upnp for amplifi teleport on verizon fios network keeps failing

  • hi i’m unable to connect my amplifi teleport to the internet via my verizon fios connection... i keep getting a upnp error even though i have it enabled, any thoughts on resolving the issue? thanks!

  • Does your WAN IP address (what's shown on the base, not what you'll see on an internet site) start with 100?

    Some fios customers have CGN (carrier-grade NAT) and curious if yours is one of them.

  • @jonathan-lugtu i have the same issue. It gets Lan and internet connection (only if you pair on 2.4, no internet on 5).

    UPnP doesn't take and I've tried resetting the teleport and resetting the UPnP on the Amplifi. What I don't understand is that you can see that a dhcp license was given out by the Amplifi.

  • having the same issue. My base station is in bridge mode and it fails after connecting to the internet and trying to get router details saying an issue with UPnP . verified that its on.

  • For reference... My connection isn't fios. AT&T VDSL.

  • Same problem here, with AT&T Uverse. I enabled Remote Access, hoping that would fix it, and that works fine from my phone, so UPnP has to be at least partially working. Just not whatever the teleport needs. Or the error message is wrong and it's something else completely.

    I have a standalone teleport if that matters.

  • @steven-carr so far.. What I've seen is that it happens to standalone teleports only. The bundles already have them paired so they don't go through setup i don't believe.

  • @Ben-Hwang, @Steven-Carr, @Ryan-Kelley, @Jonathan-Lugtu Hi all. Given that you're talking about UPnP errors, it looks like teleport has been successfully paired with the router. Here's a few important things after that:

    • teleport will not work on the same internet connection as the router; if you want to test it at home, use a mobile phone hotspot
    • teleport DOESN'T NEED UPnP and you don't need to enable it ON the AmpliFi router; instead it's NEEDED BY the AmpliFi router (so you'd enable it on the ISP modem/router) IF it doesn't have a public IP address

    The connectivity test that you get by tapping on the teleport icon is actually testing if the router has the right environment for teleport connections.

  • @ubnt-gunars

    "teleport DOESN'T NEED UPnP and you don't need to enable it ON the AmpliFi router; instead it's NEEDED BY the AmpliFi router (so you'd enable it on the ISP modem/router) IF it doesn't have a public IP address"

    That doesn't make sense. So after you pair, the setup is strictly for the remote router you're attaching the teleport to? I believe that's what you're saying.

    I think the issue is... If pairing is the end of setup, then the instructions need to be better in stating that. So far, the instructions make it out like there are more steps. And those steps require some action before setup is complete.

    I'll lug the teleport to work to see if I can get a connect then.

  • Same problem here - UPnP error message, so my Teleport will not finish setup and is basically unusable. I've got a ticket in with support, so hopefully we'll work through it. Leaving on vacation in less than a week and I would really like to use it there!

    I have several AmpliFi HDs in bridge mode behind a SonicWALL TZ-500 connected to the internet via Charter Spectrum.

  • Okay. So I think I know what the issue is (however it's still not usable).

    The "setup" after pairing is for the Remote router. So you need to take it somewhere and basically try the Internet for there and see if you can connect. That's not clear from the instruction manual.

    I tried to connect back to my Amplifi HD at home and it still states that I have a UPnP issue. I have to assume that this is specific to the remote router and not your home router. If that's the case, then this limits the usability. If it's speaking about the home router, then UPnP is turned on, and thus something isn't allowing the traffic through.

    I don't believe it's a VPN tunnel (I don't remember Ubiquiti stating otherwise), but if the ports are blocked going back in, that might be the issue.

    LAN/Internet detection is fine, but I can never get the AmplifiHD router information to show and move to the last step (this is now tested at a remote location).

  • @Ben-Hwang, @Mark-Ludviksen the setup flow for standalone Teleport should go like this:

    1. power the Teleport up near the home AmpliFi router
    2. open the mobile app, accept Teleport pairing request and see it appear on the dashboard (offline for now)
    3. tap on the Teleport icon in the app, select Test Connectivity (this is actually a test of the home AmpliFi router to see if it can accept remote connections from Teleport)
    4. if the test passes, go on to next step; if it fails due to UPnP, you need to make sure that whatever is upstream of the home AmpliFi router (ISP modem/router, firewall) has UPnP services and direct access to a public IP address; your home AmpliFi router won't be able to accept Teleport connections until this is resolved
    5. connect to Teleport's setup network, configure the network that it will broadcast, as well as its internet connection (this can't be your home internet connection, so either use a mobile hotspot or move the Teleport to a different home, office etc.)
    6. after these conditions are met, Teleport will finally be shown as online in the app

    P.S. Teleport itself doesn't need UPnP. You can put it behind multiple routers without UPnP, firewalls, hotel networks, guest networks and so on – it will still connect to the home AmpliFi router. All it needs is internet access.

  • @ubnt-gunars Awesome. Thanks. I'll check the UPnP services upstream to make sure. That is much more helpful for directions.

    The one item is that on Dashboard, if you hide the Teleport, you no longer can un-hide the Teleport. That will be an issue. I assume it's gone into your defect logs, but if there's a way to show this, that would be helpful.

  • @ubnt-gunars
    That's terrible! My SonicWALL doesn't support UPnP as it is widely considered a security risk:

    Malware On Your Network Can Use UPnP
    A virus, Trojan horse, worm, or other malicious program that manages to infect a computer on your local network can use UPnP, just like legitimate programs can. While a router normally blocks incoming connections, preventing some malicious access, UPnP could allow a malicious program to bypass the firewall entirely. For example, a Trojan horse could install a remote control program on your computer and open a hole for it in your router’s firewall, allowing 24/7 access to your computer from the Internet. If UPnP were disabled, the program couldn’t open the port – although it could bypass the firewall in other ways and phone home.

    Is This a Problem? Yes. There’s no getting around this one – UPnP assumes local programs are trustworthy and allows them to forward ports. If malware not being able to forward ports is important to you, you’ll want to disable UPnP.

    How can I get my Teleport working without using UPnP? Can I open up ports on my router and direct them to my Amplifi HD?

    If I can't get it to work without UPnP, I want a refund.

  • @mark-ludviksen Hi Mark! I suppose we could expose the selected port so you (and others in the same situation) can set up port forwarding. Have to check how often we change it. Will let you know about the ETA on this tonight.

  • @ubnt-gunars Thanks for those new instructions. I'll check them out, along with the upstream UPnP settings, though I have the same problem as @Ben-Hwang where I can't un-hide the Teleport in the app. I'll be pretty surprised if that's it though, since I haven't had problems with other UPnP things. When I enabled the Remote Access feature in the app to see if it was necessary for the teleport, it worked, and I'm guessing that also uses UPnP?

  • @ubnt-gunars Would love to know what ports to forward and TCP or UDP or both. I just checked and my VDSL modem doesn't have UPnP. Yes. Old school.

  • @steven-carr: remote access uses WebRTC. All unhiding should be temporary, and come back after power cycling the hidden device.

    @Ben-Hwang: can't that modem give direct access to a public IP address? Maybe you can put it in bridge mode.

  • @ubnt-gunars This sounds interesting, eagerly awaiting these ports.

  • @ubnt-gunars isn't a bridge mode on the modem.

Log in to reply