What's new

upnp lease times?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

scyto

Regular Contributor
I am on latest merlin FW.

I had issues last year with earlier fimrware and synology NAS where the NAS couldn't keep its outbound mappings open. Synology connected remotel to my NAS and 'fixed it'. (i can get exact date of issue if we need to track back to specific older fimrware).

I upgraded their SW and the same issue came back, after much cajoling (their quality of support has deteriorated in the last year) they connected and looked at why the issue came back.

They state that last year the router cleared upnp leases every hour (they increased the frequency of their upnp code making leases on my NAS to less than an hour) and that now the router running the latest FW is clearing leases every 3 to 5 minutes.

Given that no other services behind my router are having this issue (emby, plex, etc etc) i suspect synology need to change their implementation assumptions but i don't know what to tell them.

Does anyone know what the behavior of miniupnpd is supposed to be in terms of leases, lease defaults, infinite leases and scrubbing of leases. And what, if anything, i shoud tell them to change about the implementation.

BTW the have changed a file on the NAS called /etc/portforwarding/pfd.config to re-register every 2 minutes with a caveat that this breaks their hibernation support. I would like to tell them what a best practice approach to fixing this would be.
 
I'm not sure if it'll help but you might try this on your router. Connect to it via telnet/ssh and do this

Code:
nvram set upnp_min_lifetime=3600
nvram commit
reboot

The default value is 120 seconds but I'm not sure if it applies for UPnP itself or only for NAT-PMP/PCP. Also make sure you don't have 20 or more port mappings via UPnP/NAT-PMP or Miniupnpd starts to clear them after 10 minutes of inactivity on those ports.
 
I'm not sure if it'll help but you might try this on your router. Connect to it via telnet/ssh and do this

Code:
nvram set upnp_min_lifetime=3600
nvram commit
reboot

The default value is 120 seconds but I'm not sure if it applies for UPnP itself or only for NAT-PMP/PCP. Also make sure you don't have 20 or more port mappings via UPnP/NAT-PMP or Miniupnpd starts to clear them after 10 minutes of inactivity on those ports.

Thanks, on the synology they has this router.conf file - do you know if Merlin FW supports natpmp - synology folks think not, but i see it referenced in the changelog...
outer.conf file:
[192.168.1.1]
support_change_port=yes
model=AsusWRT router
support_router_upnp=yes
support_router_natpmp=no
version=380.58
router_type=upnp
brand=ASUSTek

They also have this:
pfd.config file:
reclaim="60"

looks like they are re-adding the port map[ping every 60 seconds!?
 
Yes, NAT-PMP is supported by miniupnpd and working by default. It's normal that applications using that protocol set an expiration time and renew it automatically.
 
Yes, NAT-PMP is supported by miniupnpd and working by default. It's normal that applications using that protocol set an expiration time and renew it automatically.
Thanks i will see if i can persuade synology to switch to NAT-PMP also i got a reply from the minupnpd rep folks - looks like Merlin or asus made the decision on what timeout to set, by default it min lifetime is disabled.

@Merlin could we perhaps have a user defined setting for this behaviour?
FYI synology may register up to 100 rules + some additional hidden rules...

This is what the minupnd folks told me on github:
miniupnpd CAN clear unused port mappings if it is configured to do so.
By default it is disabled.

See the configuration options clean_ruleset_threshold / clean_ruleset_interval
https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/miniupnpd.conf

This is very likely a configuration issue
 
Last edited:
A Upnp port forward will stay live until either the device states that its no longer required or a router reboot
NAT-PMP has a lease time
 
This is what the minupnd folks told me on github:
miniupnpd CAN clear unused port mappings if it is configured to do so.
By default it is disabled.

See the configuration options clean_ruleset_threshold / clean_ruleset_interval
https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/miniupnpd.conf

This is very likely a configuration issue
Perhaps John's fork is different from Merlin's, but they're not disabled on mine:
Code:
clean_ruleset_interval=600
clean_ruleset_threshold=20
Have you looked at your /etc/upnp/config file?

@Merlin could we perhaps have a user defined setting for this behaviour?
You can change it with a user script if necessary.
 
They are not disabled on mine, but the default github file has them disabled - i.e. its a choice the person who compiled miniupnpd made (or thats what the github person said FWIW) https://github.com/miniupnp/miniupnp/issues/197

my preference is not to keep modifying my synology and / or my asus with scripts etc - the maintainability is not what i want (i am a windows guy) i want this stuff to just work (yeah i am naive) :)
 
They are not disabled on mine, but the default github file has them disabled - i.e. its a choice the person who compiled miniupnpd made (or thats what the github person said FWIW) https://github.com/miniupnp/miniupnp/issues/197

my preference is not to keep modifying my synology and / or my asus with scripts etc - the maintainability is not what i want (i am a windows guy) i want this stuff to just work (yeah i am naive) :)
Exactly, so as far as the router is concerned it is configured correctly and doesn't require changing.
 
Exactly, so as far as the router is concerned it is configured correctly and doesn't require changing.
Who says? It seems to be different behaviour from a year ago according to synology (not that i am willing to take that to the bank :) ). I agree the router is behaving as expected per the conf file. I am questioning if the conf file parameters make sense given they 'apparently' were different a year ago (less aggressive) and are certainly not the default for minupnpd.

To be clear why i am asking - synology support is a royal PITA, my goal is to be sure that if it is the synology that should be changing i have cast iron explanation of what they need to do and a good reason like "hey synology as all routers move to minupnpd 2.0 you are gonna have this problem". If it only occurs on merlin firmware (and not latest stock firmware) and it is not occurring on other routers (both of which synology are claiming) it is a little hard for me to persuade them to make a change and a little hard for me to argue to them that whomever made this implementation choice on asus/merlin was right.

I am more than willing to go back to synology and argue the point if someone can help me determine very specifically what synology is doing wrong. For example i know their workaround of getting the router to refresh every 60 seconds is inelegant at best...

In the mean time i am seeing if i can futz with the synology conf files to use nat-pmp....
 
some progress since the last post i now see leases that look like this:
Lets see if it refreshes them every hour :), guess i figure out how to futz their conf file just right :)

TCP 55027 192.168.1.48 80 0h 54m 15s NAT-PMP 55027 tcp
TCP 55028 192.168.1.48 443 0h 54m 15s NAT-PMP 55028 tcp
 
Sorry @scyto I misunderstood what you were asking for :rolleyes: I had to go back and re-read the thread.

It seems strange that the NAS is creating 100+ unused mappings. Torrents is the only thing that comes to mind, and that wouldn't be a problem. But if that's how it works...

I'm not aware of any changes to the timeouts in the last year. In fact my firmware is based on code from 2 years ago and the values are the same as yours.

But changing the min_lifetime from 120 seconds to an hour seems promising.:)
 
Sorry @scyto I misunderstood what you were asking for :rolleyes: I had to go back and re-read the thread.

It seems strange that the NAS is creating 100+ unused mappings. Torrents is the only thing that comes to mind, and that wouldn't be a problem. But if that's how it works...

I'm not aware of any changes to the timeouts in the last year. In fact my firmware is based on code from 2 years ago and the values are the same as yours.

But changing the min_lifetime from 120 seconds to an hour seems promising.:)
I don't think it is your fault, my poor lack of words. It isn't creating 100 unused mapping. It is creating around 15 actively used ones (like port 25 for my mail server) of them, plus i have others from plex and stuff. The upnp wizard on synology has a maximum of 100 - my point being only that a synology could be doing many if VPN, mailservers, couchh potato, whatever is running and that with other devices in my house a fixed 20 might be an issue.

I should also be clearer that the port mapping of plex (running on the synology and using its own code) and the auto mapping of the asus router HTTPD (yes i know this is a silly idea) all work PERFECTLY its only the synology thats at issue. I had the issue last year - there is a thread around here somewhere and back then they 'fixed' it. Turns out they just set the re advertisement of unpnp to less than an hour :) now they are saying they have had to change it to every 60 seconds for the port mappings to stay working. what is odd is once the mappings break they still appear in the asus UI they just don't work. If i go back to the synology and make one change to one rule and click save then all the rules get rewitten and every thiung works ok. So i am not even clear that the router is at fault - though synology claim it is removing ACTIVE port mappings every 3 to 5 minutes.... as you can see i am stuck between a rock and synology 'hard place' support.

3 mins untill the nat-pmp needs to refresh... lets see what happens....
 
Well at the ~00:00 mark the port mapping disappeared and reappeared on next refresh of the asus UI.
As such the issue looks like it only applies to upnp. I may get to try to have them add my router definition as a standard router definition for merlin FW to their router setup wizard.....

So i think i just worked around the issue in a more elegant an useful way than synology support - figures. By they way the reason the 60 second refresh is of little use is because it is not a fix thjey can roll out to everyone as it stops the units from hibernating (i don't hibernate so its not a big deal - but tit wrankles me that my appliance has customer stuff on it. This is why i dropped having a windows server and moved to synology ion the first place - all the darn customization and fragility of a regaulr sever Os and approach.

TL;DR
I would still like to know what to tell synology to fix their upnp code so this applies to all their customers; their forums are littered with many folks where the upnp don't work properly....
 
Last edited:
They are not disabled on mine, but the default github file has them disabled - i.e. its a choice the person who compiled miniupnpd made

The config file on github is not used by the firmware. A completely different one is generated by the firmware when starting upnp.

There's no configurable minimal lifetime on NAT-PMP/UPNP, only on PCP forwards. The only controls available for UPNP/NAT-PMP are through clean_ruleset_threshold and clean_ruleset_interval, which work like this (quoted from the sample config file):

Code:
# Unused rules cleaning.
# never remove any rule before this threshold for the number
# of redirections is exceeded. default to 20
#clean_ruleset_threshold=10
# Clean process work interval in seconds. default to 0 (disabled).
# a 600 seconds (10 minutes) interval makes sense
clean_ruleset_interval=600

If rules cleanup is enabled (controlled through the upnp_clean nvram setting, which defaults to enabled), then Asuswrt's generated config file uses these nvram values for both these parameters:

upnp_clean_interval
upnp_clean_threshold
 
I would still like to know what to tell synology to fix their upnp code so this applies to all their customers; their forums are littered with many folks where the upnp don't work properly...

Have them double check how they test for NAT-PMP support. If it detects Asuswrt as not supporting it, then something must be broken with they test method. My torrent client has no trouble using NAT-PMP here.
 
Thanks if they are seeing the rules break after three to five mins then it must be some other issue as i think the thing you show above only kicks in after 10 mins, right? Any ideas what i could suggest to them? I guess i should assert that the router is not clearing anything after 3to5 mins right?

and yes i will ask how the detect nat-pmp.

should they renew the nat-pmp mapping at the exact time it expires or a few seconds before? is there a best practice to stop the tcp session being torn down during renewal?
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top