Hello,

I'm going back and forth between using Upnp or not when I need to forward ports for my game. I would like people to be able to start the game without actually knowing whether it has online features or not (sort of like Journey handles mp). Also I suspect that most players are not interested in configuring routers and port forwarding rules.

However there are security concerns regarding Upnp... yet I have noticed several popular games/programs use Upnp (particularly Elite Dangerous, Plex Media Server and Utorrent).

Would you recommended using Upnp, is it reliable? ... I'm having problems getting it to work on my asus rt-ac66u router.

You will need to do something to get through various network devices.  NAT devices (Network Address Translation) are everywhere and you need to traverse them somehow.

NAT punchthrough through an introducer is a relatively easy approach that works on many devices, but doesn't work well in deeply-nested network environments and on certain advanced configurations. UPnP can navigate those troublesome network environments.

Both NAT Punchthrough routines and UPnP protocols are easier for the user than manually opening ports.

Like most protocols and services, UPnP has had some security concerns. Even so, it is widely used and solves many real-world problems in network environments.  Programs should use it if it is available on the network.

UPnP is basically the polite form of "please let this application traverse the NAT safely".  NAT Punchthrough using an introducer is a time-tested common approach you should support when UPnP isn't available.  And when it fails, the broadly-accepted fallback is a repeater service, which is more costly to maintain.  Telling people to manually open up ports can sometimes work as a last resort, but people on complex networks (such as using a cell phone as their ISP) often cannot do that.

16 hours ago, O-san said:

Also I suspect that most players are not interested in configuring routers and port forwarding rules.

A pretty high percentage of consumers aren't going to have the technical know-how to configure port forwarding. And many people also won't have the access necessary to do so - for example, students living in a university dorm are subject to the whims of their IT department, and many parents aren't comfortable handing the router admin credentials to their kids.

16 hours ago, O-san said:

However there are security concerns regarding Upnp...

Security issues with UPnP are somewhat tangential. Yes, those issues do mean that various (mostly corporate) networks won't have UPnP enabled, but wherever it's available it tends to be the least-intrusive method of NAT traversal.

The security problems are for users who have UPnP enabled on their network. Your game is no more or less secure whether it tries to use UPnP or not.

So, try to use UPnP, and if it works, great. If not, you should have a fallback NAT introducer server to enable connecting to other players (and you'll need a server for matchmaking anyway.)

Finally, your documentation/help site could tell users how to set up port forwarding if they want to; you can implement that as a "will always work, last resort," but don't put that front and center in your default user flow.

Thanks for the replies everyone! I will continue to wrestle upnp... if it is available. 

As a fallback I will refer to manual port forward. I have very little time to spend on this project and zero budget =P