Hello, first of all I want to thank you about your great work.
The question is I’m trying to get working STUN and Geniacs, to link CPE in a asimmetric NAT network. Stuntman server and genieacs are in the same server and I think that are working.
The problem is that CPE only show their private IP in wan port, not the “public” IP that is NATTING.
I have read about that STUN protocol is not enough for achieve this, and we need a TURN server.
Has anybody successfully achieved this, or it is “impossible”?Any clue?
Then network is a WISP, and the outer CPE is a Router (mikrotik/ubiquiti/cambium/…) that owes the “public” IP does NAT to internal wireless router (could be any TR069/cwmp capable device, as fritzbox,TPlink, cambium, etc…).
The device should report the STUN server IP/hostname and the port reserved for it in the parameter UDPConnectionRequestAddress. Can you confirm that?
Other than that, try setting the option ‘UDP_CONNECTION_REQUEST_PORT’. It should be the same port that’s used by your STUN server. Here’s a relevant comment from the code:
When a device is NAT’ed, the UDP Connection Request must originate from
the same address and port used by the STUN server, in order to traverse
the firewall. This does require that the Genieacs NBI and STUN server
are allowed to bind to the same address and port. The STUN server needs
to open its UDP port with the SO_REUSEADDR option, allowing the NBI to
also bind to the same port.
Hello, thanks about the response, I’m triyng the stuntman-server but there is no --reuseaddr option in the config file (I’ve tried in the CLI command and it throws --reuseradr is not available), genieACS has the UDP_CONNECTION_REQUEST_PORT configured.
This option should be configured in compile time?
Finally I’ve found that I have a old version of stuntman server, now I have the newest version, but still not working.
I wrote to device’s support (tp-link) because the device looks like doesn’t inform correctly, ( I can’t find the strings InternetGatewayDevice.ManagementServer.UDPConnectionRequestAddress, InternetGatewayDevice.ManagementServer.STUNEnable in genieacs GUI.)
Hello again, I have been received a TXT file from tplink, with all the TR98 parameters that informs the device.
I think that there is some non “standart” params. Please, can you tell the way to inform Genieacs, about the template that the manufacturer sends?
I’m unable to attach the txt file, and don’t want to write a very laaaaarge e-mail
Hello again, TPlink says that : InternetGatewayDevice.ManagementServer.UDPConnectionRequestAddress it’s a parameter they inform, but I’m unable to see it in devices parameter list, is there anything I can do?
Hi there, trying to send a request from GenieACS to a router with OpenWRT and easycwmp via STUN through NAT, but unable to do it. Seems like GenieACS is using correct info from the field “UDPConnectionRequestAddress”, but, as you can see from the screenshot, it’s hanging out by a timeout without actually doing anything. Maybe someone has a hint?
1- Install the STUN service the same server where Genie is installed and configure Genie to bind to the same source port as the STUN service. To allow two processes to bind to the same port you need your STUN software to support SO_REUSEADDR. To configure the source port that Genie binds to, use the config ‘cwmp.udpConnectionRequestPort’ v1.2 or ‘UDP_CONNECTION_REQUEST_PORT’ in v1.1.
2- Use this particular STUN server implementation: STUN Client and Server download | SourceForge.net. This implements a special relay feature (the ‘-m’ flag) that I haven’t seen implemented elsewhere. With this it’s not necessary for STUN and Genie to be on the same server (and none of that port reuse business). But as jselbie commented in the thread linked above, it’s prone to DOS attacks.
well in the example above, the cwmp.udpConnectionRequestPort was already set to 3478 (stun default port)
I did install the stunman and runned as decribe with --reuseaddr.
I have genieacs 1.2.9 installed and stunserver running with --reuseaddr, all ports open (scanned with nmap from lan), when natted router registers to genieacs it uses private IP, when genieacs tries to connect to the router is unreachable.
Acs logs shows informEvent="1 BOOT,4 VALUE CHANGE" when router registers.
I used to see same situation that GenieACS sends 3 UDP messages to CPE and make sure CPE can receive these UDP messages.
Then what’s next? I stuck here for over a week until I tried to send tr069 inform for “6 connection request” from CPE just after CPE received these UDP messages and verified its content(see G.2.1.4 UDP Connection Requests in TR-069_Amendment-6).
So that following HTTP request from GenieACS will work!
The way I send tr069 inform as below: (openwrt platform)
system(“ubus call tr069 inform ‘{\“event\”:\“6 connection request\”}’”);
