net/upnp: enable STUN and allow LAN subnet override #3096
Conversation
Tawmu
commented
Aug 28, 2022
Tawmu
commented
- Fixes issue net/upnp: allow custom listen addresses to support non-directly connected networks #2974 by allowing override of a single LAN interface subnet
- Allows configuration of STUN server for external IP prediction
|
@fichtner any way we can progress this? |
|
Thanks so far! As a side node it would be better to split STUN and override IP for clearer PR audit and faster inclusion. |
|
Hopefully this is better - have taken points above and amended as necessary with clarification on the listening_ip directive. |
| <option value="" <?=!empty($pconfig['overridesubnet']) ? "selected=\"selected\"" : "";?>>Interface default</option> | ||
| <?php | ||
| for ($i = 32; $i >= 1; $i--) { ?> | ||
| <option value="/<?=$i;?>" <?=!empty($pconfig['overridesubnet']) && $pconfig['overridesubnet'] == "/".$i ? "selected=\"selected\"" : "";?>>/<?=$i;?></option> |
There was a problem hiding this comment.
it's probably safer to validate for subnet mask and add the "/" in the configuration. /32 is basically the default like when we omit the override?
There was a problem hiding this comment.
The default ends up being the subnet of the interface rather than simply /32 afaik - not sure how to "validate" the subnet mask in this case to be honest and there may be a better way of writing this entirely.
To give context for this option - in our case, OPNsense is 10.10.0.2 behind a L3 switch on 10.10.0.1, and we have VLANs 10.40.0.0/22 and 10.50.0.0/22 routed via the switch, we simply override the miniupnpd config in OPNsense to be igb0/8 so it responds to requests coming in from the entire 10.0.0.0/8 space. It's pretty dirty but I'm not sure what we can validate subnet masks against in this case? Or do you mean just run it through the is_subnet function?
|
Is there a way I can apply this fix now or do I have to wait till it is released? |
|
going to merge to work on this... thanks! |
