ASUS ROG RAPTURE GT-AXE16000 Firmware version 3006.102.6 UPNP not working

[Kyronism]

ASUS ROG RAPTURE GT-AXE16000 Firmware version 3006.102.6 UPNP not working unless DMZ/OPEN NAT is enabled for a specific IP address and port.
I'm aware that Asus routers with the new Broadcom chips are limited to a port restricted cone NAT, but I'm pretty sure that UPNP should still work alone without DMZ or OPEN NAT.

 

[ColinTaylor]

What makes you think it's not working? How are you testing this?

 

[Kyronism]

What makes you think it's not working? How are you testing this?

I tested listening porta to on my pc by launching a game that utilizes UPNP and then I check if ports are open using port checker tools.

What makes you think it's not working? How are you testing this?

I tested listening ports to on my pc by launching a game that utilizes UPNP and then I check if ports are open using port checker tools.
Another way to check if a port is open is by using the Powershell command, "Test-NetConnection -ComputerName <PUBLIC IP> -Port" and see if it listens. I found out that UPNP doesn't work unless I enable Open NAT or DMZ.
I should've clarified this in my first that I'm have no experience with any other Asuswrt or Asuswrt-merlin versions before this one, I just now bought the router and intalled Asuswrt-merlin immediately.

 

[ColinTaylor]

I tested listening ports to on my pc by launching a game that utilizes UPNP and then I check if ports are open using port checker tools.

Have you tried any other games?

After running the game(s), log into the router and look at the System Log - Port Forwarding page. Do you see the ports listed there?

 

[Kyronism]

Have you tried any other games?

After running the game(s), log into the router and look at the System Log - Port Forwarding page. Do you see the ports listed there?

Oh, I forgot about the system log in the router, no it doesn't show me the ports listed when launching a game, unless I set a DMZ or Open NAT, then it does.

 

[ColinTaylor]

Perhaps miniupnpd has crashed. SSH into the router and see if the process is running:

# ps | grep [m]iniupnpd
 5308 admin     3532 S    miniupnpd -f /etc/upnp/config -1

 

[Kyronism]

It is running, but again no ports are seem to be listening when UPNP alone is enabled.

 

[nagyimre1980]

I use qbitorrenet. UPNP works perfectly

 

[DiGz_Au]

Its across all asus routers. Evidently they wont fix it as things like qos still aren't fixed. Talk about falling apart. Shortcut to get upnp to work is to enable it in wan, and also make sure to select NAT type to fullcone. This enabled upnp outside of port forwarding. I would say that asus have done something that auto enables upnp igdv2 which doesnt work correctly on xbox or windows machines with games. It will however correctly show ports for torrent apps so there's that. It seems even on merlin selecting no for igdv2 still wont let upnp work correctly. Been like it for months. I just use full cone now but will move away from asus shortly as they cant seem to get their act together.

 

[ColinTaylor]

Its across all asus routers.

Obviously not. It's always worked perfectly well on my RT-AX86U across all firmware releases.

 

[Kyronism]

Its across all asus routers. Evidently they wont fix it as things like qos still aren't fixed. Talk about falling apart. Shortcut to get upnp to work is to enable it in wan, and also make sure to select NAT type to fullcone. This enabled upnp outside of port forwarding. I would say that asus have done something that auto enables upnp igdv2 which doesnt work correctly on xbox or windows machines with games. It will however correctly show ports for torrent apps so there's that. It seems even on merlin selecting no for igdv2 still wont let upnp work correctly. Been like it for months. I just use full cone now but will move away from asus shortly as they cant seem to get their act together.

Quad Core Broadcom chips don't support a Full Cone NAT sadly, so I'm just gonna stick to a DMZ.

 

[DiGz_Au]

Obviously not. It's always worked perfectly well on my RT-AX86U across all firmware releases.

Well hate to be the bearer of bad news but I own and currently use an ax86u on windows and latest firmware be it from asus or merlin upnp does NOT work for gaming or xbox with upnp switched on.

 

[DiGz_Au]

Quad Core Broadcom chips don't support a Full Cone NAT sadly, so I'm just gonna stick to a DMZ.

I switch full cone nat to on and upnp magically works again. Who knows lol but it's broken we can all agree.

 

[ColinTaylor]

Well hate to be the bearer of bad news but I own and currently use an ax86u on windows and latest firmware be it from asus or merlin upnp does NOT work for gaming or xbox with upnp switched on.

I don't have an Xbox but I've had various PCs and PlayStations and I've never had the problem described by @Kyronism (or any other UPnP problems for that matter).

 

[DiGz_Au]

Go and load a game up in Windows that shows nat status. Fresh installed firmwares with a wipe and upnp switched on doesnt do anything. Extensively tested and the outcome is as it was months ago when merlin enabled igdv2 in his firmware. Playstation will work fine as its not windows.

 

[RMerlin]

NAT type and UPnP port forwarding are two totally separate things...

 

[DiGz_Au]

NAT type and UPnP port forwarding are two totally separate things...

Err your nat type is directly affected by port forwarding/upnp.
If my nat type is moderate, this is directly related to this when I have a public facing ipv4. Im not sure why you think they aren't directly related? Can you elaborate further please because if you think there's no issue with upnp since last few firmwares than I dont know what to say lol

 

[RMerlin]

Err your nat type is directly affected by port forwarding/upnp.
If my nat type is moderate, this is directly related to this when I have a public facing ipv4. Im not sure why you think they aren't directly related? Can you elaborate further please because if you think there's no issue with upnp since last few firmwares than I dont know what to say lol

NAT type is when you have a remote connection connecting with you, it determines how the port mapping will be handled.

Whether NAT type is restricted or full cone, a port forward will still work if it's forwarded (i.e. masqueraded or static NAT). It will either be more or less restrictive in which remote connections get accepted. Fullcone might allow unsollicited inbound connections, which is a security risk. Fullcone is also only supported by very few routers - the Linux kernel itself does not have fullcone support. Any router supporting it has to do it through a custom kernel/netfilter patch.

There has been zero changes in recent firmwares on this subject. None of the 3006.102 router models ever supported Fullcone NAT, only older 3004.388 models based on kernel 4.1 ever did. If you are now experiencing new issues, that is not related to NAT type in any way.

UPnP is working. Here is my GT-AXE16000 with a pair of port forwards configured by qBittorrent on a Windows laptop, through UPNP:

And here is the telnet connection to that forwarded port, done from the GT-AXE16000 WAN side.

Just because your test method reports Restricted NAT does not mean that port forwarding through UPnP doesn't work.

 

[nagyimre1980]

@RMerlin

UPnP works fine under IPv4, but it is not working with IPv6 (even though "Enable IGDv2 (IPv6 pinhole support)" is enabled).

I am using qBittorrent on Windows 11. The initial IPv6 lease works, and IPv4 renewal/extension also works correctly, but the IPv6 port mapping disappears after a while.

I have already tried setting the lease duration to 0 seconds (infinite) in qBittorrent, but the IPv6 pinhole still drops/disappears after some time.

 

[RMerlin]

I have already tried setting the lease duration to 0 seconds (infinite) in qBittorrent, but the IPv6 pinhole still drops/disappears after some time.

Could it be disappearing because your ISP renewed/changed your IPv6 lease?

Honestly, IPv6 pinhole is one of these things that since nobody ever uses, I doubt the miniupnpd author even tested its implementation. He probably just implemented the official RFC specs, and left it at that. Whether it works in a real-life setup is unknown. Same thing with most of the IGDv2 implementation, that was broken in Windows itself for multiple years. So far, the only workaround is for miniupnpd fake some of its internal data structures to fool Windows.

IGD is one of these technologies that exists on paper, but barely gets any real life use beyond the very basics, so nobody is debugging and fixing it (by "nobody", I mostly mean Microsoft/Apple/Google). The miniupnpd author's stance has been to just implement the RFCs as they are stated, which is really the only thing he can really do.

On my end, all I could do is test creating a pinhole using upnpc when I implemented pihole support, and that part was working for me. If however there is no mechanism to refresh them from the router's point of view whenever the IPv6 allocation changes, then nothing can be done about it. If your application creates a pihole using an ephemerous IPv6, and that IPv6 eventually expires, it will be up to the client (qbittorrent in this case) to notice that, and refresh the piholes it manages.