-
Notifications
You must be signed in to change notification settings - Fork 35.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add IPv6 pinhole support using UPnP / NAT-PMP #17012
Comments
Meanwhile NAT-PMP support is there, but it has no IPv6 pinhole support. |
Indeed, UPnP has an explicit command The PCP (succssor to NAT-PMP) RFC (https://datatracker.ietf.org/doc/html/rfc6887) doesn't say anything about pinholes (although they do mention "Simple firewall control" but it's unclear to me how that maps to opcodes). Though i would guess the MAP opcode allows that, and more, it just leaves it up to the router how the external to internal mapping should be. Ideally. It's kind of annoying if the client has to aware of the network state, ideally it doesn't really care how the port gets there, as long as it gets there. |
FWIW the version of libUPnP in depends (2.2.2) does have the Pinhole commands:
|
Manually creating an IPv6 pinhole seems to work here: $ export ROUTER_IPV6_ADDR=...
$ export MY_IPV6_ADDR=...
$ upnpc -6 -u 'http://[${ROUTER_IPV6_ADDR}]:5000/rootDesc.xml' -A "" 0 $MY_IPV6_ADDR 1234 tcp 30
upnpc : miniupnpc library test client, version 2.2.4.
(c) 2005-2022 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
Found valid IGD : http://[...]:5000/ctl/IPConn
Local LAN ip address : ...
AddPinhole: ([]:0 -> [...]:1234) / Pinhole ID = 13
$ nc -6l 1234 (but only when connecting to it using IPv6 with the correct globally routable address, when connecting to the IPv4 UPnP address, or a link-scoped IPv6 address, it gives Then connecting to it from another host, and sending some text, appears to work: $ nc $MY_IPV6_ADDR 1234
....... I'll try to integrate it into bitcoin. If i can find the right incantation. |
The UPnP side of this is progressing, though i've ran into a possible bug/limitaton in miniupnp: miniupnp/miniupnp#731 (comment)
i looked into this too, we'll actually have to implement PCP support ourselves to do this. The good part is that it's just a matter of sending one fixed-size binary UDP packet to the default gateway and parsing the result. Not worth taking on a dependency for. |
Nice! |
If you'd like to test, i have a branch here: https://github.com/laanwj/bitcoin/tree/2024-04-pcp-pinhole-test It is a PoC that adds a ipv6-pinhole-test program that (on Linux only for now):
i've tried it on two routers (Turris Omnia and Fritz!Box) and there it worked. |
Our current UPnP support works for IPv4 by requesting a port forward. It doesn't work with IPv6 when the user is behind a firewall (which was the default for my modem at least).
More recent versions of libupnp support requesting a IPv6 pinhole.
I haven't checked if the same could be done with NAT-PMP (#11902). That may be preferable to updating libupnp.
UPnP is baked into the GUI release binaries, though it's turned off by default in the settings dialog.
The text was updated successfully, but these errors were encountered: