We have enabled UPnP service, at first sight it seems to work (it is possible to query it, get wan IP etc), but installing an actual port mapping fails.
Configuration:
set service upnp listen 'br0.1020' set service upnp nat-pmp set service upnp secure-mode set service upnp wan-interface 'eth0'
Logs
vyos miniupnpd[2953]: AddPortMapping: ext port 53XXX to 192.168.XX.XXX:53XXX protocol UDP for: XXXX leaseduration=604800 rhost= vyos miniupnpd[2953]: no permission rule matched : accept by default (n_perms=0) vyos miniupnpd[2953]: Check protocol udp for port 53XXX on ext_if eth0 XXX.XXX.XXX.XXX, 49XXXX4D vyos miniupnpd[2953]: redirecting port 53XXX to 192.168.XX.XXX:53XXX protocol UDP for: XXXX vyos miniupnpd[2953]: miniupnpd[2953]: send_batch: mnl_cb_run returned -1 vyos miniupnpd[2953]: miniupnpd[2953]: nft_send_rule(0x563583aaeff0, 6, 2) send_batch failed -4 vyos miniupnpd[2953]: miniupnpd[2953]: Returning UPnPError 501: ActionFailed vyos miniupnpd[2953]: send_batch: mnl_cb_run returned -1 vyos miniupnpd[2953]: nft_send_rule(0x563583aaeff0, 6, 2) send_batch failed -4 vyos miniupnpd[2953]: Returning UPnPError 501: ActionFailed
We were not able to further investigate actual root cause for the NFT rule failures.
While trying to investigate, we also identified that miniupnpd_functions.sh is missing in /etc/miniupnpd/, so those scripts do not work. We were also not able to find miniupnp related NFT chains nor special configuration in /run/upnp/miniupnp.conf, so we suspect the failure to install the rule is caused by this.