Miniupnpd problem, GetExternalIPAddress error, unable to add forward rule

Menion · April 18, 2020, 9:46am

Hi all

I am running LEDE 19.07.02 on my OrangePi PC 2. I am not sure exactly when but miniupnpd cannot work properly anymore.

I have done some test and it seems that GetExternalIPAddress fails and the consequence is that I am unable to add any forwarding rule

First of all I have reinstalled the package with default config, which looks like (I have just added external_iface option and allowed all port for testing but the result would be the same)


config upnpd 'config'
        option port '5000'
        option upnp_lease_file '/var/run/miniupnpd.leases'
        option enabled '1'
        option igdv1 '1'
        option download '6200'
        option upload '3200'
        option uuid '155602f0-31b0-461c-b07a-1e5c1ed60494'
        option external_iface 'wan'
        option internal_iface 'lan'
        option log_output '1'

config perm_rule
        option action 'allow'
        option ext_ports '1024-65535'
        option int_addr '0.0.0.0/0'
        option int_ports '1024-65535'
        option comment 'Allow high ports'

config perm_rule
        option ext_ports '0-65535'
        option int_addr '0.0.0.0/0'
        option int_ports '0-65535'
        option comment 'Default allow'
        option action 'allow'

Then on a Linux machine I try to open a port and I get:

menion@Menionubuntu:~$ upnpc -a 192.168.182.192 62000 62000 tcp
upnpc : miniupnpc library test client. (c) 2005-2014 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://[fdb5:24dd:30d::1]:5000/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

 desc: http://192.168.182.1:5000/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

connect: Network is unreachable
Found a (not connected?) IGD : http://192.168.182.1:5000/ctl/IPConn
Trying to continue anyway
Local LAN ip address : 192.168.182.192
GetExternalIPAddress failed.
AddPortMapping(62000, 62000, 192.168.182.192) failed with code 501 (Action Failed)
GetSpecificPortMappingEntry() failed with code 714 (NoSuchEntryInArray)

The log on the OpenWRT router says

Sat Apr 18 11:33:18 2020 daemon.debug miniupnpd[13782]: level=0 type=8
Sat Apr 18 11:33:18 2020 daemon.debug miniupnpd[13782]: ifindex = 9  192.168.182.1
Sat Apr 18 11:33:18 2020 daemon.debug miniupnpd[13782]: ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1 (ver=1)
Sat Apr 18 11:33:18 2020 daemon.info miniupnpd[13782]: SSDP M-SEARCH from 192.168.182.192:51417 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Sat Apr 18 11:33:18 2020 daemon.info miniupnpd[13782]: Single search found
Sat Apr 18 11:33:18 2020 daemon.debug miniupnpd[13782]: SendSSDPResponse(): 0 bytes to 192.168.182.192:51417 ST: HTTP/1.1 200 CONFIGID.UPNP.ORG: 13372215rg/upnp/1/0/"; ns=01ld/2.1chemas-upnp-org:device:InternetGatewayDevice:1
Sat Apr 18 11:33:18 2020 daemon.info miniupnpd[13782]: Received UDP Packet (IPv6)
Sat Apr 18 11:33:18 2020 daemon.debug miniupnpd[13782]: ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1 (ver=1)
Sat Apr 18 11:33:18 2020 daemon.info miniupnpd[13782]: SSDP M-SEARCH from [::ffff:192.168.182.192]:51417 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Sat Apr 18 11:33:18 2020 daemon.info miniupnpd[13782]: Single search found
Sat Apr 18 11:33:18 2020 daemon.debug miniupnpd[13782]: SendSSDPResponse(): 0 bytes to [::ffff:192.168.182.192]:51417 ST: HTT CONFIGID.UPNP.ORG: 13372215rg/upnp/1/0/"; ns=01sc.xmlchemas-upnp-org:device:InternetGatewayDevice:1
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: HTTP REQUEST from [::ffff:192.168.182.192]:33176 : GET /rootDesc.xml (HTTP/1.1)
Sat Apr 18 11:33:21 2020 daemon.debug miniupnpd[13782]: Host: 192.168.182.1:5000
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: HTTP REQUEST from [::ffff:192.168.182.192]:33178 : POST /ctl/IPConn (HTTP/1.1)
Sat Apr 18 11:33:21 2020 daemon.debug miniupnpd[13782]: Host: 192.168.182.1:5000
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: HTTP REQUEST from [::ffff:192.168.182.192]:33180 : POST /ctl/IPConn (HTTP/1.1)
Sat Apr 18 11:33:21 2020 daemon.debug miniupnpd[13782]: Host: 192.168.182.1:5000
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: Returning UPnPError 501: Action Failed
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: HTTP REQUEST from [::ffff:192.168.182.192]:33182 : POST /ctl/IPConn (HTTP/1.1)
Sat Apr 18 11:33:21 2020 daemon.debug miniupnpd[13782]: Host: 192.168.182.1:5000
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: Returning UPnPError 501: Action Failed
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: HTTP REQUEST from [::ffff:192.168.182.192]:33184 : POST /ctl/IPConn (HTTP/1.1)
Sat Apr 18 11:33:21 2020 daemon.debug miniupnpd[13782]: Host: 192.168.182.1:5000
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: AddPortMapping: ext port 6666 to 192.168.182.192:6666 protocol TCP for: libminiupnpc leaseduration=604800 rhost=
Sat Apr 18 11:33:21 2020 daemon.debug miniupnpd[13782]: UPnP permission rule 0 matched : port mapping accepted
Sat Apr 18 11:33:21 2020 daemon.debug miniupnpd[13782]: Check protocol tcp for port 6666 on ext_if br-wan 192.168.188.24, 18BCA8C0
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: redirecting port 6666 to 192.168.182.192:6666 protocol TCP for: libminiupnpc
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: Returning UPnPError 501: ActionFailed
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: HTTP REQUEST from [::ffff:192.168.182.192]:33186 : POST /ctl/IPConn (HTTP/1.1)
Sat Apr 18 11:33:21 2020 daemon.debug miniupnpd[13782]: Host: 192.168.182.1:5000
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetSpecificPortMappingEntry
Sat Apr 18 11:33:21 2020 daemon.info miniupnpd[13782]: Returning UPnPError 714: NoSuchEntryInArray
Sat Apr 18 11:33:23 2020 daemon.debug miniupnpd[13782]: level=0 type=8
Sat Apr 18 11:33:23 2020 daemon.debug miniupnpd[13782]: ifindex = 9  192.168.182.1
Sat Apr 18 11:33:23 2020 daemon.debug miniupnpd[13782]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
Sat Apr 18 11:33:23 2020 daemon.info miniupnpd[13782]: SSDP M-SEARCH from 192.168.182.112:39024 ST: urn:dial-multiscreen-org:service:dial:1
Sat Apr 18 11:33:23 2020 daemon.info miniupnpd[13782]: Received UDP Packet (IPv6)
Sat Apr 18 11:33:23 2020 daemon.debug miniupnpd[13782]: ST: urn:dial-multiscreen-org:service:dial:1 (ver=1)
Sat Apr 18 11:33:23 2020 daemon.info miniupnpd[13782]: SSDP M-SEARCH from [::ffff:192.168.182.112]:39024 ST: urn:dial-multiscreen-org:service:dial:1

What I see is that I get an error in GetExternalIPAddress which I cannot explain since the miniupnpd generated config seems to point to correct interfaces:

ext_ifname=br-wan
listening_ip=br-lan
port=5000
enable_natpmp=yes
enable_upnp=yes
secure_mode=yes
pcp_allow_thirdparty=no
system_uptime=yes
force_igd_desc_v1=yes
lease_file=/var/run/miniupnpd.leases
bitrate_down=50790400
bitrate_up=26214400
uuid=155602f0-31b0-461c-b07a-1e5c1ed60494
allow 1024-65535 0.0.0.0/0 1024-65535 #Allow high ports
allow 0-65535 0.0.0.0/0 0-65535 #Default allow

interfaces (I have removed eth and tunnels)


br-lan    Link encap:Ethernet  HWaddr 02:01:C8:EC:FC:1C
          inet addr:192.168.182.1  Bcast:192.168.182.255  Mask:255.255.255.0
          inet6 addr: fdb5:24dd:30d::1/64 Scope:Global
          inet6 addr: fe80::1:c8ff:feec:fc1c/64 Scope:Link
          inet6 addr: 2001:b07:5d37:d3e3::1/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1748142 errors:0 dropped:2908 overruns:0 frame:0
          TX packets:1530985 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1932260078 (1.7 GiB)  TX bytes:762282270 (726.9 MiB)

br-wan    Link encap:Ethernet  HWaddr 02:01:C8:EC:FC:1C
          inet addr:192.168.188.24  Bcast:192.168.188.255  Mask:255.255.255.0
          inet6 addr: fe80::1:c8ff:feec:fc1c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1495957 errors:0 dropped:11678 overruns:0 frame:0
          TX packets:1755790 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:727150730 (693.4 MiB)  TX bytes:1948472991 (1.8 GiB)

The other thing I see is due to the fact that I am using OpenWRT in cascade with my ISP router, at the startup I get:

miniupnpd[16968]: system uptime is 6428 seconds
miniupnpd[16968]: Reloading rules from lease file
miniupnpd[16968]: version 2.1 starting NAT-PMP/PCP UPnP-IGD ext if br-wan BOOTID=1587203625
miniupnpd[16968]: Reserved / private IP address 192.168.188.24 on ext interface br-wan: Port forwarding is impossible
miniupnpd[16968]: You are probably behind NAT, enable option ext_perform_stun=yes to detect public IP address
miniupnpd[16968]: HTTP listening on port 5000
miniupnpd[16968]: HTTP IPv6 address given to control points : [fdb5:24dd:30d::1]
miniupnpd[16968]: Listening for NAT-PMP/PCP traffic on port 5351
miniupnpd[16968]: HTTP REQUEST from [::ffff:192.168.182.144]:64361 : GET /rootDesc.xml (HTTP/1.1)

This is new to me, I want to do port forwarding to my private WAN address, I will take care of the forwarding at ISP side
Any help would be appreciated since I am quite lost here
Thanks

amteza · April 19, 2020, 2:52am

This happened to me. The reason being that my WAN interface IP is in subnet 100.65.59.213/17 while my public IP is in a totally different subnet 180.150.37.0. What I did to solve it was modify manually my startup script /etc/init.d/miniupnp, I added the line between asterisks to get my ddns IP address.

                **extip=$(dig +short a mydomain.com)**
                [ -n "$extip" ] && \
                        echo "ext_ip=$extip" >>$tmpconf

This solved my issue, if your public IP is pretty static it will be fine, otherwise you can create a cron job to restart miniupnp periodically.

2hotluigi · November 4, 2021, 6:24am

Thanks, looking alot for something like this.
I just use extip=$( curl -s https://api.ipify.org)
+respect

tmomas · November 14, 2021, 6:25am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.