2.4 Re-enables UPnP by default

[EUS]

OK, here's an ignorant question. I've seen people talking about uPnP and port forwarding as if one of them has to be active in order to see other commanders and do multiplayer. I've never enabled either of them (and know for a fact that I've disabled uPnP on my router). I still see other players in Open and private groups and haven't had a problem with big meet-ups. There must be some third option--otherwise I would have expected the game software itself to have been much more vocal in telling me what I need to enable--right?. Is this change a signal that things will start working worse if I don't configure something? Or have I been that guy who's bad networking has interfered with everyone else in the instance without realizing it?

The way I understand it, and I may be wrong, if you have no port forward, and no UPnP, you'll still have instances with other CMDRs so long as THEY have one of those options are active on their end, they become the 'server'.
But you and I might never be instanced as we both have everything disabled.
However, FD has made recent network changes that I don't fully understand, where they threw in a new network server for those like us.
It may have been part of 2.3 release, I don't fully recall.

 

[Captain Willard]

I always follow these threads on routers and settings with interest and a little trepidation. I've never owned a router as my provider gives me 3 ip addresses. 2 hardwired game machines and a wifi to stream to my tv and other mobile platforms thru a switch. I never could really understand all the fear associated with upnp, guess I never will. But I'll keep reading.

 

[Crank Larson]

However, FD has made recent network changes that I don't fully understand, where they threw in a new network server for those like us.

I saw an FD presentation (it's on YouTube somewhere, I think) that described their network set-up. They had proxies, and it could be that those proxies are used to handle the traffic between clients that don't accept direct connections. There are lots of ways to do it, and as people are reporting that things still work without uPnP (but no forwarding) then it does imply that the networking is more complex than just direct P2P.

 

[kofeyh]

Interesting. When the servers are back up I may disable the port forwarding to see if things still work. As I say, from a code level it is entirely possible to avoid needing port forwarding - maybe something is happening there.

I would not recommend reverting from port forwarding, which will be 100% reliable, back to uPNP which is an insecure methodology and is frequently bugged or broken on most consumer routers.

If port forwarding is set, then I would continue to use this. uPNP is a bag of hurt; don’t do it.

 

[Crank Larson]

I never could really understand all the fear associated with upnp, guess I never will.

It's not something to fear, it can be useful. But... It is a security hole because it means that any device on a network can open holes in the firewall to communicate directly with devices elsewhere on the internet. A lot of scare stories focus on webcams and such like that do this. If they opened up a port (so that you can connect to it remotely), but didn't have suitable security themselves, then they could be compromised (either someone watching through it, or even commandeering the device for nefarious purposes).

I would not recommend reverting from port forwarding, which will be 100% reliable, back to uPNP which is an insecure methodology and is frequently bugged or broken on most consumer routers.

lol, I never said I was going to enable uPnP again. That isn't happening. But as others have said that they have both disabled and can still instance with other players - I will give this a try.

 

[Old Duck]

OK, here's an ignorant question. I've seen people talking about uPnP and port forwarding as if one of them has to be active in order to see other commanders and do multiplayer. I've never enabled either of them (and know for a fact that I've disabled uPnP on my router). I still see other players in Open and private groups and haven't had a problem with big meet-ups. There must be some third option

There is - it's called UDP "Hole Punching", a well-established way to allow P2P through firewalls without the need to use UPnP or port-forwarding. There's all sorts of technical documents online for those interested in the specifics.

That said, you don't need to know the specifics to use it - it happens behind the scenes. Well, at least it does on my PS4

 

[EUS]

I always follow these threads on routers and settings with interest and a little trepidation. I've never owned a router as my provider gives me 3 ip addresses. 2 hardwired game machines and a wifi to stream to my tv and other mobile platforms thru a switch. I never could really understand all the fear associated with upnp, guess I never will. But I'll keep reading.

The problem is the lack of authentication from anyone, anywhere, on any port, to your device.

 

[kofeyh]

The problem is (should neither uPNP or port forwarding be in use) you will then become reliant on other commanders acting as a peer. It’s not reliable. Anecdotal information that suggests this is all fine and works perfectly, is probably over simplifying the situation.

I do not know why frontier persists with uPNP. It’s frustrating. There are other options.

 

[Kerrash]

I finally have IPv6 now! Should hopefully mean better results without pin-holing, I shall test ASAP an get back

 

[kofeyh]

I finally have IPv6 now! Should hopefully mean better results without pin-holing, I shall test ASAP an get back

Have frontier actually enabled this reliably yet? I have had a native dual stack IPV4 and IPV6 connection for a considerable period of time. It would be marvellous if they actually used this (IPv6).

 

[EUS]

I finally have IPv6 now! Should hopefully mean better results without pin-holing, I shall test ASAP an get back

How many millions of ips do you have now?
One for every nail, screw, lightbulb, etc, etc.

 

[dape]

no uPnP and no Portforwarding enabled on my router. And I see lots of Cmdrs in the game. the network settings in AppConfig file on the other hand shows

upnpenabled="1"

does this somehow override my router settings?

 

[Shadowdancer]

OK, here's an ignorant question. I've seen people talking about uPnP and port forwarding as if one of them has to be active in order to see other commanders and do multiplayer.

Both are trying to work around the same problem (NAT, network address translation, basically your router has a single external IP address and translates connections to and from the private network, meaning that internal devices are not directly reachable), but ideally you don't need either. If you are behind NAT, there are several options:

• Use IPv6 which solves the problem of limited addresses and can give each device its own publically reachable address. You may still have to allow connections on your router, because allowing just anything to be remote controlled from the Internet is… not smart. E:⁠D supports IPv6, and if your ISP does, you can enable it in network options.
• With some types of NAT, it is possible to negotiate connections by determining an external address and port once the application has communicated to a known server. Other peers can then directly use that address/port pair to talk to you. This is done by classifying the type of connection you're on, and if it's usable for direct connections, advertise that. Look up "STUN", it's not pretty.
• If your configuration does not allow that, communication can be performed via a third party, in this case TURN servers that relay data to peers. If you're using IPv6 for E:⁠D, you can even disable IPv4 in network settings and v4 peers will communicate to you via those.
• Explicit port forwarding, or UPnP to automate it, which are the bottom-rung solutions.

How many millions of ips do you have now?
One for every nail, screw, lightbulb, etc, etc.

I have FOUR BILLION INTERNETS!

 

[Crank Larson]

no uPnP and no Portforwarding enabled on my router. And I see lots of Cmdrs in the game. the network settings in AppConfig file on the other hand shows

upnpenabled="1"

does this somehow override my router settings?

No. That setting just tells E: D to try using uPnP to open the ports. If it is disabled on your router, E: D simply won't be able to do it. If you still see other people and the game runs fine, I wouldn't change anything.

 

[dape]

No. That setting just tells E: D to try using uPnP to open the ports. If it is disabled on your router, E: D simply won't be able to do it. If you still see other people and the game runs fine, I wouldn't change anything.

ok, thanks... sounds good

just found out that my ISP and router supports Dual Stack (not DS-Lite).

 

[veelckoo]

The problem is the lack of authentication from anyone, anywhere, on any port, to your device.

It is (uPNP) in no way worse than having machine connected directly to internet.
If you have software firewall on your OS than you don't care if UPNP is opening ports automatically on your router. Even better for consoles as then there is virtually no risk with the benefit of not having manually forward the ports.

 

[dape]

I enabled uPnP on my router just to test it out. When I check the network statistics in ED I have a better Ping (around 60) when uPnP is turned OFF (380 when uPnP is on).

I just wonder if there is any way to improve bad FPS in some busy instances...

 

[Crank Larson]

Now you mention it, I ran some tests too as I had to rebuild my machine. E: D works fine with uPnP disabled and no port forwarding. However, I did notice issues using that configuration - such as friend notifications coming in batches (i.e. people logging on/off at exactly the same time, apparently). Once I'd enabled port forwarding again, this stopped (notifications appeared individually).


However, that is purely anecdotal based on my experience. And as my machine was faulty, my experiences prior to the repair could well have been affected by that.

When I check the network statistics in ED I have a better Ping (around 60) when uPnP is turned OFF (380 when uPnP is on).

What is being pinged? Or is that not mentioned? It doesn't make any sense at all that ping would be affected by uPnP, so I wonder what E: D is actually reporting as ping.

 

[Shadowdancer]

It is (uPNP) in no way worse than having machine connected directly to internet.

It sure is not, but it is nonetheless a mostly useless incident waiting to happen. It only "solves" the problem of peer2peer communication, which is a problem very few people have in the first place, by giving every single application on every single device behind a UPnP enabled gateway blanket permission to make itself directly reachable from outside.

 

[Crank Larson]

It is (uPNP) in no way worse than having machine connected directly to internet.

That's not true at all. But the risk won't necessarily be to your computer - it will be due to other devices that open holes in your firewall and share their content. Depending upon the manufacturer, they may even do this by default with little if any security. More importantly, uPnP requires that software inside the network asks for the port to be opened. Directly connecting your machine to the internet means that all internet traffic will arrive at your machine - how much do you trust your software firewall?