Open professor-jonny opened 2 years ago
brada4
commented
2 years ago Most likely UPNP is blocked at your provider due to inherent security issues during last years. Functional replacement is any kind of VPN, like wireguard or openvpn. As per specification UPNP should work via multicast, if yours accepted commands on unicast address it would plainly open all your internal network to the world of cyber attacks.
brada4
commented
2 years ago 
DiegoJp
commented
1 year ago Most likely UPNP is blocked at your provider due to inherent security issues during last years. Functional replacement is any kind of VPN, like wireguard or openvpn. As per specification UPNP should work via multicast, if yours accepted commands on unicast address it would plainly open all your internal network to the world of cyber attacks.
He said it works with provider's router.
Hello I'm also facing problems with UPnP, however my ISP router is not behind a cgNAT and has a public IP, OpenWRT router is behind ISP's and DMZ'ed to it.
I can easily open ports within Firewall options in LuCI and they work ok.
However it seems the culprit is the example STUN server (stun.stunprotocol.org:3478)
I changed it to google's stun.l.google.com:19302 and it's punching holes mapping ports again!
Good luck!
professor-jonny
commented
1 year ago I think my issue is I need some sort of UPNP/PCP proxy or relay that miniupnpd does not currently provide. I believe the ISP provided router does some sort of forwarding to the upstream CGNAT to open ports.
Testing with the ISP provided router with my Xbox sugests all ports are open but with a third party router or a cascaded router behind the ISP router set to DMZ reveals blocked ports.
DiegoJp
commented
1 year ago But can you do regular port forwarding?
brada4
commented
1 year ago I have hard time to undrrstand - you say you have public IP on your openwrt and then where do you forward ports? Thats anothr NAT or what?
professor-jonny
commented
1 year ago I have an ISP with a CGNAT and with the provided router UPNP works. If I cascade my own Openwrt router behind the ISP router in my home upnp wont work as it has a private IP address, but if i force my external IP address in the config to the local address as provided by the ISP router upnp wont even start.
If I replace the ISP router with my Openwrt router upnp wont work.
I think I need to relay UPNP comands to the ISP provided router or figure out what magic is in their router to replace it. As I have about 6 different xbox consoles it wold suit me better if upnp would work as oposed to manually setting things.
brada4
commented
1 year ago Yes, you need to set openwrt wan interface in cgnat network. You know the way usb 4g works. You need to punch holss there in that network and in your router. Obviousky 1:1 NAT hides gateway address in cgnat that supposedly needs to get command with that IP
Miniupnpd is not working with my providers upstream router with a public ip address range. if I put in my config my private ip address into my external ip upnp fails to start. if I leave it to detect its own external ip it says it is a public address and upnp is not possible. if I use stun to get an external interface it says i have a nat issue:
STUN: ext interface wan with private IP address 192.168.0.142 is now behind restrictive or symmetric NAT with public IP address 115.189.82.94 which does not support port forwarding NAT on upstream router blocks incoming connections set by miniupnpd Turn off NAT on upstream router or change it to full-cone NAT 1:1 typeThere is no nat on my upstream router it is using dmz to forward all ports to my router. I do have an upstream CGnat but if a port is requested it dynamically opens when requested from the client and mapped to an upstream port so I'm told. It seems to work with my providers router, and works with my xbox with out issue connected directly to my providers router. my provider requires me to use their router (tag locked sim card)