Jump to content

Problems With UPNP?


Recommended Posts

Hello.

I'm having teething problem with the UPNP feature in the current version. Sometimes it'll work and other times it won't for example; In the past i've ran two Xbox 360s and always had an OPEN NAT, but the past few days doing some testing and a burner Xbox Live account and the same games i am unable to connect each other, join a party etc. Now, before you ask yes, you can double Xbox 360 and still have OPEN NATS, play games together as it's worked in the past, same with Xbox One, when it does decided to work the table never refreshes or when it is enabled 50/50 it'll work.

The only solution thus far is to factory reset but again this is tedious and time consuming setting everything backup again or switching it off for a few days. I wonder what version of UPNP on the current FW it's running as i think maybe it needs updating or a hotfix. I know running UPNP is a no no but i've never had issues been hacked.

I've swapped hardware and confirm on old Asus RTAC68u on the lastest custom FW on Merlin it works no problems and runs sweet as a nut.

Running the XR500 on the current firmware. Could the devs look into adding this since i don't think the UPNP component hasn't been updated in awhile or at least push a hotfix or forward me a BETA with a fix in to test. 😝

Link to comment
Share on other sites

19 minutes ago, Bert said:

When I use 2 consoles, I go in settings -> WAN Setup and set NAT Filtering to open. Then I get open NAT for both consoles, even with geofilter on etc.

NAT filtering is set to OPEN. :)

Link to comment
Share on other sites

Setting NAT filtering to open is basically disabling the firewall. I would suggest putting it back and adding 1 of the consoles to the DMZ and making sure both have static ip addresses set in the router.

Link to comment
Share on other sites

39 minutes ago, BIG__DOG said:

Setting NAT filtering to open is basically disabling the firewall. I would suggest putting it back and adding 1 of the consoles to the DMZ and making sure both have static ip addresses set in the router.

 

I tried this but you get moderate NAT on one, at least with Playstations.

 

You need to port forward UDP 3074 on one console and this will get open NAT, but the one in DMZ will be stuck on moderate NAT. 

 

I think this is an issue with uPNP. But really it's all work arounds, you should not have to touch the firewall to let uPNP do it's job. My R1, when I use uPNP I just plug them in and both will get open NAT with uPNP, no special stuff required.

Link to comment
Share on other sites

Ive always questioned the UPNP of my XR500. I don't put a lot of faith into it.. Ive been told the XR500 UPNP is outdated. And it may not be able to even be updated.. I think @Killhippie has better insight on this. He seems to track Netgear a bit better then I do.. My ASUS does a much better job at UPNP then my XR500. Its sounds like Netgear was a bit sloppy on there firmware with the XR500. The way I understand it there might be a lot of dead code floating around on it from previous features Netgear used.. Currently right now my UPNP table isn't even populating any ports.. But yet I have an Open Nat on my Xbox.. It maybe time to do another factory reset.. Which im not a fan of.. I really wish I could load DumaOS on my ASUS. 

Zippy.

Link to comment
Share on other sites

I'm not sure if that has to do with other settings.

 

On my XR500 that uses PPPoE the uPNP table stays empty while on the other running DHCP it gets populated. All other settings are equal, even up to things like equal IP's for the console and wifi SSD / PW etc.

Link to comment
Share on other sites

In the end i had to factory reset my XR500 which was annoying just to get UPNP to work. @Netduma Alex what are the chances of this code being updated or is it on a list of things to do, i think @Zippy might be correct a lot of stuff seems to be dead code that needs to be fixed. So far the solution is to factory reset which i'm not a fan of just to get that feature working.

 

Link to comment
Share on other sites

Guest Killhippie
13 minutes ago, muffintastic said:

In the end i had to factory reset my XR500 which was annoying just to get UPNP to work. @Netduma Alex what are the chances of this code being updated or is it on a list of things to do, i think @Zippy might be correct a lot of stuff seems to be dead code that needs to be fixed. So far the solution is to factory reset which i'm not a fan of just to get that feature working.

 

UPnP worked way back on one of the early firmwares which now has massive security holes, yes the code is outdated but it seems more an issues with the common PPPoE connection method used for VDSL in the UK and other countries for instance and that fact that the XR500 does not work well with PPPoE or IPv6, or VLAN tagging, these are known issues from December 2018 and earlier some almost from release ,but they never got patched. Some are Netduma's some Netgears, either way if they are not fixed with DumaOS version 3.0 then they probably never will be. So lets hope 3.0 it has all the patches and fixes needed and the new bugs that appear (there will be new bugs no software is bug free) will get patched without waiting for DumaOS 4.0...

Link to comment
Share on other sites

Just now, Killhippie said:

UPnP worked one way back on one of the early firmwares which now hjas massive security holes, yes the ciode is oytdated but it seems more an issues with the common PPPoE connection method used for VDSL in the UK and other countries for instance and that fact that the XR500 does not work well with PPPoE or IPv6, or VLAN tagging, these are known issues from December 2018 and earlier some alomost from release ,but they never got patched. Some are Netduma's some Netgears, either way of they are not fixed with DumaOS version 3.0 then they never will be I think.

So, if that's the case they should just remove it entirely from the firwmare. I never had an issue when i was on my Asus router. Why, oh why did i have to sell it. 😝

Link to comment
Share on other sites

Guest Killhippie
14 minutes ago, muffintastic said:

So, if that's the case they should just remove it entirely from the firwmare. I never had an issue when i was on my Asus router. Why, oh why did i have to sell it. 😝

IPv6, VLAN tagging and UPnP are basic router functions, although Business class routers rarely have UPnP as its a security risk, alas you cant just remove them unfortunately. as they are needed. Also they should be patched by Netgear and Netduma, but that never happened. So lets see what DumaOS 3.0 brings which is Netduma's firmware and see what Netgear patch too. The kernel that these routers run on is old too, newer Netgear routers are using Chaos Calmer which has a much newer kernel, although its still not bang up to date. A complete re-write by Netgear would just take to long and cost to much, especially now Netgear have moved on to AX routers with 64 bit CPU architecture. I will point out IPv6 works on other Netgear routers although they filter ICMP, as does UPnP so some issues appear to be Netduma's but with a firmware sandwich like the XR range its hard to tell who should patch what sometimes. Also it's always good to keep a spare router, I to learnt that the hard way. ;)

Link to comment
Share on other sites

  • Administrators

If you're wanting the two consoles to play together, even if one is open and another moderate the should still be able to connect as Open NAT can connect with moderate and strict. Are you using the Geo-Filter when you try this? If so I would suggest disabling this first. Regarding UPnP I have asked the team whether this is something Netgear intend to update.

Link to comment
Share on other sites

1 hour ago, Netduma Fraser said:

If you're wanting the two consoles to play together, even if one is open and another moderate the should still be able to connect as Open NAT can connect with moderate and strict. Are you using the Geo-Filter when you try this? If so I would suggest disabling this first. Regarding UPnP I have asked the team whether this is something Netgear intend to update.

@Netduma Fraser I was testing with two Xbox 360s, the only way in the end i got it to work was fully reset the router back to factory and now it's working again and probably stop working in a couple of weeks again. It's very touchy, sometimes if i disable it for a week or two works fine then just craps out. I think it does need updating personally, i'm not a software tech or code genius but it definitely not upto scratch and would be more a security probably if it's running old code and if there are upnp updates i think they should be included in the next release. But, as i said the only logical fix is by doing a factory reset.

Link to comment
Share on other sites

  • Administrators

Okay well let us know again if it's not working and we'll see if there is anything you can change to make it work together more permanently. Being such a big update for us I imagine they will take the opportunity to do.

Link to comment
Share on other sites

On 2/4/2020 at 8:33 PM, Netduma Fraser said:

Okay well let us know again if it's not working and we'll see if there is anything you can change to make it work together more permanently. Being such a big update for us I imagine they will take the opportunity to do.

I know normal port forwarding works no issues, and i know port triggering works too as i've tried a VOIP programme and that works as with DMZ, so i have tried different methods and they do work. It's the fact that UPNP seems to the be the issue and when it stops functioning as i say a full factory reset is needed to overcome this issue and it'll start working again. @Netduma Fraser has my isssue that i've raised being forwared to the dev team to take a look at, again i imagine UPNP probably does need updating someway or other or are they aware there is an issue?

Link to comment
Share on other sites

Guest Killhippie
On 2/4/2020 at 8:33 PM, Netduma Fraser said:

Okay well let us know again if it's not working and we'll see if there is anything you can change to make it work together more permanently. Being such a big update for us I imagine they will take the opportunity to do.

That would mean a massive re-write of their code, and then they would have to apply it to all Netgear routers then, if they cant do it for their own flagship devices I doubt they will do it just for the XR range tbh. Shame as it really does need updating, but it did work with one of your early firmware versions .32 I think and works on other Netgear routers without issue too. Saying that they tend to break it showing in the portmap table every now and then but generally fix it. UPnP is actually a big security hole so any one with security in mind should turn it off. UPnP permits devices with serious vulnerabilities to silently expose themselves, the Mirai botnet was built on a hundred thousand IP cameras that had opened their own ports in firewalls using UPnP exposing severe security vulnerabilities that enabled the botnet to get so big so easily.

Link to comment
Share on other sites

  • Administrators
21 hours ago, muffintastic said:

I know normal port forwarding works no issues, and i know port triggering works too as i've tried a VOIP programme and that works as with DMZ, so i have tried different methods and they do work. It's the fact that UPNP seems to the be the issue and when it stops functioning as i say a full factory reset is needed to overcome this issue and it'll start working again. @Netduma Fraser has my isssue that i've raised being forwared to the dev team to take a look at, again i imagine UPNP probably does need updating someway or other or are they aware there is an issue?

Your specific issue no but the UPnP issue which is the crux of your issue yes so its my hope they will update or fix this on their end. I have mentioned it several times.

21 hours ago, Killhippie said:

That would mean a massive re-write of their code, and then they would have to apply it to all Netgear routers then, if they cant do it for their own flagship devices I doubt they will do it just for the XR range tbh. Shame as it really does need updating, but it did work with one of your early firmware versions .32 I think and works on other Netgear routers without issue too. Saying that they tend to break it showing in the portmap table every now and then but generally fix it. UPnP is actually a big security hole so any one with security in mind should turn it off. UPnP permits devices with serious vulnerabilities to silently expose themselves, the Mirai botnet was built on a hundred thousand IP cameras that had opened their own ports in firewalls using UPnP exposing severe security vulnerabilities that enabled the botnet to get so big so easily.

You're not wrong, I've taken it up as far as is possible to do so. The ball is in their court now, it's my hope that because 3.0 is a major update that they will think similarly and at the very least fix issues such as this even if it's not updated.

Link to comment
Share on other sites

Hey @Netduma Fraser sometime ago when you helped me check my upnp and I came back with negative results im wondering if you are familiar with port triggering?

I noticed in port triggering it has a triggered port and then bellow that it has inbound port start and port end.. So could you give me an example of what it would look like if one was triggering a port. Basically what port range should be used there? And does inbound port basically mean like destination port or port a game server uses? I just want to make sure I have this set up correctly..

Thanks!

Zippy.

Link to comment
Share on other sites

Guest Killhippie
3 hours ago, Netduma Fraser said:

You're not wrong, I've taken it up as far as is possible to do so. The ball is in their court now, it's my hope that because 3.0 is a major update that they will think similarly and at the very least fix issues such as this even if it's not updated.

I really hope so Fraser, it needs doing badly.

Link to comment
Share on other sites

  • Administrators
1 hour ago, Zippy said:

Hey @Netduma Fraser sometime ago when you helped me check my upnp and I came back with negative results im wondering if you are familiar with port triggering?

I noticed in port triggering it has a triggered port and then bellow that it has inbound port start and port end.. So could you give me an example of what it would look like if one was triggering a port. Basically what port range should be used there? And does inbound port basically mean like destination port or port a game server uses? I just want to make sure I have this set up correctly..

Thanks!

Zippy.

Easy way to think of it is the inbound/source ports allow other applications/services on the internet to connect to you, they make a request and that comes to you. Outbound is the opposite you let your web browser, games etc access the internet etc. When you see ports online etc they usually are referring to the outbound/destination ports as these don't change, the source/inbound ports can change which is why UPnP is enabled by default usually. That's also why if you notice in Traffic Prioritization when you select advanced it has the source ports filled in by default as 1-65535 (the entire port range) as you can't be sure what it comes in on. So if it allows you to I would suggest you do the source/inbound ports as 1-65535 and specify the outbound/destination ports for you game e.g. 3074 for CoD.

Link to comment
Share on other sites

1 hour ago, Netduma Fraser said:

Easy way to think of it is the inbound/source ports allow other applications/services on the internet to connect to you, they make a request and that comes to you. Outbound is the opposite you let your web browser, games etc access the internet etc. When you see ports online etc they usually are referring to the outbound/destination ports as these don't change, the source/inbound ports can change which is why UPnP is enabled by default usually. That's also why if you notice in Traffic Prioritization when you select advanced it has the source ports filled in by default as 1-65535 (the entire port range) as you can't be sure what it comes in on. So if it allows you to I would suggest you do the source/inbound ports as 1-65535 and specify the outbound/destination ports for you game e.g. 3074 for CoD.

Thank you Fraser for your explanation.. I think we are tracking. So with that said when I do a wireshark capture and my source port is 3074 and destination port is 3544 UDP is that maybe why my upnp isn't working? When I enable upnp it shows 3074 to 3074. But my wireshark captures always show 3074 to 3544. At no point does it ever show 3074 as a destination port.. Was wondering if that is why upnp doesn't work properly.. What are your thoughts? Years back before 3544 was even in the picture for xbox it use to be 3074 to 3074. But it no longer is that.. Again thanks for your good explanation.. I may pick your brain a bit more on this to see what I come up with..

Zippy.

Link to comment
Share on other sites

  • Administrators

It may be that it was using 3074 and UPnP hasn't refreshed quickly enough to reflect this. It could help to decrease the advertisement period and increase time to live then it may update quicker. It could also be that it's just mirroring the source port to the destination for some reason.

Link to comment
Share on other sites

36 minutes ago, Netduma Fraser said:

It may be that it was using 3074 and UPnP hasn't refreshed quickly enough to reflect this. It could help to decrease the advertisement period and increase time to live then it may update quicker. It could also be that it's just mirroring the source port to the destination for some reason.

Okay Fraser thanks! Would it benefit at all to add the dedicated server port range at all in the port triggering? My source port on that never changes but my server port the game plays always changes each game. 

Zippy.

Link to comment
Share on other sites

  • Administrators
43 minutes ago, Zippy said:

Okay Fraser thanks! Would it benefit at all to add the dedicated server port range at all in the port triggering? My source port on that never changes but my server port the game plays always changes each game. 

Zippy.

If you have an Open NAT already then it isn't necessary and I would generally suggest the old saying 'if it isn't broken don't fix it' but as long as you know what you've changed then if it messes up then you could change it back. I wouldn't have thought it would make a significant difference to your online experience if the NAT is open already.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...