Enable PCP by default? #31663

issue darosior openend this issue on January 15, 2025
  1. darosior commented at 7:19 pm on January 15, 2025: member

    Centralize discussion around turning the natpmp setting to on by default.

    UPnP used to be turned on by default. It was turned off by default following numerous vulnerabilities found in miniupnpc. We recently got rid of the miniupnpc dependency by dropping the UPnP feature (https://github.com/bitcoin/bitcoin/pull/31130). In addition we implemented PCP with NAT-PMP fallback in house (https://github.com/bitcoin/bitcoin/pull/30043), safer protocols enabling the same NAT traversal feature to end users.

    We have unit tests for our in-house implementation of PCP/NAT-PMP on the way (https://github.com/bitcoin/bitcoin/pull/31022). Once we also have fuzzing coverage then it becomes reasonable to consider potentially enabling the feature by default. The upside of turning this feature on by default is, if most ISP default provided router support it by default, a much more diverse P2P network. The downside is an increased attack surface: a vulnerability affecting only listening nodes would now also expose people’s node at home.

    Compatibility matrix of our PCP/NAT-PMP support. If your router at home is not included in this list please consider testing and let me know the result. See below for testing instructions.

    Router PCP support NAT-PMP fallback support Is PCP/NAT-PMP support enabled by default on the router?
    Verizon default-provided router :x:
    Spectrum’s “WIFI 6E router N/A :x:
    Astound ? ? ?
    Archer AX3000 Pro :x:
    Archer AC1750 :x:
    OPNSense N/A :x:
    openwrt N/A ?

    Testing instructions

    • Start bitcoind on any network with the natpmp flag
    • Spot the lines mentioning “PCP”, “NAT-PMP”, “natpmp” or “port mapping”
    • Check if the port was successfully mapped, check if it worked immediately with PCP or if NAT-PMP fallback was necessary
    • (optional) in case of failure, check if you need to manually enable PCP support in your router’s configuration
    • (optional) in case of success, you could check if the node is publicly reachable for good measure
    • Stop bitcoind
  2. fanquake added this to the milestone 30.0 on Jan 15, 2025
  3. darosior commented at 7:24 pm on January 15, 2025: member
    To be clear i’m not suggesting we turn this option on by default in 29, this merely opens the discussion more formally than yesterday’s chat on IRC. And i started writing this mainly to centralize results of tests against various routers.
  4. sipa commented at 11:53 pm on January 16, 2025: member

    Works out-of-the box on an Archer AX3000 Pro router/modem (with NAT-PMP fallback):

     02025-01-16T21:58:50.803107Z [net] portmap: gateway [IPv4]: 192.168.0.1
 12025-01-16T21:58:50.804793Z [net] pcp: Requesting port mapping for addr 0.0.0.0 port 8333 from gateway 192.168.0.1
 22025-01-16T21:58:50.804834Z [net] pcp: Internal address after connect: 192.168.0.150
 32025-01-16T21:58:50.805718Z [net] pcp: Received response of 8 bytes: (scrubbed)
 42025-01-16T21:58:50.805736Z [net] portmap: Got unsupported PCP version response, falling back to NAT-PMP
 52025-01-16T21:58:50.805747Z [net] natpmp: Requesting port mapping port 8333 from gateway 192.168.0.1
 62025-01-16T21:58:50.806500Z [net] natpmp: Received response of 12 bytes: (scrubbed)
 72025-01-16T21:58:50.942274Z [net] natpmp: Received response of 16 bytes: (scrubbed)
 82025-01-16T21:58:50.942361Z [net:info] portmap: Added mapping natpmp:(scrubbed) -> 192.168.0.150:8333 (for 2400s)
 92025-01-16T21:58:50.942472Z [net] portmap: gateway [IPv6]: (scrubbed)
102025-01-16T21:58:50.945277Z [net] pcp: Requesting port mapping for addr (scrubbed) port 8333 from gateway (scrubbed)
112025-01-16T21:58:50.945308Z [net] pcp: Internal address after connect: (scrubbed)
122025-01-16T21:58:50.945891Z [net:warning] pcp: Could not receive response: Connection refused (111)

    And I am getting inbound connections.

  5. murchandamus commented at 11:12 pm on January 18, 2025: contributor

    I have an Archer AC1750.

    Starting with bitcoind -natpmp -daemon my debug.log shows:

    012025-01-18T23:04:02Z Command-line arg: natpmp=""
232025-01-18T23:04:17Z [net:info] portmap: Added mapping natpmp:(scrubbed):8333 -> 192.168.0.172:8333 (for 2400s)
4

    And I also have inbound connections.


darosior sipa murchandamus

Milestone
30.0

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-01-21 03:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me