MiniUPNPD

Started by fotring, January 26, 2026, 05:16:48 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
January 26, 2026, 05:16:48 PM
Hi,
miniupnpd seems to be broken in 26.1:

miniupnpd 37136 - [meta sequenceId="85"] pfctl_get_rules_info: Invalid argument

Its spamming the routing log.

//Daniel
January 26, 2026, 05:26:57 PM #1
First time I hear this. Kernel ABI and upstream software didn't change from 25.7.x so not sure what we're looking at here.



Cheers,
Franco
January 26, 2026, 06:45:42 PM #2
Fun, a puzzle :D
Had it working in 25.7 for a couple of playstations, and i had trouble getting it going OOTB but that's a couple of years ago so i can't remember what i did. But in sure it wasn't this error.

//Daniel
January 26, 2026, 07:04:23 PM #3
when trying to map a port from my macbook:

miniupnpd 34776 - [meta sequenceId="77"] ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: Invalid argument
January 26, 2026, 08:06:35 PM #4
True, it's more likely the errors were always there or at least for a while.


Cheers,
Franco
January 27, 2026, 12:08:12 AM #5 Last Edit: January 27, 2026, 04:21:48 PM by nero355
Quote from: fotring on January 26, 2026, 06:45:42 PMHad it working in 25.7 for a couple of playstations
Why not just give them 1:1 Port Mapping and leave it at Moderate NAT level instead of fully Open NAT ?!

/EDIT :
Quote from: d0shie on January 27, 2026, 06:22:03 AMOther console people who are on Strict NAT (more than you'd think) can only talk to Open NAT.
With how prevalent the P2P matchmaking model is, Moderate NAT just won't do if you want the best chance at finding more people to play with.

UPnP, on the other hand, provides the perfect middle ground while cleaning up after itself so allowed devices can cycle between ports. I'd say these days consoles is one of the primary reasons why UPnP is in use.
Fair enough :)

I am PC gamer who needs it only for some games that use that P2P crap too sadly and really hate the fact that they do (PC gaming folks like Dedicated Servers !!! LOL!)  so I don't mind missing out on those Strict NAT players if that means I can keep my LAN side less exposed than it needs to be !!! ^_^
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
January 27, 2026, 06:22:03 AM #6
Quote from: nero355 on January 27, 2026, 12:08:12 AMWhy not just give them 1:1 Port Mapping and leave it at Moderate NAT level instead of fully Open NAT ?!
Because Moderate NAT can only talk to Moderate and Open NAT. Other console people who are on Strict NAT (more than you'd think) can only talk to Open NAT. With how prevalent the P2P matchmaking model is, Moderate NAT just won't do if you want the best chance at finding more people to play with. There's also the need to factor in the effort to manually configure mappings for every game service. The better equivalence would be putting that console behind a DMZ, but it'd also mean the ports have to remain open 24/7, and only for that console.
UPnP, on the other hand, provides the perfect middle ground while cleaning up after itself so allowed devices can cycle between ports. I'd say these days consoles is one of the primary reasons why UPnP is in use.
January 27, 2026, 08:40:10 AM #7
I'm still missing the point a bit: it was said it's broken because it's spamming. The question is: is it still working after upgrading from 25.7.11 (where it worked) to 26.1-RCx (in which the code really doesn't differ)?


Cheers,
Franco
January 27, 2026, 09:48:45 AM #8
Just to chime in since I guess not that many are using miniupnpd.. I'm still running 25.7.11_2 and I use UPnP for consoles and kids' gaming, and I'm not seeing those errors in my log..

(A lot of other errors, but I'm guessing it's because the clients didn't clear their active mappings before shutting off)..

Code Select
2026-01-27T09:23:31    Error    miniupnpd    upnpevents_processfds: 0x1239f410080, remove subscriber uuid:4a4dccd4-fb59-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.134:2869/upnp/eventing/dkgqwukrhw
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:31    Error    miniupnpd    upnpevents_processfds: 0x1239f410100, remove subscriber uuid:4a487762-fb59-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.134:2869/upnp/eventing/bejxzoycej
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:21:25    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.1.153:2869): Operation timed out
2026-01-27T09:07:13    Error    miniupnpd    upnpevents_processfds: 0x1239f410000, remove subscriber uuid:0319bd80-fb57-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.127:2869/upnp/eventing/ujhzqdwdtn
2026-01-27T09:07:13    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.127:2869): Operation timed out
2026-01-27T09:07:13    Error    miniupnpd    upnpevents_processfds: 0x1239f410280, remove subscriber uuid:0314bbca-fb57-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.127:2869/upnp/eventing/ocsmvlvmza

/Kewin
Intel N100, 4* I226-V, 16 GB mem, 256 GB NVMe
January 27, 2026, 07:13:02 PM #9
Quote from: Kewin on January 27, 2026, 09:48:45 AMJust to chime in since I guess not that many are using miniupnpd.. I'm still running 25.7.11_2 and I use UPnP for consoles and kids' gaming, and I'm not seeing those errors in my log..

(A lot of other errors, but I'm guessing it's because the clients didn't clear their active mappings before shutting off)..

Code Select
2026-01-27T09:23:31    Error    miniupnpd    upnpevents_processfds: 0x1239f410080, remove subscriber uuid:4a4dccd4-fb59-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.134:2869/upnp/eventing/dkgqwukrhw
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:31    Error    miniupnpd    upnpevents_processfds: 0x1239f410100, remove subscriber uuid:4a487762-fb59-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.134:2869/upnp/eventing/bejxzoycej
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:21:25    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.1.153:2869): Operation timed out
2026-01-27T09:07:13    Error    miniupnpd    upnpevents_processfds: 0x1239f410000, remove subscriber uuid:0319bd80-fb57-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.127:2869/upnp/eventing/ujhzqdwdtn
2026-01-27T09:07:13    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.127:2869): Operation timed out
2026-01-27T09:07:13    Error    miniupnpd    upnpevents_processfds: 0x1239f410280, remove subscriber uuid:0314bbca-fb57-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.127:2869/upnp/eventing/ocsmvlvmza

/Kewin

Good note! Then it's not just my install. Can something have changed upstream in miniupnpd? Im on 2.3.9_2,1.
January 27, 2026, 08:23:14 PM #10
Hi, static NAT ports for UDP are a godsend for real-time protocols. Anyone who has troubleshooted WebRTC knows this: they're worth their weight in gold. They cost nothing, except to acknowledge that port "randomization" in UDP is not a security feature.

pass out quick on igc0 inet proto udp from igc1:network nat-to (igc0) static-port
pass out on igc0 inet from igc1:network nat-to (igc0)
** ¯\_(ツ)_/¯ **  C'est la vie  ** ¯\_(ツ)_/¯ **
Today at 09:38:01 AM #11 Last Edit: Today at 11:56:07 AM by burre90
I have had issues with UPNP as well recently in 26.1, even tried making a fresh new interface with only an Allow All rule, to rule out any firewall issues, while also disabling all custom WAN Rules... no luck for my PS5 or my PC. For the time being I have just made a NAT outbound static port rule so I can get moderate NAT at least.

Really frustrating me, but I'm not trying to blame anyone, as I am not as tech savvy as you all.


Here's my logs if it helps at all, sorry I am not very knowledgeable of any of this stuff.


2026-01-29T01:50:27-08:00   Error   miniupnpd    pfctl_get_rules_info: Invalid argument
2026-01-29T01:50:13-08:00   Error   miniupnpd    pfctl_get_rules_info: Invalid argument
2026-01-29T01:49:51-08:00   Error   miniupnpd    pfctl_get_rules_info: Invalid argument
2026-01-29T01:49:51-08:00   Error   miniupnpd    pfctl_get_rules_info: Invalid argument
2026-01-29T01:49:33-08:00   Error   miniupnpd    pfctl_get_rules_info: Invalid argument
2026-01-29T01:49:32-08:00   Error   miniupnpd    pfctl_get_rules_info: Invalid argument
2026-01-29T01:49:20-08:00   Error   miniupnpd    pfctl_get_rules_info: Invalid argument
2026-01-29T01:49:20-08:00   Error   miniupnpd    pfctl_get_rules_info: Invalid argument
2026-01-29T01:49:19-08:00   Error   miniupnpd    pfctl_get_rules_info: Invalid argument
2026-01-29T01:49:19-08:00   Error   miniupnpd    could not open lease file: /var/run/miniupnpd.leases-ipv6
2026-01-29T01:49:19-08:00   Error   miniupnpd    could not open lease file: /var/run/miniupnpd.leases   
   

Today at 04:41:24 PM #12
Here are my logs from a port mapping attempt from qbittorrent:

Code Select
miniupnpd 9211 - - HTTP REQUEST from 192.168.1.158:61797 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd 9211 - - Host: 192.168.1.1:2189
miniupnpd 9211 - - SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd 9211 - - AddPortMapping: ext port 43831 to 192.168.1.158:7620 protocol UDP for: qBittorrent/5.1.4 leaseduration=604800 rhost=
miniupnpd 9211 - - no permission rule matched : accept by default (n_perms=0)
miniupnpd 9211 - - pfctl_get_rules_info: Invalid argument
miniupnpd 9211 - - Check protocol UDP for port 43831 on ext_if igc1 100.35.202.163, A3CA2364
miniupnpd 9211 - - 0101a8c0:5351 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0132a8c0:5351 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0101a8c0:59796 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0132a8c0:36397 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:1900 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0132a8c0:123 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0100007f:123 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - a3ca2364:123 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0101a8c0:123 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:123 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0101a8c0:43339 0a01a8c0:514 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:0 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0101a8c0:161 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0100007f:2056 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0132a8c0:5353 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0101a8c0:5353 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:5353 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:49935 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0100007f:2055 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0100007f:63685 0100007f:2055 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 0100007f:4930 0100007f:2055 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:53053 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:53053 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:53053 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:53053 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:51820 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:4500 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:500 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:53 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - 00000000:67 00000000:0 <=> 43831 a3ca2364:7620
miniupnpd 9211 - - redirecting port 43831 to 192.168.1.158:7620 protocol UDP for: qBittorrent/5.1.4
miniupnpd 9211 - - ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: Invalid argument
miniupnpd 9211 - - Returning UPnPError 501: Action Failed
Today at 05:10:22 PM #13
Reports are piling up.  I'm wondering if the kernel has a bad change?

# opnsense-update -zkr 25.7.11

And reboot?


Cheers,
Franco
Today at 05:28:37 PM #14
Quote from: franco on Today at 05:10:22 PMReports are piling up.  I'm wondering if the kernel has a bad change?

# opnsense-update -zkr 25.7.11

And reboot?


Cheers,
Franco

Same result on the older kernel
Print
Go Up Pages1 2
User actions