Archive > 20.7 Legacy Series
UPNP Issues
(1/1)
Munacra82:
Good Evening Everyone.
I would like to ask some assistance, I am having some issues with UPNP on OPNsense 20.7.b_40-amd64
I do not believe its 20.7 itself, but instead miniupnpd that is causing the issue,
In short, Upnp connections are not being established or reflecting on the UPNP status page,
The error I get is as follows:
AS per the below log, it comes back with 501 - Action failed
miniupnpd[24490]: HTTP REQUEST from 192.168.1.247:49480 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[24490]: Host: 192.168.1.1:2189
miniupnpd[24490]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[24490]: AddPortMapping: ext port 51066 to 192.168.1.247:51066 protocol UDP for: Teredo leaseduration=0 rhost=
miniupnpd[24490]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[24490]: Check protocol udp for port 51066 on ext_if re0_vlan10 192.168.3.254, FE03A8C0
miniupnpd[24490]: 0101a8c0:60801 00000000:0 <=> 51066 fe03a8c0:51066
miniupnpd[24490]: 00000000:1900 00000000:0 <=> 51066 fe03a8c0:51066
miniupnpd[24490]: fe03a8c0:123 00000000:0 <=> 51066 fe03a8c0:51066
miniupnpd[24490]: 0100007f:123 00000000:0 <=> 51066 fe03a8c0:51066
miniupnpd[24490]: 0101a8c0:123 00000000:0 <=> 51066 fe03a8c0:51066
miniupnpd[24490]: 00000000:123 00000000:0 <=> 51066 fe03a8c0:51066
miniupnpd[24490]: 00000000:67 00000000:0 <=> 51066 fe03a8c0:51066
miniupnpd[24490]: redirecting port 51066 to 192.168.1.247:51066 protocol UDP for: Teredo
miniupnpd[24490]: Returning UPnPError 501: ActionFailed
miniupnpd[24490]: HTTP REQUEST from 192.168.1.247:49481 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[24490]: Host: 192.168.1.1:2189
miniupnpd[24490]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[24490]: AddPortMapping: ext port 53992 to 192.168.1.247:53992 protocol UDP for: Teredo leaseduration=0 rhost=
miniupnpd[24490]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[24490]: Check protocol udp for port 53992 on ext_if re0_vlan10 192.168.3.254, FE03A8C0
miniupnpd[24490]: 0101a8c0:60801 00000000:0 <=> 53992 fe03a8c0:53992
miniupnpd[24490]: 00000000:1900 00000000:0 <=> 53992 fe03a8c0:53992
miniupnpd[24490]: fe03a8c0:123 00000000:0 <=> 53992 fe03a8c0:53992
miniupnpd[24490]: 0100007f:123 00000000:0 <=> 53992 fe03a8c0:53992
miniupnpd[24490]: 0101a8c0:123 00000000:0 <=> 53992 fe03a8c0:53992
miniupnpd[24490]: 00000000:123 00000000:0 <=> 53992 fe03a8c0:53992
miniupnpd[24490]: 00000000:67 00000000:0 <=> 53992 fe03a8c0:53992
miniupnpd[24490]: redirecting port 53992 to 192.168.1.247:53992 protocol UDP for: Teredo
miniupnpd[24490]: Returning UPnPError 501: ActionFailed
In short, this firewall is connecting Via a primary router which has a 1 - 1 nat applied towards the firewall, the interfaces on both ends are tagged with VLAN10,
Referencing the above: re0_vlan10 192.168.3.254
I managed getting the 501 - Action Failed Error gone, by putting in the public IP address of the Primary Routers PPPOE connection into the "Override WAN address" field under UPNP settings, which in turn caused the Status page to pop up with the correct Port Map Rule, and it appeared to work however.... The following error occurred:
miniupnpd[8312]: rule with label 'Teredo' is not a IGD pinhole
miniupnpd[8312]: HTTP REQUEST from 192.168.1.247:49508 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[8312]: Host: 192.168.1.1:2189
miniupnpd[8312]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[8312]: AddPortMapping: ext port 52238 to 192.168.1.247:52238 protocol UDP for: Teredo leaseduration=0 rhost=
miniupnpd[8312]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[8312]: Check protocol udp for port 52238 on ext_if re0_vlan10 192.168.3.254, FE03A8C0
miniupnpd[8312]: 0101a8c0:44410 00000000:0 <=> 52238 fe03a8c0:52238
miniupnpd[8312]: 00000000:1900 00000000:0 <=> 52238 fe03a8c0:52238
miniupnpd[8312]: fe03a8c0:123 00000000:0 <=> 52238 fe03a8c0:52238
miniupnpd[8312]: 0100007f:123 00000000:0 <=> 52238 fe03a8c0:52238
miniupnpd[8312]: 0101a8c0:123 00000000:0 <=> 52238 fe03a8c0:52238
miniupnpd[8312]: 00000000:123 00000000:0 <=> 52238 fe03a8c0:52238
miniupnpd[8312]: 00000000:67 00000000:0 <=> 52238 fe03a8c0:52238
miniupnpd[8312]: redirecting port 52238 to 192.168.1.247:52238 protocol UDP for: Teredo
miniupnpd[8312]: rule with label 'Teredo' is not a IGD pinhole
miniupnpd[8312]: upnpevents_selectfds: 0x1b512e15080 1 11
miniupnpd[8312]: upnp_event_notify_connect: '192.168.1.247' 2869 '/upnp/eventing/ichcfutyge'
miniupnpd[8312]: upnpevents_processfds: 0x1b512e15080 2 11 0 1
miniupnpd[8312]: upnp_event_send: sending event notify message to 192.168.1.247:2869
miniupnpd[8312]: upnp_event_send: msg: NOTIFY /upnp/eventing/ichcfutyge HTTP/1.1
Host: 192.168.1.247:2869
Content-Type: text/xml; charset="utf-8"
Content-Length: 392
NT: upnp:event
NTS: upnp:propchange
SID: uuid:7c6b6a50-7f87-11ea-8488-60eb69696948
SEQ: 2
Connection: close
Cache-Control: no-cache
<e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0"><e:property><PossibleConnectionTypes>IP_Routed</PossibleConnectionTypes></e:property><e:property><ConnectionStatus>Connected</ConnectionStatus></e:property><e:property><ExternalIPAddress>105.184.XXX.XXX</ExternalIPAddress></e:property><e:property><PortMappingNumberOfEntries>1</PortMappingNumberOfEntries></e:property></e:propertyset>
miniupnpd[8312]: rule with label 'Teredo' is not a IGD pinhole
miniupnpd[8312]: upnpevents_selectfds: 0x1b512e15080 4 11
miniupnpd[8312]: upnpevents_processfds: 0x1b512e15080 4 11 1 0
miniupnpd[8312]: upnp_event_recv: (125bytes) HTTP/1.1 200 OK
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 16 Apr 2020 02:10:56 GMT
Connection: close
Content-Length: 0
miniupnpd[8312]: rule with label 'Teredo' is not a IGD pinhole
miniupnpd[8312]: rule with label 'Teredo' is not a IGD pinhole
UPNP Then dies out and no traffic is sent through,
I have not had this with Pfsense / Fortigate, and would appreciate some assistance,
I have already tried the above on the stable release as well as the abovementioned version and the same errors occur,
I have also already done the following:
1) Reinstalled OPNSense with a fresh install
2) Reinstalled the Packages
3) Removed all switching hardware, and used the embedded NIC / Wireless chip
4) Static Outbound NAT
5) Checked for IGMP (All of it was disabled)
6) Attempted to Do PPPOE directly from The Interface, however it was not Possible Via the VLAN
The Interfaces are configured as per below:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2018<VLAN_MTU,VLAN_HWTAGGING,WOL_MAGIC>
inet6 fe80::62eb:69ff:fe69:6948%re0 prefixlen 64 scopeid 0x1
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
enc0: flags=0<> metric 0 mtu 1536
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: enc
pflog0: flags=100<PROMISC> metric 0 mtu 33160
groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync
syncpeer: 0.0.0.0 maxupd: 128 defer: off
re0_vlan10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet6 fe80::62eb:69ff:fe69:6948%re0_vlan10 prefixlen 64 scopeid 0x6
inet 192.168.3.254 netmask 0xffffff00 broadcast 192.168.3.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 10 vlanpcp: 0 parent interface: re0
groups: vlan
ral0_wlan1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet6 fe80::72f3:95ff:fee5:7246%ral0_wlan1 prefixlen 64 tentative scopeid 0x7
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: no carrier
ssid OPNSense channel 1 (2412 MHz 11g)
regdomain FCC country US authmode AUTO privacy OFF deftxkey 2
txpower 30 scanvalid 60 protmode OFF -apbridge dtimperiod 1 -dfs
groups: wlan
Hopefully someone can assist me with this, I can confirm that UPNP is mapped when forcing the external IP, (which shouldn't really be needed) from the below output:
The Connection unfortunately does not appear to work / Dies Eventually
rdr quick on re0_vlan10 inet proto udp from any to 105.184.XXX.XXX port = 52238 keep state label "Teredo" rtable 0 -> 192.168.1.247 port 52238
Thanks in advance, any advice will be truly appreciated.
Thank you.
Navigation
[0] Message Index
Go to full version