I'm trying to leverage the new feature in miniupnpd that dynamically discovers the public IP of a cascaded (i.e behind another NAT router) OpenWRT box using the STUN protocol.
My upstream ISP-Supplied modem/router is configured to forward all inbound traffic with a DMZ configuration. I've tested, and traffic arrives at the OpenWRT and goes through manually configured port forwards to their destinations.
This is good news for PPPoE and cascaded users who have struggled with the public IP not being shown in miniupnpd, and therefore clients not working, as they see a private IP vs public.
So two things, there does not seem to be support (yet) in the OpenWRT /etc/config file parsing that will output the newly defined miniupnpd runtime input config (in /var/etc/miniupnpd.conf ), is anyone working on that, or do we need a bug report?
Secondly, even if I manually poke the run var file as follows, it still claims the test did not pass:
root@OpenWrt:/etc/config# cat /var/etc/miniupnpd.conf ext_ifname=eth0.2 listening_ip=br-lan port=5000 enable_natpmp=yes enable_upnp=yes secure_mode=yes ext_perform_stun=yes ext_stun_host=stun.onesuite.com pcp_allow_thirdparty=no system_uptime=yes force_igd_desc_v1=yes lease_file=/var/run/miniupnpd.leases bitrate_down=8388608 bitrate_up=4194304 uuid=34d83956-276a-466c-beaf-d2af9d9e7bec allow 1024-65535 0.0.0.0/0 1024-65535 #Allow high ports deny 0-65535 0.0.0.0/0 0-65535 #Default deny
When I then launch miniupnpd in full debug mode, we see the STUN process successfully retrieve the public IP, but grades the inbound state as 'Restrictive NAT' and clients can't add effective forwards (if they even bother, given the other status).
root@OpenWrt:/etc/config# /usr/sbin/miniupnpd -d -f /var/etc/miniupnpd.conf miniupnpd: system uptime is 3517 seconds miniupnpd: Reloading rules from lease file miniupnpd: could not open lease file: /var/run/miniupnpd.leases miniupnpd: version 2.1 starting NAT-PMP/PCP UPnP-IGD ext if eth0.2 BOOTID=1533835654 miniupnpd: STUN: Performing with host=stun.onesuite.com and port=0 ... miniupnpd: STUN: ext interface eth0.2 with IP address 192.168.254.13 is now behind restrictive NAT with public IP address 18.104.22.168: Port forwarding is now impossible miniupnpd: HTTP listening on port 5000 miniupnpd: HTTP IPv6 address given to control points : [fd6b:c2c9:3cb7::1] miniupnpd: Listening for NAT-PMP/PCP traffic on port 5351
Even though I know traffic is being forwarded from the upstream router.
So anyone else having luck with miniupnpd and STUN discovery?
Code is today's build on a C7v2.