Trying to enable UPNP causes reboot

Started by banditti, March 29, 2020, 05:57:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 29, 2020, 05:57:29 PM
I have (2) xbox's.  When I try to enable the UPNP service, it reboots OPNSense.  I have uninstalled/deleted the service, I rebooted, reinstalled, I rebooted. tried to enable UPNP... it reboots itself.   Comes back up and wants to send an crash report.

I have tried other combinations, but the outcome is the same.
March 29, 2020, 07:55:15 PM #1
Also, the enable i/! next to enable is grayed out.
March 29, 2020, 09:48:13 PM #2 Last Edit: March 29, 2020, 09:55:07 PM by packet loss
In the OPNsense webgui does it show you have the os-upnp plugin installed? os-upnp plugin should be installed as well as the miniupnpd package. Once the plugin is installed you can configure upnp from the webgui under Services --> Universal Plug and Play. If you do have the plugin already installed provide a screenshot of your Universal Plug and Play settings.

Also using the webgui goto firmware and select the Audit now button at the top right and select Health to see if you have an issues.
March 30, 2020, 12:02:50 AM #3
1.  Yes, it does show installed.  I have uninstalled, rebooted and reinstalled.
2.  Please see attached screen shots.  You will see that "enable" is grayed out, not orange
3.  See screen shots of audits... no issues

https://www.dropbox.com/s/eho8qsxp5gtoqr0/1.png?dl=0
https://www.dropbox.com/s/urn2tr5gud4i6pm/2.png?dl=0
https://www.dropbox.com/s/ppmdjupclapkquv/3.png?dl=0
https://www.dropbox.com/s/fb87baopjxnx3b4/4.png?dl=0
https://www.dropbox.com/s/l67jnwdjflznh9c/5.png?dl=0
https://www.dropbox.com/s/wjsi8aypbz4rsco/6.png?dl=0
March 30, 2020, 12:36:35 AM #4
Quote from: banditti on March 30, 2020, 12:02:50 AM
2.  Please see attached screen shots.  You will see that "enable" is grayed out, not orange

The information icon for mine is also grayed out and is not orange but I'm still able to select the checkbox for enable. The Override WAN address icon should also show grayed out. All this means is that there is no information for these particular settings. If you select one of the orange information icons it will expand and show you information for that particular setting. We can easily rule out that the grayed out icon is not an issue.

Have you tried the following combination to see if OPNsense doesn't reboot?

Check Allow UPnP Port Mapping, uncheck Allow NAT-PMP Port Mapping, check enable and then save.
March 30, 2020, 04:05:28 AM #5
You can also try running miniupnpd in debug mode from the console.

1. killall miniupnpd
2. run miniupnpd in debug mode

/usr/local/sbin/miniupnpd -d -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid
March 31, 2020, 07:10:07 AM #6
root@OPNsense:~ # killall miniupnpd
No matching processes were found

root@OPNsense:~ # /usr/local/sbin/miniupnpd -d -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid
Error reading configuration file /var/etc/miniupnpd.conf
March 31, 2020, 07:16:18 AM #7 Last Edit: March 31, 2020, 07:18:05 AM by banditti
Tried, still caused reboot.

Quote
Have you tried the following combination to see if OPNsense doesn't reboot?

Check Allow UPnP Port Mapping, uncheck Allow NAT-PMP Port Mapping, check enable and then save.
March 31, 2020, 07:16:41 AM #8
For giggles, I tried reinstalling miniupnpd.  No change.

***GOT REQUEST TO REINSTALL: miniupnpd***
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.

Number of packages to be fetched: 1
No packages are required to be fetched.
Integrity check was successful.
miniupnpd-2.1.20190210,1: already unlocked
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
   miniupnpd-2.1.20190210,1

Number of packages to be reinstalled: 1
[1/1] Reinstalling miniupnpd-2.1.20190210,1...
[1/1] Extracting miniupnpd-2.1.20190210,1: ....... done
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
April 01, 2020, 03:28:14 AM #9
Quote from: banditti on March 31, 2020, 07:10:07 AM
root@OPNsense:~ # /usr/local/sbin/miniupnpd -d -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid
Error reading configuration file /var/etc/miniupnpd.conf

Well the only thing left I can think of is that you either have an issue with your miniupnpd.conf file or it doe not exist. Can you check to make sure the file is present?

my /var/etc/miniupnpd.conf

Code Select
ext_ifname=igb0
port=2189
listening_ip=igb1
listening_ip=igb3
listening_ip=igb2
secure_mode=yes
presentation_url=https://10.200.200.1/
uuid=4bfsvd1c-3391-8sfda6-1c1d-3525sdf50ae0b
serial=4BD1042C
model_number=20.1.3
allow 1024-65535 10.200.200.110/32 1024-65535
allow 1024-65535 10.200.200.111/32 1024-65535
allow 1024-65535 10.100.100.100/32 1024-65535
allow 1024-65535 10.0.0.100/32 1024-65535
deny 0-65535 0.0.0.0/0 0-65535
enable_upnp=yes
enable_natpmp=no
clean_ruleset_interval=600
min_lifetime=120
max_lifetime=86400
April 01, 2020, 05:54:51 AM #10
I have no /var/etc/miniupnpd.conf   

Does anyone have a generic one I can create?  File permissions? 
April 01, 2020, 12:46:57 PM #11
Unfortunately I don't have enough time right now to provide more information. Try creating an empty file /var/etc/miniupnpd.conf.

This is what my file permissions looks like:

-rw-r--r--  1 root  wheel   519 Apr  1 03:43 miniupnpd.conf
April 06, 2020, 04:04:33 AM #12
I created a file... no luck
April 06, 2020, 05:15:26 AM #13 Last Edit: April 06, 2020, 05:18:27 AM by packet loss
When you enable upnp from the webgui the miniupnpd.conf file is created so I'm not sure what is going on with your system. I would try to export your configuration file and look at it. I've found that my configuration sometimes has things in it that it shouldn't. You might need to manually cleanup your OPNsense configuration fie. If you do find some issues with your configuration file you can import it back into OPNsense after you clean it up.

System --> Configuration --> Backups --> Download configuration

This is what a portion of my configuration file looks like:

Code Select
  <installedpackages>
    <miniupnpd>
      <config>
        <enable>1</enable>
        <enable_upnp>1</enable_upnp>
        <permdefault>1</permdefault>
        <ext_iface>wan</ext_iface>
        <download/>
        <upload/>
        <overridewanip/>
        <permuser1>allow 1024-65535 10.200.200.110/32 1024-65535</permuser1>
        <permuser2>allow 1024-65535 10.200.200.111/32 1024-65535</permuser2>
        <permuser3>allow 1024-65535 10.100.100.100/32 1024-65535</permuser3>
        <permuser4>allow 1024-65535 10.0.0.100/32 1024-65535</permuser4>
        <permuser5/>
        <permuser6/>
        <permuser7/>
        <permuser8/>
        <iface_array>lan,opt2,opt1</iface_array>
      </config>
    </miniupnpd>
  </installedpackages>

If this doesn't help I would suggest posting the crash log. The crash log probably has some valuable information.


Print
Go Up Pages1
User actions