tailscale: UPnP not working with TP-Link ER605 router
What is the issue?
I have a TP-Link ER605 v2 router running firmware 2.1.2. UPnP is enabled in the settings, and other devices/apps on my network are able to add mappings. It does not support NAT-PMP.
The Tailscale WebUI reports that UPnP is unavailable, and tailscale netcheck shows the same. I have tested this on multiple machines (macOS, Windows, Linux) running tailscale on this network.
As with #6833 and #6320, I have made a wireshark packet capture. I used ( (udp contains "HTTP/1.1") and (udp contains 0a:53:54:3a) ) or (http contains 55:50:6e) or (http contains 75:70:6e) for the filter. During the capture, I relaunched Tailscale, and also used Port Map to query the mappings on my router. (It uses miniupnpc under the hood.)
It might be worth noting that the ER605 is a multi-WAN load balancing router, but I currently have it set to route over one WAN interface (also, regardless of whether or not load balancing is active, my other devices are able to map over UPnP). It also seems that the ER605 does not report an external IP. I don’t know if this is an issue as per #682.
Thank you!
Steps to reproduce
- Enable/toggle UPnP on the router settings.
- Relaunch Tailscale.
- Check UPnP availability.
Are there any recent changes that introduced the issue?
N/A
OS
Linux, macOS, Windows
OS version
macOS Monterey 12.6.3, Windows 11, Debian 11 (bullseye)
Tailscale version
1.36.2, 1.36.1
Other software
No response
Bug report
BUG-e4511fa4255388b7817aed70c08a0e8a2d39a1e5f87052bae3bab118ba464d44-20230225073056Z-f3095245493bc672
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 26 (13 by maintainers)
Commits related to this issue
- cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it... — committed to tailscale/tailscale by andrew-d a year ago
- cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it... — committed to tailscale/tailscale by andrew-d a year ago
- cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it... — committed to tailscale/tailscale by andrew-d a year ago
- cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it... — committed to tailscale/tailscale by andrew-d a year ago
- cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it... — committed to tailscale/tailscale by andrew-d a year ago
- cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it... — committed to tailscale/tailscale by andrew-d a year ago
- cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it... — committed to tailscale/tailscale by andrew-d a year ago
- cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it... — committed to tailscale/tailscale by andrew-d a year ago
- cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it... — committed to tailscale/tailscale by andrew-d a year ago
- net/portmapper: relax source port check for UPnP responses Per a packet capture provided, some gateways will reply to a UPnP discovery packet with a UDP packet with a source port that does not come f... — committed to tailscale/tailscale by andrew-d a year ago
- net/portmapper: don't pick external ports below 1024 Some devices don't let you UPnP portmap a port below 1024, so let's just avoid that range of ports entirely. Updates #7377 Signed-off-by: Andrew... — committed to tailscale/tailscale by andrew-d a year ago
- net/portmapper: send UPnP protocol in upper-case We were previously sending a lower-case "udp" protocol, whereas other implementations like miniupnp send an upper-case "UDP" protocol. For compatibili... — committed to tailscale/tailscale by andrew-d a year ago
- net/portmapper: send UPnP protocol in upper-case We were previously sending a lower-case "udp" protocol, whereas other implementations like miniupnp send an upper-case "UDP" protocol. For compatibili... — committed to tailscale/tailscale by andrew-d a year ago
- net/portmapper: don't pick external ports below 1024 Some devices don't let you UPnP portmap a port below 1024, so let's just avoid that range of ports entirely. Updates #7377 Signed-off-by: Andrew... — committed to tailscale/tailscale by andrew-d a year ago
- net/portmapper: send UPnP protocol in upper-case We were previously sending a lower-case "udp" protocol, whereas other implementations like miniupnp send an upper-case "UDP" protocol. For compatibili... — committed to tailscale/tailscale by andrew-d a year ago
- net/portmapper: send UPnP protocol in upper-case We were previously sending a lower-case "udp" protocol, whereas other implementations like miniupnp send an upper-case "UDP" protocol. For compatibili... — committed to tailscale/tailscale by andrew-d a year ago
- net/portmapper: relax source port check for UPnP responses Per a packet capture provided, some gateways will reply to a UPnP discovery packet with a UDP packet with a source port that does not come f... — committed to tailscale/tailscale by andrew-d a year ago
- net/portmapper: relax source port check for UPnP responses Per a packet capture provided, some gateways will reply to a UPnP discovery packet with a UDP packet with a source port that does not come f... — committed to tailscale/tailscale by andrew-d a year ago
- net/portmapper: relax source port check for UPnP responses Per a packet capture provided, some gateways will reply to a UPnP discovery packet with a UDP packet with a source port that does not come f... — committed to tailscale/tailscale by andrew-d a year ago
- ipn/localapi: close portmapper after debug This ensures that any mappings that are created are correctly cleaned up, instead of waiting for them to expire in the router. Updates #7377 Signed-off-by... — committed to tailscale/tailscale by andrew-d a year ago
@andrew-d Thanks for letting me know! I appreciate it. 😃
I haven’t been able to replicate that last problem regarding the IP from the wrong interface mapping to the router, so it may have been just a fluke. If it does occur on my other Windows machines then I’ll file that issue. Again, thank you!
Thanks too! I’ll make another issue for (1) later or possibly tomorrow, once I’ve confirmed the reproducibility.
One last question – when do you think the fix for this issue will land in stable?