Mosh: Implement support in mosh-server for opening ports via UPnP
In some situations, the remote machine may be behind NAT/firewall. While the user can manually preconfigure the requisite port-forwarding rules, it would be beneficial if mosh-server could request port allocations via UPnP.
It seems wrapper scripts[1] have previously been written to accomplish this, but this requires additional setup on each destination machine. Integrating this functionality into mosh-server itself would allow for a more streamlined usage.
[1] https://www.mail-archive.com/[email protected]/msg00103/mosh-server-upnp
jscinoz
All 7 comments
_bump_
It truly would be nice to not have to manually forward ports on behalf of mosh to make it work.
It has a SSH connection already running. Giving either mosh-server or mosh-client a flag to tell it to use UPnP would indeed be a nicer and more versatile solution than having to rely on statically forwarded ports.
funkyboris
on 1 Dec 2014
This would be a substantial usability improvement. In particular, if mosh is running on a server with other UDP services, having the ability to selectively open just mosh's UDP port on the external interface automatically is a huge win.
I don't know if UPnP is really the most elegant solution. qemu, for example, permits an ifup/ifdown pair of scripts for dealing with ip configuration and firewalling dynamically when a vm changes state. Executing a user-defined script with environment variables set for the parameters would accomplish this just as well as UPnP, without the scary security concerns that go with UPnP and SSDP.
ironiridis
on 13 Apr 2015
What about using something like MiniUPnP to attempt hole-punching if the router supports it? I wrote a proof of concept to glue it all together here.
gcochard
on 8 Apr 2016
@jscinoz wrote on 17 Jul 2014:
In some situations, the remote machine may be behind NAT/firewall. While the user can manually preconfigure the requisite port-forwarding rules, it would be beneficial if mosh-server could request port allocations via UPnP.
Agreed. This could also potentially mitigate - at least partly - users' concerns about needing to leave 60000-61000 open on mosh servers. Instead of having to leave all those ports open, it would be better to have the Mosh server automatically open one UDP port at the firewall, after being invoked via SSH, in order to enable the Mosh client to finish connecting.
ghost
on 29 Dec 2017
In particular it would be ideal for mosh to open that port only after binding to it, since an app may be able to use an idle mosh UDP port for data exfiltration otherwise.
ironiridis
on 17 Jan 2018
The simplest way to do this would probably be to add a way to have mosh run some arbitrary command via the ssh link prior to starting mosh-server. That command could then open a firewall port, or create a UPnP forwarding, or start a VPN client/server or whatever else is necessary to make connection possible.
tlhonmey
on 30 Jul 2018
Well, there is https://github.com/arcnmx/mosh-server-upnp
DCNick3
on 30 May 2019
Related issues
skrat
路
4Comments
shibumi
路
5Comments
earlchew
路
5Comments
franzf
路
5Comments
ghost
路
5Comments
Most helpful comment
What about using something like MiniUPnP to attempt hole-punching if the router supports it? I wrote a proof of concept to glue it all together here.