starred/qBittorrent

Fork 0

mirror of https://github.com/qbittorrent/qBittorrent.git synced 2026-03-02 22:57:32 -05:00

NAT-PMP works, but QB fails to detect router and use NAT-PMP #17169

New issue

Open

opened 2026-02-22 03:42:35 -05:00 by deekerman · 6 comments

deekerman commented

2026-02-22 03:42:35 -05:00

Owner

Originally created by @rptaylor on GitHub (Sep 13, 2025).

qBittorrent & operating system versions

qBittorrent v5.1.2
Fedora 42

What is the problem?

I configured QB to use the wg0 interface, and set the UPNP lease duration to 60 s (the max PMP lease time supported by my gateway).

I confirm that the NAT-PMP protocol works correctly in my network environment (for both UDP and TCP):

$ natpmpc -a 1 0 udp 60 -g 10.2.0.1  
initnatpmp() returned 0 (SUCCESS)
using gateway : 10.2.0.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Public IP address : a.b.c.d # removed
epoch = 694567
sendnewportmappingrequest returned 12 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Mapped public port 58175 protocol UDP to local port 0 lifetime 60
epoch = 694567
closenatpmp() returned 0 (SUCCESS)

I also confirmed the mapped port 58175 shown above is being forwarded as expected.
At the same time as running natpmpc, I confirmed the NAT-PMP packets are sent and received as expected with tcpdump:

$ sudo tcpdump -n -i wg0 port 5351 or port 5350
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wg0, link-type RAW (Raw IP), snapshot length 262144 bytes
16:54:03.606951 IP 10.2.0.2.59045 > 10.2.0.1.5351: UDP, length 2
16:54:03.624968 IP 10.2.0.1.5351 > 10.2.0.2.59045: UDP, length 12
16:54:03.625003 IP 10.2.0.2.59045 > 10.2.0.1.5351: UDP, length 12
16:54:03.642603 IP 10.2.0.1.5351 > 10.2.0.2.59045: UDP, length 16

Then I start QB with the "Use UPnP / NAT-PMP forwarding" option enabled.
But tcpdump shows no packets to or from port 5351 or port 5350, indicating that QB is not attempting any NAT-PMP request at all. Then a few minutes later it logs:

2025-09-13 4:56 p.m. - UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[10.2.0.2]: no router found"

Why does it fail to detect the router? If it did the equivalent operation to my natpmpc -a 1 0 udp 60 -g 10.2.0.1 command it should succeed. Can there be an option to specify the NAT-PMP router address 10.2.0.1 ?

Steps to reproduce

Use QB on a ProtonVPN network that supports NAT-PMP.

https://protonvpn.com/support/port-forwarding-manual-setup/

Additional context

No response

Log(s) & preferences file(s)

2025-09-13 4:56 p.m. - UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[10.2.0.2]: no router found"

Originally created by @rptaylor on GitHub (Sep 13, 2025). ### qBittorrent & operating system versions qBittorrent v5.1.2 Fedora 42 ### What is the problem? I configured QB to use the wg0 interface, and set the UPNP lease duration to 60 s (the max PMP lease time supported by my gateway). I confirm that the NAT-PMP protocol works correctly in my network environment (for both UDP and TCP): ``` $ natpmpc -a 1 0 udp 60 -g 10.2.0.1 initnatpmp() returned 0 (SUCCESS) using gateway : 10.2.0.1 sendpublicaddressrequest returned 2 (SUCCESS) readnatpmpresponseorretry returned 0 (OK) Public IP address : a.b.c.d # removed epoch = 694567 sendnewportmappingrequest returned 12 (SUCCESS) readnatpmpresponseorretry returned 0 (OK) Mapped public port 58175 protocol UDP to local port 0 lifetime 60 epoch = 694567 closenatpmp() returned 0 (SUCCESS) ``` I also confirmed the mapped port 58175 shown above is being forwarded as expected. At the same time as running natpmpc, I confirmed the NAT-PMP packets are sent and received as expected with tcpdump: ``` $ sudo tcpdump -n -i wg0 port 5351 or port 5350 dropped privs to tcpdump tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on wg0, link-type RAW (Raw IP), snapshot length 262144 bytes 16:54:03.606951 IP 10.2.0.2.59045 > 10.2.0.1.5351: UDP, length 2 16:54:03.624968 IP 10.2.0.1.5351 > 10.2.0.2.59045: UDP, length 12 16:54:03.625003 IP 10.2.0.2.59045 > 10.2.0.1.5351: UDP, length 12 16:54:03.642603 IP 10.2.0.1.5351 > 10.2.0.2.59045: UDP, length 16 ``` Then I start QB with the "Use UPnP / NAT-PMP forwarding" option enabled. But tcpdump shows no packets to or from port 5351 or port 5350, indicating that QB is not attempting any NAT-PMP request at all. Then a few minutes later it logs: ``` 2025-09-13 4:56 p.m. - UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[10.2.0.2]: no router found" ``` Why does it fail to detect the router? If it did the equivalent operation to my `natpmpc -a 1 0 udp 60 -g 10.2.0.1` command it should succeed. Can there be an option to specify the NAT-PMP router address 10.2.0.1 ? ### Steps to reproduce Use QB on a ProtonVPN network that supports NAT-PMP. https://protonvpn.com/support/port-forwarding-manual-setup/ ### Additional context _No response_ ### Log(s) & preferences file(s) 2025-09-13 4:56 p.m. - UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[10.2.0.2]: no router found"

deekerman added the

Network

Proxy/VPN

labels

2026-02-22 03:42:35 -05:00

deekerman commented

2026-02-22 03:42:39 -05:00

Author

Owner

@rptaylor commented on GitHub (Sep 13, 2025):

https://github.com/arvidn/libtorrent/pull/7890 ?

@rptaylor commented on GitHub (Sep 13, 2025): https://github.com/arvidn/libtorrent/pull/7890 ?

deekerman commented

2026-02-22 03:42:39 -05:00

Author

Owner

@Danny3 commented on GitHub (Nov 27, 2025):

Ever since I enabled the Execution Log tab years ago, I have always seen warning messages about NAT-PMP not working correctly!
No matter what router I used and what OS that router had, even with OpenWRT.
Even now (without any VPN being used or configured):
DATE TIME - UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[192.168.1.130]: no router found"

I think this part of the program was always and still is completely broken!
As I have never seen it not showing this message even though most of the times the 'Connection Status' was 'Online' and worked as expected.
Maybe it's checking just initially, for a very short time and is rushing to write that message to the log.
The 'no router found' part is also veery stupid as I have always been connected though a router.
Maybe it wanted to say: No response / reply received from the router on the port (whichever port was tried here).
That would make more sense as maybe the UPNP server / service on the router might not be working, so not responding, but the whole router not being found, is just completely wrong.

I tried that command on the router that I'm currently connected to and it gave me this:

natpmpc -a 1 0 udp 60 -g 192.168.1.1
Which gave me:
initnatpmp() returned 0 (SUCCESS)
using gateway : 192.168.1.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned -7 (FAILED)
readnatpmpresponseorretry() failed : the gateway does not support nat-pmp
errno=111 'Connection refused'

So I decided to enter the control panel interface of this ISP router and see if the UPNP is really disabled, which it really was.
I turned on and rebooted the router!
So I ran this command again:
natpmpc -a 1 0 udp 60 -g 192.168.1.1
Which gave me this time:
initnatpmp() returned 0 (SUCCESS)
using gateway : 192.168.1.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned -7 (FAILED)
readnatpmpresponseorretry() failed : the gateway does not support nat-pmp
errno=111 'Connection refused'

Which is exactly as before from what I can see and the "UPnP Service List" table in this ISP router is empty (no entries).
Maybe I'm doing something wrong.

@Danny3 commented on GitHub (Nov 27, 2025): Ever since I enabled the Execution Log tab years ago, I have always seen warning messages about NAT-PMP not working correctly! No matter what router I used and what OS that router had, even with OpenWRT. Even now (without any VPN being used or configured): DATE TIME - UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[192.168.1.130]: no router found" I think this part of the program was always and still is completely broken! As I have never seen it not showing this message even though most of the times the 'Connection Status' was 'Online' and worked as expected. Maybe it's checking just initially, for a very short time and is rushing to write that message to the log. The 'no router found' part is also veery stupid as I have always been connected though a router. Maybe it wanted to say: No response / reply received from the router on the port (whichever port was tried here). That would make more sense as maybe the UPNP server / service on the router might not be working, so not responding, but the whole router not being found, is just completely wrong. I tried that command on the router that I'm currently connected to and it gave me this: `natpmpc -a 1 0 udp 60 -g 192.168.1.1` Which gave me: initnatpmp() returned 0 (SUCCESS) using gateway : 192.168.1.1 sendpublicaddressrequest returned 2 (SUCCESS) readnatpmpresponseorretry returned -7 (FAILED) readnatpmpresponseorretry() failed : the gateway does not support nat-pmp errno=111 'Connection refused' So I decided to enter the control panel interface of this ISP router and see if the UPNP is really disabled, which it really was. I turned on and rebooted the router! So I ran this command again: `natpmpc -a 1 0 udp 60 -g 192.168.1.1` Which gave me this time: initnatpmp() returned 0 (SUCCESS) using gateway : 192.168.1.1 sendpublicaddressrequest returned 2 (SUCCESS) readnatpmpresponseorretry returned -7 (FAILED) readnatpmpresponseorretry() failed : the gateway does not support nat-pmp errno=111 'Connection refused' Which is exactly as before from what I can see and the "UPnP Service List" table in this ISP router is empty (no entries). Maybe I'm doing something wrong.

deekerman commented

2026-02-22 03:42:39 -05:00

Author

Owner

@Danny3 commented on GitHub (Nov 27, 2025):

OK, I think I figured out a bit more on how to confirm that router's UPnP works!
That 'natpmpc' command doesn't work no matter what I do. Either because it doesn't work or because I don't know what arguments it needs exactly.
I found and installed another one, called: upnpc
Which I found from this answer here:
https://superuser.com/a/1770547
From which I tried that command:
upnpc -r 13 TCP
Which gave me:
upnpc: miniupnpc library test client, version 2.3.3.
(c) 2005-2025 Thomas Bernard.
More information at https://miniupnp.tuxfamily.org/ or http://miniupnp.free.fr/

List of UPNP devices found on the network :
desc: http://192.168.1.1:1900/uslece/gatedesc.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found an IGD with a reserved IP address (100.114.63.101) : http://192.168.1.1:1900/upnp/control/uslece/WANIPConn1
Local LAN ip address : 192.168.1.130
ExternalIPAddress = 100.114.63.101
InternalIP:Port = 192.168.1.130:13
external 100.114.63.101:13 TCP is redirected to internal 192.168.1.130:13 (duration=0)

And the router's UPNP page gives me this now:

ID	Service Description	External Port	Protocol	Internal IP Address	Internal Port
1	libminiupnpc	    13	            TCP	        192.168.1.130	    13

So this upnpc tool works (confirmed by its output in the terminal and the new and single entry added to the router's UPnP page)!

@Danny3 commented on GitHub (Nov 27, 2025): OK, I think I figured out a bit more on how to confirm that router's UPnP works! That 'natpmpc' command doesn't work no matter what I do. Either because it doesn't work or because I don't know what arguments it needs exactly. I found and installed another one, called: upnpc Which I found from this answer here: https://superuser.com/a/1770547 From which I tried that command: `upnpc -r 13 TCP` Which gave me: upnpc: miniupnpc library test client, version 2.3.3. (c) 2005-2025 Thomas Bernard. More information at https://miniupnp.tuxfamily.org/ or http://miniupnp.free.fr/ List of UPNP devices found on the network : desc: http://192.168.1.1:1900/uslece/gatedesc.xml st: urn:schemas-upnp-org:device:InternetGatewayDevice:1 Found an IGD with a reserved IP address (100.114.63.101) : http://192.168.1.1:1900/upnp/control/uslece/WANIPConn1 Local LAN ip address : 192.168.1.130 ExternalIPAddress = 100.114.63.101 InternalIP:Port = 192.168.1.130:13 external 100.114.63.101:13 TCP is redirected to internal 192.168.1.130:13 (duration=0) And the router's UPNP page gives me this now: ```ini ID Service Description External Port Protocol Internal IP Address Internal Port 1 libminiupnpc 13 TCP 192.168.1.130 13 ``` So this upnpc tool works (confirmed by its output in the terminal and the new and single entry added to the router's UPnP page)!

deekerman commented

2026-02-22 03:42:39 -05:00

Author

Owner

@Danny3 commented on GitHub (Nov 27, 2025):

I now managed to reproducibly add and remove (multiple times) the port forwarding to UPnP with these 2 commands:

# Add the port
upnpc -a 192.168.1.130 10178 10178 TCP
# remove the port
upnpc -d 10178 TCP 192.168.1.130

After running each command I clicked on the 'Refresh' button on router's "UPnP Service List" table and confirmed that it got there and removed from there.
The '10178' port that I tried, is the same that the program has in the "Port used for incoming connections:" input field.
The '192.168.1.130' IP is the one my computer has on the LAN.
Even though it's the same port that I manually set with that command and the router's UPnP page confirms its addition, I restarted the program and now it shows these 2 lines:
DATE TIME - UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[192.168.1.130]: unknown UPnP error (-911)"
DATE TIME - UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[192.168.1.130]: unknown UPnP error (-911)"
I ran the command again to delete the UPnP entry (thinking that maybe it's trying to add the same port and it can't because it's already added and is not getting the proper success result) and restarted the program, but this error message keeps appearing.
Whatever the program is doing, it's clearly not doing it right and the router cannot confirm addition or removals of these UPnP rules (nothing changes when I click on that Refresh button between restarts of the program), like it can do for the 'upnpc' command!

My tests were done from a computer running Debian 14 + KDE Plasma 6.3.5
Connected wirelessly to a ISP provided router: Tp-Link EX220 v1.0

@Danny3 commented on GitHub (Nov 27, 2025): I now managed to reproducibly add and remove (multiple times) the port forwarding to UPnP with these 2 commands: ```ini # Add the port upnpc -a 192.168.1.130 10178 10178 TCP # remove the port upnpc -d 10178 TCP 192.168.1.130 ``` After running each command I clicked on the 'Refresh' button on router's "UPnP Service List" table and confirmed that it got there and removed from there. The '10178' port that I tried, is the same that the program has in the "Port used for incoming connections:" input field. The '192.168.1.130' IP is the one my computer has on the LAN. Even though it's the same port that I manually set with that command and the router's UPnP page confirms its addition, I restarted the program and now it shows these 2 lines: DATE TIME - UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[192.168.1.130]: unknown UPnP error (-911)" DATE TIME - UPnP/NAT-PMP port mapping failed. Message: "could not map port using UPnP[192.168.1.130]: unknown UPnP error (-911)" I ran the command again to delete the UPnP entry (thinking that maybe it's trying to add the same port and it can't because it's already added and is not getting the proper success result) and restarted the program, but this error message keeps appearing. Whatever the program is doing, it's clearly not doing it right and the router cannot confirm addition or removals of these UPnP rules (nothing changes when I click on that Refresh button between restarts of the program), like it can do for the 'upnpc' command! My tests were done from a computer running Debian 14 + KDE Plasma 6.3.5 Connected wirelessly to a ISP provided router: Tp-Link EX220 v1.0

deekerman commented

2026-02-22 03:42:39 -05:00

Author

Owner

@rptaylor commented on GitHub (Nov 27, 2025):

@Danny3 NATPMP and UPnP are different protocols (although they have a similar purpose for port forwarding).
It looks like your gateway does not support NATPMP. Sounds like you're making some progress with UPnP , but I don't think that is related to the NATPMP functionality of QB described in this issue.

@rptaylor commented on GitHub (Nov 27, 2025): @Danny3 NATPMP and UPnP are different protocols (although they have a similar purpose for port forwarding). It looks like your gateway does not support NATPMP. Sounds like you're making some progress with UPnP , but I don't think that is related to the NATPMP functionality of QB described in this issue.

deekerman commented

2026-02-22 03:42:39 -05:00

Author

Owner

@Danny3 commented on GitHub (Nov 27, 2025):

@Danny3 NATPMP and UPnP are different protocols (although they have a similar purpose for port forwarding). It looks like your gateway does not support NATPMP. Sounds like you're making some progress with UPnP , but I don't think that is related to the NATPMP functionality of QB described in this issue.

So that's why the 'natpmpc' command didn't work in my case?
I haven't seen any NATPMP on any of the router's control panel pages, so I guess the firmware in it doesn't support also that protocol and it supports only UPnP.
ATM, this is the only gateway I have access to, but in my opinion, since there are 2 protocols for the same thing, the best would be if the program would support both of them!
From what I see, the UPnP would be really easy with those two commands, if it can call them.
I want to test the NATPMP too, when I will find a gateway capable of doing that.
Hopefully other users or developers can add more useful comments than mines.

LE: BTW, I see here:
https://www.xda-developers.com/you-should-disable-nat-pmp-on-your-router-right-now/
And here:
https://docs.netgate.com/pfsense/en/latest/services/upnp.html#upnp-igd-pcp
That NAT-PMP has been (or should be) replaced the the PCP (Port Control Protocol) so there are 3 protocols in total that the program should support for this feature to work with all the gateways and their provided services.
Hopefully they can track the statuses of the implementations and progress for them somewhere.

@Danny3 commented on GitHub (Nov 27, 2025): > [@Danny3](https://github.com/Danny3) NATPMP and UPnP are different protocols (although they have a similar purpose for port forwarding). It looks like your gateway does not support NATPMP. Sounds like you're making some progress with UPnP , but I don't think that is related to the NATPMP functionality of QB described in this issue. So that's why the 'natpmpc' command didn't work in my case? I haven't seen any NATPMP on any of the router's control panel pages, so I guess the firmware in it doesn't support also that protocol and it supports only UPnP. ATM, this is the only gateway I have access to, but in my opinion, since there are 2 protocols for the same thing, the best would be if the program would support both of them! From what I see, the UPnP would be really easy with those two commands, if it can call them. I want to test the NATPMP too, when I will find a gateway capable of doing that. Hopefully other users or developers can add more useful comments than mines. LE: BTW, I see here: https://www.xda-developers.com/you-should-disable-nat-pmp-on-your-router-right-now/ And here: https://docs.netgate.com/pfsense/en/latest/services/upnp.html#upnp-igd-pcp That NAT-PMP has been (or should be) replaced the the PCP (Port Control Protocol) so there are 3 protocols in total that the program should support for this feature to work with all the gateways and their provided services. Hopefully they can track the statuses of the implementations and progress for them somewhere.