1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

IoT Hue Lightbulb needs UPnP???

Discussion in 'Asuswrt-Merlin' started by Zonkd, Dec 18, 2018.

Tags:
  1. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    197
    I own an AC86U router and I want UPnP disabled. Unfortunately I've been told UPnP must be enabled for my mates new internet-of-things Phillips Hue lightbulb to work properly.

    So I gotta ask, is UPnP essential for controlling the Hue lightbulb over the internet using the phone app or an Amazon Echo?

    Now that he has enabled UPnP I see him controlling it with his phone app and Amazon Echo. He hasn't mentioned the specific problem he saw when UPnP was off. Unfortunately I'm unable to troubleshoot unless he gives me access to his hue/phone/echo. That is unlikely to happen. o_O
     
  2. Hawk

    Hawk Senior Member

    Joined:
    Mar 9, 2014
    Messages:
    230
    Location:
    Toronto, Ontario, Canada
    Why don't you try both ways, upnp is used when you need to open ports for service or program. I will leave it disabled if possible.
     
  3. Keenan

    Keenan Regular Contributor

    Joined:
    Mar 20, 2013
    Messages:
    176
    Location:
    California
    Why is access to his equipment unlikely to happen? Just switch off UPnP in the AC86U until he agrees to troubleshoot the problem with you.
     
    TheUntouchable, wesbez and Zonkd like this.
  4. bluzfanmr1

    bluzfanmr1 Occasional Visitor

    Joined:
    Mar 18, 2018
    Messages:
    15
    You could check the port forwarding tab with upnp on and see what is on that page, then manually enter them and turn off upnp.
     
  5. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    197
    Thanks I didn't see the System Log / Port Forwarding tab. I will keep an eye on it.
     
  6. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    197
    Try both ways? Well I suppose we've done that because UPnP was off to begin with. He connected the Hue via WiFi on his own. It didn't work as he expected. I'm guessing he read some instructions online. He then insisted on enabling UPnP. I was busy and didn't have time to help nor argue about it, so I let him enable it, and it fixed whatever his problem was. I'd be an unpopular person to disable UPnP without having another solution to offer up.
     
  7. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    2,289
    Location:
    /etc
    Ok, let me get this straight, you are going to relax security on your entire network because buddy has a neat light bulb. :rolleyes::rolleyes:
     
  8. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    197
    Doesn't enabling UPnP always allow clients to open ports to WAN? UPnP is for getting through the firewall...
     
    ChatmanR likes this.
  9. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    197
    Definitely... not. But you gotta be seen as reasonable by everyone else you live with and not be seen as the dude who crashes parties by preventing people living life using their fancy new party lights which they already paid hundreds of dollars for.

    Once I'm confident I've found the solution UPnP will be disabled by me.
     
    Last edited: Dec 25, 2018
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,252
    Location:
    UK
    Indeed. ChatmanR's statement make no sense. The grc link refers to something completely different.

    This. Hopefully it always uses the same port so that you can manually forward it.
     
    ChatmanR likes this.
  11. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    197
    Errrrgh, gross, so basically you're saying I'll need to port foward this lightbulb to be permanently exposed to the entire internet making it vulnerable 24/7 to hack attempts? Why on earth is that necessary? I don't get it.

    Synology has a remote access solution for their NAS products that doesn't require port forwarding. It's called QuickConnect. The NAS sends a heartbeat to Synology servers which then handle negotiating remote access sessions between the NAS and any remote clients outside the LAN. They could have done the same thing for these damn lightbulbs?
     
  12. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    2,289
    Location:
    /etc
    Keep the bulb's access at the local level, and use a VPN to access your network, and thus control the bulb safely without it having WAN access.
     
    HuskyHerder likes this.
  13. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    197
    Too complicated for my room-mates. I'd rather not be kicked out for being a network nazi. I'll let their lightbulb get hacked.
     
  14. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,357
    The implication being that said "hacked lightbulb" is then on your LAN, on the nicer side of your firewall ;-)
     
    netware5 likes this.
  15. HuskyHerder

    HuskyHerder Senior Member

    Joined:
    May 12, 2017
    Messages:
    261
    Since you posted the topic I have checked my logs a few times a day and there is no UPNP connection from my Hue. at least nothing shown up in those logs. Unless they are released very quickly and I fail to notice. I did have other connections, that I did not know about, due to a new app install. They were remedied last night, and not related to your topic.

    I have the Hue Hub setup for remote access and also working with an Apple TV as a HomeKit Hub. This was the only thing to show up in the list of connections.. I have UPNP and secure UPNP enabled.

    Tcp > NAT address > NAT port > Destination IP > port > State = tcp > 10.x.x.1 > 44863 > 104.155.18.91 > 443 > Established

    Not sure if this help you, or is even relevant?
     
  16. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,252
    Location:
    UK
    Don't ask me, I have no idea how it works. Ask the manufacturer of the lightbulb.
     
  17. ^Tripper^

    ^Tripper^ Regular Contributor

    Joined:
    Aug 16, 2014
    Messages:
    101
    Location:
    Disneyland with the death penalty
    I have upnp disabled and my hue works perfectly via local control and cloud. Not using alexa, just the standard hue app.
     
    JemTheWire and skeal like this.
  18. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    648
    Same here, though I mostly use HomeKit Apps instead of the Philips Hue App.

    Works great, no UPnP needed.
     
    JemTheWire and skeal like this.
  19. unsynaps

    unsynaps Senior Member

    Joined:
    Nov 9, 2014
    Messages:
    224
    Location:
    Halethorpe, MD
    Not a solution if you dont have useless devices for one purpose like an AppleTV or a new enough iPad sitting at home.
     
  20. ^Tripper^

    ^Tripper^ Regular Contributor

    Joined:
    Aug 16, 2014
    Messages:
    101
    Location:
    Disneyland with the death penalty
    HomeKit works fine without needing any “useless” apple devices except for out of home control. :)

    But yeah, if you need that feature, HomeKit does require a “useless” device like an Appletv or a new enough iPad to act as a hub. Because Apple.