UPnP/IPv6 support in home routers?
Folks, Anyone can comment on the UPnP support for IPv6 in home routers? Those that I have checked have UPnP support for IPv4, but not for IPv6 -- even when the home router does otherwise support IPv6. Looking at UPnP itself, it seems to allow opening holes at the IGD, but on a fully-specified (local ip, local port, remote ip, remote port) basis, which kind of sucks -- as one would want to be able to whitelist all ports for a given IP address, or at least (local ip, local port). Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
On Mon, 11 Dec 2017 09:23:11 -0300, Fernando Gont said:
Anyone can comment on the UPnP support for IPv6 in home routers?
Those that I have checked have UPnP support for IPv4, but not for IPv6 -- even when the home router does otherwise support IPv6.
Well, there's a bit of a problem there. Near as I can tell, to get IPv6 support you need to use IGDv2. Unfortunately, if you want your Xbox or Playstation to be able to work, you need to be using IGDv1. Guess what almost everybody chooses to do? (Been there, done that - had to rebuild miniupnpd for OpenWRT/Lede because it built with v2 by default)
Hello, Valdis, On 12/11/2017 10:44 AM, valdis.kletnieks@vt.edu wrote:
On Mon, 11 Dec 2017 09:23:11 -0300, Fernando Gont said:
Anyone can comment on the UPnP support for IPv6 in home routers?
Those that I have checked have UPnP support for IPv4, but not for IPv6 -- even when the home router does otherwise support IPv6.
Well, there's a bit of a problem there.
Near as I can tell, to get IPv6 support you need to use IGDv2.
Unfortunately, if you want your Xbox or Playstation to be able to work, you need to be using IGDv1.
Could you elaborate on why IGDv1 is needed? (why things break with IGDv2)
Guess what almost everybody chooses to do?
(Been there, done that - had to rebuild miniupnpd for OpenWRT/Lede because it built with v2 by default)
I see your point. Now, how are apps that currently rely on punching holes into the NAT or filtering device to work in a v6-only scenario? Thanks! Cheers, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
On Mon, 11 Dec 2017 12:10:39 -0300, Fernando Gont said:
On 12/11/2017 10:44 AM, valdis.kletnieks@vt.edu wrote:
Unfortunately, if you want your Xbox or Playstation to be able to work, you need to be using IGDv1.
Could you elaborate on why IGDv1 is needed? (why things break with IGDv2)
Because my Playstation 3 and Playstation 4 both speak IDGv1, and when they talk to an IGDv2-capable miniupnpd on Openwrt/Lede, it Just Doesn't Work, and will continue to do so until Sony ships a software update to make it work with both v1 and v2. It's possible that miniupnp simply botched backward combatability - I didn't debug further. Googling for 'miniupnp idgv2' seems to indicate that nobody else has debugged/fixed the issue either. https://forum.lede-project.org/t/miniupnp-with-igd2-not-compatible-with-cons... (More recent Lede builds changed back to IDGv1 by default for this exact reason). Interesting fact: My PS/4 will dhcpv6 and assign itself an address and answers ping6 even from outside my home network (so it has a default route), but doesn't seem to do anything else with IPv6 (for instance, the assigned address isn't listed under 'view connection status', nor does nmap find any open ports, though it hits 2 open http ports on IPv4).
I see your point. Now, how are apps that currently rely on punching holes into the NAT or filtering device to work in a v6-only scenario?
I wonder if doing IDGv2 on IPv6 and IDGv1 on IPV4 is a viable solution....
UPnP is the spawn of Beelzebub. Implementation by Bugs Bunny's maroons for use by other maroons is ok, I suppose, as long as those of us who are not maroons can turn the evil off. However, if those maroons start whining about all the crap that happened to them because they enabled UPnP they better to be able to take the "I told you so you stupid maroon" in stride as a perfectly adequate and entirely correct statement of fact. --- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Fernando Gont Sent: Monday, 11 December, 2017 05:23 To: NANOG Subject: UPnP/IPv6 support in home routers?
Folks,
Anyone can comment on the UPnP support for IPv6 in home routers?
Those that I have checked have UPnP support for IPv4, but not for IPv6 -- even when the home router does otherwise support IPv6.
Looking at UPnP itself, it seems to allow opening holes at the IGD, but on a fully-specified (local ip, local port, remote ip, remote port) basis, which kind of sucks -- as one would want to be able to whitelist all ports for a given IP address, or at least (local ip, local port).
Thanks!
Best regards, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
participants (3)
-
Fernando Gont -
Keith Medcalf -
valdis.kletnieks@vt.edu