Difference between revisions of "Manual:IP/UPnP"

From MikroTik Wiki
Jump to navigation Jump to search
 
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Versions|2.9, v3, v4}}
{{Versions|2.9, v3, v4 +}}


__TOC__
__TOC__
Line 5: Line 5:
<div class="manual">
<div class="manual">


The MikroTik RouterOS supports Universal Plug and Play architecture for transparent peer-to-peer network connectivity of personal computers and network-enabled intelligent devices or appliances. UPnP builds enables these devices to automatically connect with one another and work together to make networking possible for more people.
==Summary==


==Specifications==
<p id="shbox"><b>Sub-menu:</b> <code>/ip upnp</code>
<br />
<b>Packages required:</b> <code>system</code>
</p>
<br />


* Packages required: system
<p>
* License required: Level1
The MikroTik RouterOS supports Universal Plug and Play architecture for transparent peer-to-peer network connectivity of personal computers and network-enabled intelligent devices or appliances.
* Submenu level: '''/ip upnp'''
</p>
* Standards and Technologies: TCP/IP, HTTP, XML, IGD
* Hardware usage: Not significant
 
==Description==


<p>
UPnP enables data communication between any two devices under the command of any control device on the network. Universal Plug and Play is completely independent of any particular physical medium. It supports networking with automatic discovery without any initial configuration, whereby a device can dynamically join a network. DHCP and DNS servers are optional and will be used if available on the network. UPnP implements simple yet powerfull NAT traversal solution, that enables the client to get full two-way peer-to-peer network support from behind the NAT.
UPnP enables data communication between any two devices under the command of any control device on the network. Universal Plug and Play is completely independent of any particular physical medium. It supports networking with automatic discovery without any initial configuration, whereby a device can dynamically join a network. DHCP and DNS servers are optional and will be used if available on the network. UPnP implements simple yet powerfull NAT traversal solution, that enables the client to get full two-way peer-to-peer network support from behind the NAT.
 
</p>
<p>
There are two interface types for UPnP: internal (the one local clients are connected to) and external (the one the Internet is connected to). A router may only have one external interface with a 'public' IP address on it, and as many internal interfaces as needed, all with source-NATted 'internal' IP addresses.
There are two interface types for UPnP: internal (the one local clients are connected to) and external (the one the Internet is connected to). A router may only have one external interface with a 'public' IP address on it, and as many internal interfaces as needed, all with source-NATted 'internal' IP addresses.
 
</p>
<p>
The UPnP protocol is used for many modern applications, like most of DirectX games, as well as for various Windows Messenger features (remote asisstance, application sharing, file transfer, voice, video) from behind a firewall.
The UPnP protocol is used for many modern applications, like most of DirectX games, as well as for various Windows Messenger features (remote asisstance, application sharing, file transfer, voice, video) from behind a firewall.
</p>


===Additional Resources===
===Additional Resources===
Line 27: Line 31:
[http://www.upnp.org/ UPnP Forum]
[http://www.upnp.org/ UPnP Forum]


== Enabling Universal Plug-n-Play ==  
==General Properties==


* Submenu level: '''/ip upnp'''
{{Mr-arg-table-h
|prop=Property
|desc=Description
}}


===Property Description===
{{Mr-arg-table
|arg=allow-disable-external-interface
|type=<nowiki>yes | no </nowiki>
|default=yes
|desc=whether or not should the users be allowed to disable router's external interface. This functionality (for users to be able to turn the router's external interface off without any authentication procedure) is required by the standard, but as it is sometimes not expected or unwanted in UPnP deployments which the standard was not designed for (it was designed mostly for home users to establish their ownlocal networks), you can disable this behavior
}}


* '''allow-disable-external-interface''' (yes | no; default: yes) - whether or not should the users be allowed to disable router's external interface. This functionality (for users to be able to turn the router's external interface off without any authentication procedure) is required by the standard, but as it is sometimes not expected or unwanted in UPnP deployments which the standard was not designed for (it was designed mostly for home users to establish their ownlocal networks), you can disable this behavior
{{Mr-arg-table
* '''enabled''' (yes | no; default: no) - whether UPnP feature is enabled
|arg=enabled
* '''show-dummy-rule''' (yes | no; default: yes) - this is to enable a workaround for some broken implementations, which are handling the absense of UPnP rules incorrectly (for example, popping up error messages). This option will instruct the server to install a dummy (meaningless) UPnP rule that can be observed by the clients, which refuse to work correctly otherwise
|type=<nowiki>yes | no </nowiki>
|default=no
|desc=Enable uPnP service
}}


===Notes===
{{Mr-arg-table-end
|arg=show-dummy-rule
|type=<nowiki>yes | no </nowiki>
|default=yes
|desc=Enable a workaround for some broken implementations, which are handling the absense of UPnP rules incorrectly (for example, popping up error messages). This option will instruct the server to install a dummy (meaningless) UPnP rule that can be observed by the clients, which refuse to work correctly otherwise
}}


CAUTION: if you do not disable the allow-disable-external-interface, any user from the local network will be able (without any authentication procedures) to disable the router's external interface.


===Example===
{{Warning | if you do not disable the allow-disable-external-interface, any user from the local network will be able (without any authentication procedures) to disable the router's external interface. }}


To enable UPnP feature:
==UPnP Interfaces==
<pre>
<p id="shbox"><b>Sub-menu:</b> <code>/ip upnp interfaces</code></p>
[admin@MikroTik] ip upnp> set enable=yes
<br />
[admin@MikroTik] ip upnp> print
 
                            enabled: yes
{{Mr-arg-table-h
    allow-disable-external-interface: yes
|prop=Property
                    show-dummy-rule: yes
|desc=Description
[admin@MikroTik] ip upnp>
}}
</pre>     


==UPnP Interfaces==
{{Mr-arg-table
|arg=interface
|type=string
|default=
|desc=Interface name on which uPnP will be running
}}


* Submenu level: /ip upnp interfaces
{{Mr-arg-table
|arg=type
|type=<nowiki>external | internal</nowiki>
|default=no
|desc=uPnP interface type:
* <var>external</var> - the interface a global IP address is assigned to
* <var>internal</var> - router's local interface the clients are connected to
}}


===Property Description===
{{Mr-arg-table-end
|arg=forced-external-ip
|type=<nowiki>Ip</nowiki>
|default=
|desc=Allow to specify what public IP to use if external interface have more than one IP available.
}}


* interface (name) - interface name UPnP will be run on
* Type(external | internal) - interface type, one of the:
** external - the interface a global IP address is assigned to
** internal - router's local interface the clients are connected to


===Notes===
{{Note | It is highly recommended to upgrade DirectX runtime libraries to version DirectX 9.0c or higher and Windows Messenger to version Windows Messenger 5.0 or higher in order to get UPnP to work properly.}}


It is highly recommended to upgrade DirectX runtime libraries to version DirectX 9.0c or higher and Windows Messenger to version Windows Messenger 5.0 or higher in order to get UPnP to work properly.
{{ Note | In more complex setups with VLANs, where VLAN interface is considered as the LAN interface, the VLAN interface itself should be specified as the internal interface for UPnP to work properly. }}


===Example===
==Configuration Example==


[[Image:Upnp.jpg]]
[[Image:Upnp.jpg]]
Line 75: Line 106:


<pre>
<pre>
[admin@MikroTik] ip upnp interfaces> /ip firewall src-nat print
[admin@MikroTik] ip upnp> /ip firewall src-nat print
Flags: X - disabled, I - invalid, D - dynamic
Flags: X - disabled, I - invalid, D - dynamic
   0  chain=srcnat action=masquerade out-interface=ether1
   0  chain=srcnat action=masquerade out-interface=ether1
[admin@MikroTik] ip upnp interfaces>
[admin@MikroTik] ip upnp>
</pre>       
</pre>       


Now all we have to do is to add interfaces and enable UPnP:
To enable UPnP feature:
<pre>
[admin@MikroTik] ip upnp> set enable=yes
[admin@MikroTik] ip upnp> print
                            enabled: yes
    allow-disable-external-interface: yes
                    show-dummy-rule: yes
[admin@MikroTik] ip upnp>
</pre>   
 
 
Now all we have to do is to add interfaces:


<pre>
<pre>
Line 93: Line 135:


[admin@MikroTik] ip upnp interfaces> enable 0,1
[admin@MikroTik] ip upnp interfaces> enable 0,1
[admin@MikroTik] ip upnp interfaces> .. set enabled=yes
[admin@MikroTik] ip upnp interfaces>
[admin@MikroTik] ip upnp interfaces>
</pre>       
</pre>       

Latest revision as of 15:24, 3 May 2018

Version.png

Applies to RouterOS: 2.9, v3, v4 +

Summary

Sub-menu: /ip upnp
Packages required: system


The MikroTik RouterOS supports Universal Plug and Play architecture for transparent peer-to-peer network connectivity of personal computers and network-enabled intelligent devices or appliances.

UPnP enables data communication between any two devices under the command of any control device on the network. Universal Plug and Play is completely independent of any particular physical medium. It supports networking with automatic discovery without any initial configuration, whereby a device can dynamically join a network. DHCP and DNS servers are optional and will be used if available on the network. UPnP implements simple yet powerfull NAT traversal solution, that enables the client to get full two-way peer-to-peer network support from behind the NAT.

There are two interface types for UPnP: internal (the one local clients are connected to) and external (the one the Internet is connected to). A router may only have one external interface with a 'public' IP address on it, and as many internal interfaces as needed, all with source-NATted 'internal' IP addresses.

The UPnP protocol is used for many modern applications, like most of DirectX games, as well as for various Windows Messenger features (remote asisstance, application sharing, file transfer, voice, video) from behind a firewall.

Additional Resources

UPnP Forum

General Properties

Property Description
allow-disable-external-interface (yes | no ; Default: yes) whether or not should the users be allowed to disable router's external interface. This functionality (for users to be able to turn the router's external interface off without any authentication procedure) is required by the standard, but as it is sometimes not expected or unwanted in UPnP deployments which the standard was not designed for (it was designed mostly for home users to establish their ownlocal networks), you can disable this behavior
enabled (yes | no ; Default: no) Enable uPnP service
show-dummy-rule (yes | no ; Default: yes) Enable a workaround for some broken implementations, which are handling the absense of UPnP rules incorrectly (for example, popping up error messages). This option will instruct the server to install a dummy (meaningless) UPnP rule that can be observed by the clients, which refuse to work correctly otherwise


Icon-warn.png

Warning: if you do not disable the allow-disable-external-interface, any user from the local network will be able (without any authentication procedures) to disable the router's external interface.


UPnP Interfaces

Sub-menu: /ip upnp interfaces


Property Description
interface (string; Default: ) Interface name on which uPnP will be running
type (external | internal; Default: no) uPnP interface type:
  • external - the interface a global IP address is assigned to
  • internal - router's local interface the clients are connected to
forced-external-ip (Ip; Default: ) Allow to specify what public IP to use if external interface have more than one IP available.


Icon-note.png

Note: It is highly recommended to upgrade DirectX runtime libraries to version DirectX 9.0c or higher and Windows Messenger to version Windows Messenger 5.0 or higher in order to get UPnP to work properly.


Icon-note.png

Note: In more complex setups with VLANs, where VLAN interface is considered as the LAN interface, the VLAN interface itself should be specified as the internal interface for UPnP to work properly.


Configuration Example

Upnp.jpg

We have masquerading already enabled on our router:

[admin@MikroTik] ip upnp> /ip firewall src-nat print
Flags: X - disabled, I - invalid, D - dynamic
  0   chain=srcnat action=masquerade out-interface=ether1
[admin@MikroTik] ip upnp>

To enable UPnP feature:

[admin@MikroTik] ip upnp> set enable=yes
[admin@MikroTik] ip upnp> print
                             enabled: yes
    allow-disable-external-interface: yes
                     show-dummy-rule: yes
[admin@MikroTik] ip upnp>


Now all we have to do is to add interfaces:

[admin@MikroTik] ip upnp interfaces> add interface=ether1 type=external
[admin@MikroTik] ip upnp interfaces> add interface=ether2 type=internal
[admin@MikroTik] ip upnp interfaces> print
Flags: X - disabled
  #   INTERFACE TYPE
  0 X ether1    external
  1 X ether2    internal

[admin@MikroTik] ip upnp interfaces> enable 0,1
[admin@MikroTik] ip upnp interfaces>