IPv6 UPnP - pinholes ?

Discussion of Transmission that doesn't fit in the other categories
vom513
Posts: 3
Joined: Thu Sep 13, 2018 4:30 pm

IPv6 UPnP - pinholes ?

Postby vom513 » Thu Sep 13, 2018 5:48 pm

Hello,

I debated if I should have posted this in the feature requests sub, but I wanted to confirm some things first.

When you choose "automatically map port" - Transmission will go through the mechanics of requesting a port forward via UPnP (IPv4). This works just fine.

For IPv6 though, even thought a NAT isn't (shouldn't be) required - you still should have your listening/inbound port opened in the firewall. It doesn't seem like Transmission does this. Specifically - it doesn't look like Transmission makes a "WANIPv6FirewallControl" call (UPnP IGD v2).

I have my firewall running the latest stable miniupnpd - and using the cli test tool (upnpc) - I can successfully request a pinhole and it gets added/opened.

So my questions:

- Am I correct in the above ? Does Transmission not have this feature as of yet ?
- If no, should I open a ticket or post in feature requests ?

I'm willing to test if applicable. I'm on macOS 10.13.6 - latest release/stable Transmission and as I said - my firewall seems to be processing IPv6 pinhole requests properly.

Thanks.

vom513
Posts: 3
Joined: Thu Sep 13, 2018 4:30 pm

Re: IPv6 UPnP - pinholes ?

Postby vom513 » Fri Sep 14, 2018 7:11 pm

Replying to myself...

I took a quick 'grep -ir' look through Transmission source code (as well as looking closer at upnp.c and port-forwarding.c) and didn't see anything regarding IPv6.

Here's what I run to open a pinhole successfully on my firewall:

Code: Select all

upnpc -6 -A "" 0 2001:db8:1234::5678 12345 tcp 300


The first part is allowing all source addresses ("") and all source ports (0). This is how miniupnpd understands an "any" specification. Not sure if there is an official protocol spec that matches this or differs...

The second part is simply my (fake) IPv6 address (2001:db8:1234::5678) and my port (12345).

Finally this is for TCP with a lifetime of 5 min (300 seconds).

I would think that if Transmission could attempt this in parallel with it's IPv4 port forwarding mechanics, it would be well positioned to work better with IPv6 networks and gateways going forward.

Derrils
Posts: 1
Joined: Wed Sep 19, 2018 11:58 am

Re: IPv6 UPnP - pinholes ?

Postby Derrils » Wed Sep 19, 2018 11:59 am

An observation on IPv6 operation. In order to provide some network services to the wider internet it is necessary to put pin holes in the IPv6 firewall such that certain ports are forwarded to the correct LAN machine & port. Traditionally this has been done via a upnp type mechanism which also set up the necessary port/address translation for IPv4. A similar mechanism should also work for IPv6 but so far it looks like Asuswrt doesn't work/support this. It looks like miniupnpd should do this, but it's not compiled with IPv6 support.

Thoughts/ideas on this and who to contact at Asus to get this implemented. I'd argue that without this functionality then IPv6 support is incomplete. Or does the firewall not exist in the official Asus firmware?

zoziano
Posts: 4
Joined: Mon Sep 24, 2018 7:38 pm

Re: IPv6 UPnP - pinholes ?

Postby zoziano » Mon Sep 24, 2018 7:53 pm

itle says it all ;-)

When adding firewallopening using WANIPv6FirewallControl the rules does not get persisted to leases file.
Only IPv4 mappings gets saved.











Clean MasterFacebook LiteHill Mathway

vom513
Posts: 3
Joined: Thu Sep 13, 2018 4:30 pm

Re: IPv6 UPnP - pinholes ?

Postby vom513 » Tue Sep 25, 2018 6:58 pm

I've also gotten PCP (Port Control Protocol) working on my miniupnpd on my firewall for IPv6. I'm able to test that as well now.

I don't know that there's much prior work (if any) on this out in the real world. But would it make sense to perhaps attempt IGDv2/WANIPv6FirewallControl first ? And if there is a non-success response from that (or no response) - attempt a PCP MAP ?

Bachsau
Posts: 1
Joined: Sun Nov 11, 2018 1:13 am

Re: IPv6 UPnP - pinholes ?

Postby Bachsau » Sun Nov 11, 2018 1:23 am

I would say that in the current state, Trasmission is completely unusable with IPv6 on machines with dynamic IP adresses. It is just flooding trackers with useless IPs.

Why?
Not just because it does not request any port forwarding for IPv6, it also opts to use a private suffix if privacy extensions are enabled on the machine it runs on, which makes it impossible to set up a fixed pinhole. Of course there would be the option to manualy set an IPv6 adress to use in the configuration file, but this also does not work, because my service provider switches prefixes every few days. To make this work, Transmission would at least need to accept just suffixes instead of fully qualified adresses in its configuration files. Long story short: The reason why people hate IPv6 is not because it is a bad protocol, but because it is used by crappy software. Like Transmission. :evil:


Return to “General”