AiProtection scan / UPnP

[Patrick9876]

RT-AC86U, Merlin 386.11

I am not currently using AiProtection but started looking at it today. It looks like the scan function works whether or not AiProtection is enabled, but does it work correctly? The scan claims I have UPnP services enabled. The WAN - Internet Connection display says I have it disabled. Is AiProtection complaining about UPnP on the LAN interfaces rather than WAN? Is there even a way to turn off UPnP on the LAN? And do I want to?

 

[ColinTaylor]

SSH into the router and run the following command to see if miniupnpd is running:

ps | grep upnp

 

[Patrick9876]

I'm Linux illiterate so I don't know the significance of what was displayed. I see

17062 admin-rt  3328 S    grep upnp

It looks like that is just the process running grep so I guess UPnP is not running.

Off topic: that "admin-rt" looks like it should be the admin userid (which I would not post), but it isn't. Is it a generic or default userid just for the display? (I tried logging on with it before posting this and it was rejected.)

 

[ColinTaylor]

Yes, it doesn't look like it's running otherwise you'd see something like this:

# ps | grep upnp
 7940 admin     3248 S    miniupnpd -f /etc/upnp/config
 8482 admin     1156 D    grep upnp

admin-rt ought to be the name of the admin userid. I don't know why you're seeing that. Check the passwd file to see if there are duplicate entries for uid 0:

cd /etc
cat passwd

 

[Patrick9876]

Hmm. I find it a bit disconcerting that AiProtection presents inaccurate information. It does correctly indicate that I have Port Forwarding active. (I expose one UDP port.)

Regarding the passwd file, it shows the real admin userid (not admin-rt), nas, nobody, tor, and a couple OpenVPN server userids. I suspect I may have been using admin-rt at one time, but not for several years.

 

[Tech9]

Do you have Dual WAN enabled?

 

[ColinTaylor]

Strange. Are you sure you're not logged into a different router by mistake?

 

[Patrick9876]

@Tech9: Yes, I have Dual Wan (Fail Over mode) enabled. How does that figure in?

@Collin Taylor: I have only one powered on router. (I have an old AC87U on a shelf somewhere but none powered up and on my LAN.)

 

[Tech9]

@Tech9: Yes, I have Dual Wan (Fail Over mode) enabled. How does that figure in?

You have 2x WAN interfaces and the secondary (currently inactive) perhaps has UPnP enabled.

I'm pretty sure this is causing AiProtection test to show UPnP enabled with currently miniupnpd not running.

 

[ColinTaylor]

As per @Tech9's post, try directly setting UPnP off for both interfaces and check again. Reboot to make sure the change sticks.

nvram set wan0_upnp_enable=0
nvram set wan1_upnp_enable=0
nvram commit

 

[Tech9]

The two interfaces must be in GUI as well. I remember a drop down menu in WAN section.

I've played with Dual WAN quite a bit on different Asus routers, but unfortunately with no good/consistent results.

 

[Patrick9876]

My secondary WAN is USB - USM modem / tethered phone. The USB WAN config doesn't have a UPnP option to turn on or off. But if the Dual WAN option is what is confusing AiProtection then I won't worry about it. But I'll take what AiProtection says with a grain of salt, too.

 

[Tech9]

But I'll take what AiProtection says with a grain of salt, too.

Just use what you can and don't pay attention to details too much. It's a home router and many things on it are not prefect.