Open professor-jonny opened 2 years ago
Most likely UPNP is blocked at your provider due to inherent security issues during last years. Functional replacement is any kind of VPN, like wireguard or openvpn. As per specification UPNP should work via multicast, if yours accepted commands on unicast address it would plainly open all your internal network to the world of cyber attacks.
Most likely UPNP is blocked at your provider due to inherent security issues during last years. Functional replacement is any kind of VPN, like wireguard or openvpn. As per specification UPNP should work via multicast, if yours accepted commands on unicast address it would plainly open all your internal network to the world of cyber attacks.
He said it works with provider's router.
Hello I'm also facing problems with UPnP, however my ISP router is not behind a cgNAT and has a public IP, OpenWRT router is behind ISP's and DMZ'ed to it.
I can easily open ports within Firewall options in LuCI and they work ok.
However it seems the culprit is the example STUN server (stun.stunprotocol.org:3478
)
I changed it to google's stun.l.google.com:19302
and it's punching holes mapping ports again!
Good luck!
I think my issue is I need some sort of UPNP/PCP proxy or relay that miniupnpd does not currently provide. I believe the ISP provided router does some sort of forwarding to the upstream CGNAT to open ports.
Testing with the ISP provided router with my Xbox sugests all ports are open but with a third party router or a cascaded router behind the ISP router set to DMZ reveals blocked ports.
But can you do regular port forwarding?
I have hard time to undrrstand - you say you have public IP on your openwrt and then where do you forward ports? Thats anothr NAT or what?
I have an ISP with a CGNAT and with the provided router UPNP works. If I cascade my own Openwrt router behind the ISP router in my home upnp wont work as it has a private IP address, but if i force my external IP address in the config to the local address as provided by the ISP router upnp wont even start.
If I replace the ISP router with my Openwrt router upnp wont work.
I think I need to relay UPNP comands to the ISP provided router or figure out what magic is in their router to replace it. As I have about 6 different xbox consoles it wold suit me better if upnp would work as oposed to manually setting things.
Yes, you need to set openwrt wan interface in cgnat network. You know the way usb 4g works. You need to punch holss there in that network and in your router. Obviousky 1:1 NAT hides gateway address in cgnat that supposedly needs to get command with that IP
Miniupnpd is not working with my providers upstream router with a public ip address range. if I put in my config my private ip address into my external ip upnp fails to start. if I leave it to detect its own external ip it says it is a public address and upnp is not possible. if I use stun to get an external interface it says i have a nat issue:
STUN: ext interface wan with private IP address 192.168.0.142 is now behind restrictive or symmetric NAT with public IP address 115.189.82.94 which does not support port forwarding NAT on upstream router blocks incoming connections set by miniupnpd Turn off NAT on upstream router or change it to full-cone NAT 1:1 type
There is no nat on my upstream router it is using dmz to forward all ports to my router. I do have an upstream CGnat but if a port is requested it dynamically opens when requested from the client and mapped to an upstream port so I'm told. It seems to work with my providers router, and works with my xbox with out issue connected directly to my providers router. my provider requires me to use their router (tag locked sim card)