PC address in there, but I don't think this even comes into play yet.
I've uninstalled the plugin and re-enabled as well as just reinstalling it. I've disabled/reenabled and still no go.
I also attempted to turn off IGMP snooping in my switch, but since it's a cloud managed device (for now, I'm going to be turning that garbage off this weekend), I decided to just plug the switch my PC is on into the lan port of the firewall and plug my poe switch into my standard unmanaged lan switch. Still doesn't seem to work.
I'm really confused that the upnp test app says success and I'm not seeing the rule in the status list. I disabled the upnp and did the requests again, just to make sure it wasn't responding, just in case it thought it was sending it to the router when something else on the network was messing with it, but it does fail with it disabled.
I'm kind of at a loss for what to try next. While I could just put in manual port forwards for everything, minecraft could be a little more difficult, and I'm not sure what other games the kids are playing that might need port forwarding. I'd rather this be a little more hands off. Once it is working, I'll turn on the default deny and start ACL'ing this. So, any ideas?
I installed the upnp plugin. At home, I have a PS4, a few gaming PCs, and 4 Nintendo Switches. The kids often play multiplayer Minecraft and I play Warzone on my PC, as well as some various multiplayer PS4 games.
On FreshTomato, it was just ticking off the boxes and going and I would get open nat in Warzone and minecraft worked fine for the kids. With opnsense, I'm not having any luck at all.
After many hours of troubleshooting, I'm kind of stuck now and need some assistance. I doesn't seem to be working at all. In the status page of the upnp plugin, no mappings ever show up. However! I downloaded a upnp tool that lets you send requests to discovered devices. So when I do the AddPortMapping request, it actually says success. If I use the GetSpecificPortMappingEntry request, it returns what I requested, but it still doesn't actually show up in the upnp status page.
I have default deny turned off, but I have also tried adding my PC's IP and a large port range to the permissions, and I got the same result. In the routing log, I don't see any errors for requests. And in outbound nat, I have it in hybrid mode, and a rule for source lan net with the wan address at the nat address and static port enabled. I did not try to put my specific PC address in there, but I don't think this even comes into play yet.
I've uninstalled the plugin and re-enabled as well as just reinstalling it. I've disabled/reenabled and still no go.
I also attempted to turn off IGMP snooping in my switch, but since it's a cloud managed device (for now, I'm going to be turning that garbage off this weekend), I decided to just plug the switch my PC is on into the lan port of the firewall and plug my poe switch into my standard unmanaged lan switch. Still doesn't seem to work.
I'm really confused that the upnp test app says success and I'm not seeing the rule in the status list. I disabled the upnp and did the requests again, just to make sure it wasn't responding, just in case it thought it was sending it to the router when something else on the network was messing with it, but it does fail with it disabled.
I'm kind of at a loss for what to try next. While I could just put in manual port forwards for everything, minecraft could be a little more difficult, and I'm not sure what other games the kids are playing that might need port forwarding. I'd rather this be a little more hands off. Once it is working, I'll turn on the default deny and start ACL'ing this. So, any ideas?