Project

General

Profile

Feature #1835

uPNP IPv6 support

Added by Chris Buechler over 7 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Low
Category:
uPNP
Target version:
Start date:
09/01/2011
Due date:
% Done:

0%

Estimated time:

Description

uPNP needs IPv6 support.

miniupnpd.zip (61.8 KB) miniupnpd.zip Daniel Becker, 03/03/2015 01:20 PM

History

#1 Updated by Seth Mos over 7 years ago

Thread in the miniupnp forum here.
http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=728

This will take a while before the port is upto speed. From glancing the thread the firewall does have host options but not port options. That would be silly. More investigation.

Version 1.5.20110515 does have some IPv6 support.
http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=69

We should be able to enable this after the 2.0 release after we update.

#2 Updated by Chris Buechler over 7 years ago

probably will have to add a new port for miniupnpd-v6 or similar, as we're going to keep RELENG_2_0 snapshot builders going for likely 2.0.1, etc. releases. or else tag tools with RELENG_2_0, that may be better.

#3 Updated by Seth Mos over 7 years ago

The newer miniupnpd is going forward with more then just the ipv6 firewall control bits. It also fixes and enhances quite a few other features such as the connection status.

Going to import the new one, we can always roll back.

#4 Updated by Seth Mos about 7 years ago

  • Status changed from New to Resolved

Newer miniupnpd is included, another open ticket for the latest import though.

#5 Updated by Jim Pingle over 6 years ago

  • Status changed from Resolved to New

The newer miniupnpd does support it, but produces errors when it's enabled and run. It compiles OK, but doesn't function. Still needs investigation.

#6 Updated by Chris Buechler over 6 years ago

  • Target version deleted (2.1)

#7 Updated by Denis Dzyubenko about 4 years ago

Is there an update on this? I am running pfsense 2.2 but it seems upnp here still doesn't support ipv6 :(

#8 Updated by Daniel Becker about 4 years ago

There's a patch to enable IPv6 in miniupnpd in issue #4321, but so far it doesn't look like anybody's looked at it.

#9 Updated by Daniel Becker about 4 years ago

Attached is an amd64 binary of miniupnpd with the patches in #4320 and #4321 applied; you can just copy it to /usr/local/sbin on your pfSense box (remember to make a backup of the existing miniupnpd binary in that location) and restart miniupnpd through the web interface

#10 Updated by Denis Dzyubenko about 4 years ago

I just tried this binary and I see no changes between this and the original miniupnpd in pfsense 2.2

Actually after investigating it more it seems the issue is that the traffic is blocked by pf. I am not sure how miniupnpd supposed to work here, is there a script somewhere that adds pf entries forwarding incoming traffic?

After adding "pass incoming ipv6 tcp to all ports" rule in the pfsense gui everything seems to work, so I guess the issue is with the rules but not miniupnpd itself.

#11 Updated by Denis Dzyubenko about 4 years ago

Denis Dzyubenko wrote:

I just tried this binary and I see no changes between this and the original miniupnpd in pfsense 2.2

Actually after investigating it more it seems the issue is that the traffic is blocked by pf. I am not sure how miniupnpd supposed to work here, is there a script somewhere that adds pf entries forwarding incoming traffic?

After adding "pass incoming ipv6 tcp to all ports" rule in the pfsense gui everything seems to work, so I guess the issue is with the rules but not miniupnpd itself.

ah I see in the miniupnpd source code the rules are created there, not with any external scripts. Well I guess ipv6 rules do not work yet :(

#12 Updated by Denis Dzyubenko about 4 years ago

Denis Dzyubenko wrote:

Denis Dzyubenko wrote:

I just tried this binary and I see no changes between this and the original miniupnpd in pfsense 2.2

Actually after investigating it more it seems the issue is that the traffic is blocked by pf. I am not sure how miniupnpd supposed to work here, is there a script somewhere that adds pf entries forwarding incoming traffic?

After adding "pass incoming ipv6 tcp to all ports" rule in the pfsense gui everything seems to work, so I guess the issue is with the rules but not miniupnpd itself.

ah I see in the miniupnpd source code the rules are created there, not with any external scripts. Well I guess ipv6 rules do not work yet :(

Disclaimer: I am very new to FreeBSD and PF. I am clearly misunderstanding something, even for ipv4 connections there are no rules created that are visible with "pfctl -sr", but there are some state table entries on the affected ports in "pfctl -ss" for both ipv4 and ipv6 addresses. I am giving up for now though, I need to learn PF before I can investigate this further.

#13 Updated by Daniel Becker about 4 years ago

If you do a "sockstat" with the new binary running, you should see that it's now listening on v4 and v6 sockets, where the original binaries listens on v4 sockets only.

To see the rules created by miniupnpd, you can do "pfctl -a miniupnpd -s rules" / "pfctl -a miniupnpd -s nat". You will obviously need a client that actually tries to generate v6 pinholes in the first place, though, which I'm not sure there are a whole lot of in the wild.

#14 Updated by Renato Botelho over 3 years ago

  • Assignee set to Renato Botelho
  • Target version set to 2.3

#15 Updated by Jim Pingle over 3 years ago

  • Status changed from New to Resolved

Duplicated by #4321 but a fix was committed on that ticket rather than this one. It's already set to Feedback.

Also available in: Atom PDF