Re: ORBI RKB50 and UPnP/IGD - Broadcasting in AP mode

(I enjoy the community forum because time after time topics come up which expose how little I know about networking....)

My impression is that question involves two topics:

• Does putting an Orbi router in Access Point mode eliminate the UPnP capability in the sense that devices on the LAN are able to participate in UPnP with the internet.  (This is a topic of much interest, and it appears that the general consensus is "Don't do this unless you must do it.")
  Yes. When the Orbi is in AP mode, it has no direct contact with the internet, and thus it cannot enable devices on the LAN to open ports using the Internet Gateway Protocol (IGP).  Only the actual router that connects to the ISP is capable of enabling UPnP to the internet.
• Does the Orbi device itself participate in UPnP? (https://en.wikipedia.org/wiki/Universal_Plug_and_Play )
  i.e. Does it send SSDP "Alive" messages?  Does it act as an SSDP "Control Point"?
  This is a much tougher problem to address.  After searching (and searching) for tools to discover UPnP devices on my local network, the only thing I have come up with so far is gupnp-tools for Linux.  Have been running gssdp-discover for quite some time.  So far, it has found:
  • Sony DVD Player
  • Sonos One speaker
  • Plex Multimedia Server
• But, so far the Orbi router has not been "discovered."
  This could be because my Orbi has to be in router mode (ISP device is a plain modem).  And, UPnP is not enabled on my Orbi router.
• I have another Orbi that is connected to the primary LAN for testing.  It is also in router mode and has not been "discovered" so far. (how long do these tools take to find UPnP devices?)  I suppose it could be put into AP mode as a test.

So, after much typing, I have no method to 'turn off' UPnP on the Orbi in AP mode.

p.s. found an app for Android. called UPnP Scanner.  It reports the same three devices on the network (DVD player, Sonos speaker, Plex Multimedia Server).

The common thread is that none of these apps can scan the Orbi WAN (public) interface.

(Damn, this is fun!)

After placing that test Orbi router in Access Point mode, (TaDa!) NOW the UPnP Scanner app "sees it":

Netgear,Inc NETGEAR Orbi DesktopAC3000 Router RBR50

Friendly name: RBR50 (AP)

Device Type: urn:schemas-pnp-org-device:WFADevice: 1

Base URL: http://192.168.1.80:56688

PresentationURL: http://www.orbilogin.net

Services:  urn:schemas-upnp-org:service:Layer3Forwarding: 1

I logged into the router to double check: On the web interface, the UPnP menu option is greyed out.  As the Orbi is not acting as a "router", the function to enable UPnP is not accessible.

My guess is that you have discovered a Bug.  When the router is in "router" mode with UPnP disabled, then it does not respond to discovery probes.  When in AP mode, it does respond but cannot actually "do anything."  I have a feeling that this might have to do with changes made to the eth0 interface because of the change in mode.  There's a lot that is different based on mode. Router mode is Layer 3 (IP). Broadcast packets do not pass through the Orbi WAN port in either direction.  AP mode is Layer2 (ethernet), so broadcast packets do pass through in both directions. Waaay over my head.

I am glad you think this is "FUN"  - LoL  

I agree - it is a BUG - and given that these puppies (when I bought them - were considered "Premium" devices) this concerns me that something this simple is overlooked.  If it was DISABLED in Router Mode - it should not start listening or broadcasting on UPnP port when the mode changes.  

Given that this the RBR50 / RBS50 are both basically running OpenWRT (limited and lots of things disabled) - they need to fix this or allow OpenWRT to create a Firmware which gives access to Everything.  

Who even knows if NETGEAR reads these posts and will even address this - probably blow it off, given they have their "SHINY NEW WIFI 6" Orbis out there now...and in their lameness do not offer an UPGRADE discount to us other ORBI owners - especially with the CHIP SHORTAGES.  Just expect us to TRASH 'EM and spend another $400-600 to upgrade.  

So NETGEAR - I ask - how do we fix this???  

---

@bearhntr wrote:

......  So NETGEAR - I ask - how do we fix this???  

---

Considering the clusterf**k frenzy going on with Orbi AX model issues, my guess is that this UPnP issue is not likely to rate in the "top 10" for Netgear engineering. Software engineers do not spend time browsing the forums, so no one going to look at it until support makes a case to management that the problem needs to be fixed.

To "complete the test", I put the Test Orbi back into router mode and verified:

• When UPnP is not enabled, a UPnP scanner connected to the test Orbi (not the primary network) did not detect any UPnP function.
• When UPnP is enabled, the UPnP scanner detected the Orbi router as an Internet Gateway Device, which it is when enabled.
  (Note that this is different than the report on the Orbi when in AP mode, which did not claim to be an IGD.)

This is where my lack of network sophistication comes in.  What damage does this UPnP flaw do?

• Will devices on the network not be able to find media servers?
• Will media servers not be able to announce themselves on the internet (if that's what the user wants and the primary router supports that capability)?

I think damage is the key element. an explanation of how this affects operation.

I cannot understand why there is no DD-WRT for the Orbi.  I have looked at Voxel's stuff - but that appears to be a NIGHTMARE!! to implement. 

---

@bearhntr wrote:

I cannot understand why there is no DD-WRT for the Orbi.  I have looked at Voxel's stuff - but that appears to be a NIGHTMARE!! to implement. 

---

The folks behind DD-WRT simply have not chosen to implement on the Orbi platform.  No idea why (or why not).

Voxel's firmware is almost trivial to install.  (I have done it myself.)  The only "gotcha" is to manually load a specific version of stock firmware first (as described in the READ.ME file.).  There are huge sections of the Orbi code that Voxel cannot change because they are proprietary binary files. My guess is that whatever affects UPnP is in that part of the code, and thus Voxel's firmware will behave the same way.  (That experiment is more than I want to do right now.)

I remain ignorant about what damage it causes to have the Orbi router announce what it is and what it might be capable of, while clearly not claiming to to be an internet gateway (IGD).  I am used to kids saying, "Oh Grand Pa. You just don't get it."  (and maybe I really don't.)   My little network did not seem to melt down when I put that test Orbi into AP mode.

I appreciate your responses and testing...

  Looks like it is time to move up my UBIQUITI (UNIFI) migration.  

When (or if) I get the urge to invest in a new WiFi solution, I foresee a real challenge in selecting from the enormous variety of products from major players: Asus, Amazon (eero ), Google (Nest), Linksys (Atlas, Velop), Netgear (Nighthawk, Orbi), TP-Link (Deco), Ubiquiti.

I know lots about Netgear's shortcomings but have no experience with the other brands. Oh, my.

Networking trivia is a key part of diagnosing many problems that come up on the forum.  For example, it turns out that IGMP Snooping on Ethernet switches can interfere with network connections in ways that are not obvious.  That is why so many times people will ask, "Is there a switch in the network?"  I would love to file away a note about "UPnP when Orbi in AP Mode" that describes what problem users are likely to mention so I can ask, "Is this Orbi in AP mode?"

Well - Security is Security.....is well......Security.  

  If your system is secure - and you state that when ORBI is in AP mode - UPnP/IGD is not active....it should not be found by ANY SCAN.  Let alone a third-party product which is not really "looking" for it.  It just sees that packets are coming from the UPnP/IGD ports is still active.

  You have proved this - you put ORBI in Router mode and disable UPnP and got no hits - then set ORBI to AP mode - and 'ouila' it starts sending packets for UPnP/IGD.   This is a SERIOUS SECURITY FLAW if you ask me.  

  I will be going with UBUQUITY (when and IF they ever start carrying inventory again).  

Once someone has connected to the internal LAN, there are so many potential security risks to exploit.

• Many routers, such as Netgear's host web servers for management (ports 80 and 443).
• There is a DHCP server (somewhere) accepting DHCP requests.
• Some device is providing DNS lookup. (My Pi-hole also has a web server for management)
• Media servers accept connections.
• Security cameras accept connections on all sorts of ports.
• My FTP server is open to the LAN (but not the internet).
• Printers accept connections (mine even has a web interface).
• I have switches with web management interfaces.
• The list goes on and on...

I believe the third party UPnP Scanner finds the Orbi in AP mode because that's the way UPnP is supposed to work. Devices 'find each other'.

Hacking is really out of my league, so I am at a loss to imagine how serious this security issue is.  What damage can an evil person inflict by exploiting it?  That's what will determine the priority Netgear assigns to working to fix it.  Right now, they appear to be consumed with a "Emergency red flag priority ticket" because Orbi 750 and 850 systems cannot be reached with the Orbi app or through the web interface.

Ubiquiti makes really cool stuff. Sorry their supply chain has ground to a halt.