한국어

소프트스위치

온누리070 플레이스토어 다운로드
    acrobits softphone
     온누리 070 카카오 프러스 친구추가온누리 070 카카오 프러스 친구추가친추
     카카오톡 채팅 상담 카카오톡 채팅 상담카톡
    
     라인상담
     라인으로 공유

     페북공유
    
     PAYPAL
     
     PRICE
     

pixel.gif

    before pay call 0088 from app


http://kb.smartvox.co.uk/


sbc-in-enterprise.png


Using SIP Devices behind NAT

by SMARTVOX on AUGUST 23, 2010

SIP Devices behind NAT: What solutions are available?

When an IP phone is installed behind NAT, problems can be created by the NAT device itself, by the phone’s inability to correctly understand its own networking environment or from a combination of the two. Because it is such a common problem, most IP Phones have built-in facilities designed to help them analyse their own networking environment and to help overcome the problems of NAT traversal. Probably the most useful and effective of these is the so-called STUN mechanism. STUN is explained in more detail below. Another facility that some IP phones can use is ICE. ICE usually operates in conjunction with STUN, allowing the phone to offer several possible contact addresses to a remote SIP server. When the remote SIP device wants to connect to your phone it can try each contact address one at a time until it finds one that works.

STUN and ICE alone may not be enough. As mentioned above, the problem is not just that your IP phone needs to know it is behind NAT. It may also need some help getting through the NAT device or even maintaining a connection that has already been made through the NAT device. In particular, the NAT device may be blocking all inbound IP connections to your phone and thereby preventing a two-way audio path being established. To overcome this, you may have to use port forwarding on the NAT/firewall device. Port forwarding is a little tricky to implement, especially if you have several IP phones behind the same NAT/firewall device. However, it can sometimes be the key that unlocks the problem so give it serious consideration and remember it influences the outcomes of the STUN tests described below. Resolving your NAT traversal problems may therefore require configuration changes to the NAT device and to the IP phone.

STUN – Simple Traversal of UDP through NAT

STUN – Simple Traversal of UDP through NAT
STUN is an industry standard approach for traversal of NAT and the technical details are published as RFC 3489. It requires that your IP phone has access to a STUN server somewhere on the Internet. Your VoIP service provider should be able to give you the address details of their STUN server, but don’t despair if they cannot. See the section below that explains how to make your phone use STUN.

A simple explanation of how STUN works
Before you can use STUN, your IP phone has to be told the address (or URL) of a STUN server somewhere on the Internet. Now, when your phone is switched on and before making any attempt to register, it sends a number of queries to the specified STUN server. The STUN server carries out a few simple tests to determine things like: Is the IP phone behind a NAT device? What is the external IP address of the NAT device? How tightly does the NAT device enforce rules for blocking inbound UDP connections? Does it make a difference to inbound connections if an outbound connection has already been established to that remote address? It then reports the results back to the IP phone. The IP phone is now able to use this information to modify the SIP messages it sends when it registers and, if you are lucky, everything will now work perfectly.

So how do I make my IP phone use STUN?
Let’s assume your IP phone is STUN capable. Most IP phones have a configurable parameter for the URL (or IP address) of the STUN server. Often, all you need to do is fill in a valid address in this box, perhaps tick a check box, reboot the phone and that’s it. You are perhaps wondering what address to use in this box. The answer is you should use the STUN server recommended by your VoIP Service Provider. However, here is a tip: STUN does not include an authentication dialogue so generally any phone can use any STUN server. Here are some addresses that might work with your phone: stun.xten.com, stun.sipgate.net, stunserver.org.

The address of the service provider’s STUN server can sometimes be found from a special DNS lookup. Usually, IP phones have a configurable address for the STUN server, but if you cannot see one in your phone’s configuration menus it may still be able to use STUN by automatically getting the address from a public DNS server. You would have to consult the phones manuals and specifications to check if it supports STUN in this way.

Port Forwarding

Port Forwarding
Port forwarding is where you configure your NAT/firewall device to deliberately allow some inbound connections through to specific designated servers or host devices on the LAN (or in the DMZ). You would usually do this by adding a rule that specifies the port number, or service type, on the external WAN interface and the IP address of the target server on the LAN. In some cases the rule may also specify the port number to be used when the connection is passed through to the host on the LAN – this allows Port Address Translation or PAT. Most NAT/firewall devices allow port forwarding. However, the feature may not necessarily be called “port forwarding”. Sometimes, it is just a firewall rule; sometimes it requires a firewall rule and a NAT rule. Some firewalls allow the inbound port on the external interface to be mapped to a different port on the target host device on the LAN – so-called PAT. Others will only allow the same port number to be used for both – on Draytek routers this option is called “Open Ports”. You therefore need to be reasonably proficient with your firewall’s configuration options before attempting to set up port forwarding.

When working with SIP devices behind NAT, the ports that you may need to set forwarding for are:
1. The main SIP connection port – usually this is port 5060. The protocol is nearly always UDP
2. The RTP media port or ports – often a range of higher port numbers. UDP protocol.

You will need to find out which ports your IP phone uses for RTP media. The actual port number(s) are usually configurable. You should set the range of port numbers to as few as necessary. For a single line IP phone you may only need a range of 4 ports. You should enable port forwarding for all the RTP ports plus one more in addition because RTP connections normally use the port one numerically above for information feedback (RTCP). Allow 4 ports for each simultaneous call on a device – separate connections may be used for transmit and receive; also each connection may use one port for RTP and another for RTCP.

If possible, try not to use any port address translation. Unfortunately, if you have more than one IP phone behind the same NAT device then you may find that port address translation is almost unavoidable. One alternative would be if you have several static IP addresses configured on the external WAN port of the NAT device, in which case you could use one-to-one NAT for each phone. Another possibility is to reset the default SIP port 5060 on each phone to a different number – i.e. no two IP phones should use the same SIP port. Furthermore, you must ensure that no two IP phones use the same RTP ports. You may then be able to configure your firewall/NAT device to do port forwarding for each phone while retaining the same port numbers on the external WAN port of the firewall as those on each phone. I’ve never tried this so cannot guarantee it will work.

One-to-one NAT: One-to-one NAT can be a very useful solution for VoIP NAT traversal. The reason it helps is because it does not require any port address translation. If your IP phone specifies in the SIP INVITE that it will be listening for RTP on Port 10005 then it is easy to set up the NAT device to forward Port 10005 to the IP phone. Typically, most User Agents (IP phones) can be configured to use a preset range of port numbers for the RTP Media session. The same applies to SIP servers behind NAT – e.g. Asterisk – where you can specify the range of port numbers to be used for media sessions. Once you have defined that range of port numbers, you simply have to set the firewall/NAT device to forward that range of ports to the IP phone or server. This should work provided the external IP address is also substituted either by the UA that is behind the NAT device or by the host server operating a far-end NAT traversal strategy.

What other mechanisms allow IP Phones to work behind NAT?

Keep-alive packets: Many SIP phones make use of “keep-alive” packets to maintain the connection that is first established during registration of the phone. Registration involves an outbound connection through the NAT device and so it generally works without any problems (because NAT firewalls generally allow outbound connections and only block inbound ones). Look on your IP phone’s configuration menus to see if there is a “keep alive” option. If there is, try setting it to an interval of about 1 minute. This is usually enough to fool the NAT device into keeping the connection open and this allows the host server to send SIP requests directly to the registered phone. However, it does not solve the problem of media sessions being unable to come in through NAT so you may find your IP phone rings, but there is no audio or there is 1-way audio when you answer the call.

Tip: Do not confuse the “keep-alive” interval with the “Re-registration” interval. The latter is the time the phone will wait before it sends another registration request to the Registrar server. You should set this to a much longer time interval – for example 30 or even 60 minutes – to avoid flooding the service provider’s servers with unnecessary registration attempts. The host server will ignore surplus registration requests but it puts an unnecessary burden on their equipment.

Far-end NAT Traversal: It is possible for a well designed SIP Proxy and Registrar server to recognise that a remote IP phone trying to connect or make calls is actually behind NAT and to compensate for it automatically. This is called “far end NAT traversal” and it is generally supported by most, but not all, of the big VoIP Service Providers. It involves manipulation of the SIP headers when they arrive at the server and also requires something called a Media Proxy. If your provider operates far-end NAT traversal on its servers then it is possible that you will have to disable STUN on your phone to allow the host server to work properly. If the host server is really well designed then it will cope with most phones behind NAT irrespective of whether they are using STUN or not.

Setting up your own VoIP service Proxy and Registrar servers with far-end NAT traversal
Smartvox Limited has a wealth of experience setting up the open source SIP telephony server SER (or OpenSER). SER stands for SIP Express Router and it runs on Linux. It must be connected directly to the Internet on a static IP address (it must not be behind a NAT device itself) so that it can be configured to provide far-end NAT traversal.

Yet more solutions to NAT

Manual setting of external IP address: Some VoIP devices – User Agents and SIP Servers including Asterisk -have configurable parameters that include an option to specify the IP address of the external interface on your NAT device. So, for example, if your Asterisk PBX is behind NAT and you are having trouble making SIP calls to external peers, it is likely that you can help to solve the problem by specifying the external IP address in your SIP.CONF file – the parameter is calledexternip. Port forwarding may also be necessary.

VPN: Some users find it convenient to use a VPN connection to overcome the problems of NAT traversal. This makes sense for a home worker who needs the VPN connection for other reasons and wants to use an IP phone that registers with the office PBX. However, operating SIP across VPN can also create problems because the VPN mechanism encrypts all the packets at one end and decrypts them at the other end. This process is quite demanding of your computer’s resources or perhaps of the CPU resources in the firewall that is terminating the VPN at the office. When your IP phone streams audio media (speech) back and forth between home and office it is having to encrypt and decrypt a lot of data. This can cause delays and CPU bottlenecks which in turn cause a degradation of the speech quality so some care is needed. Of course, it does bring the benefit of greater security for your voice calls.

SIP aware firewalls: Some firewalls are designed to be SIP aware. This means they can be configured to inspect packets as they pass through and actually substitute the IP addresses or port numbers embedded in the SIP messages to match the IP address and port number it is opening on the external WAN interface of the firewall. A great idea, if it works! Regrettably, my experience of such devices has not been good and I usually disable the feature and manually open the required ports.

UPnP: If the firewall and the SIP device behind the firewall are both able to use UPnP then it may be the right solution – they can talk to each other and hopefully agree which ports need to be opened to allow SIP through. Again, this is a great idea if it works, but don’t assume that UPnP is the solution to all NAT traversal problems. Worth a try if available on the equipment you are using.

List of Articles
번호 제목 글쓴이 날짜 조회 수
160 Busy Lamp Field (BLF) feature on Opensips 2.4.0 with Zoiper configuration admin 2018-05-29 494
159 Documentation -> Tutorials -> WebSocket Transport using OpenSIPS admin 2018-05-17 489
158 List of SIP response codes admin 2017-12-20 1903
157 opensips/modules/event_routing/ Push Notification Call pickup admin 2017-12-20 1636
156 opensips push notification How to detail file admin 2017-12-20 1564
155 OpenSIPS routing logic admin 2017-12-12 1618
154 OpenSIPS example configuration admin 2017-12-12 1559
153 opensips log output admin 2017-12-11 1558
152 opensips complete configuration example admin 2017-12-10 1638
151 Opensips1.6 ebook detail configuration and SIP signal and NAT etc file admin 2017-12-10 1724
150 dictionary.opensips radius admin 2017-12-09 2294
149 what is record_route() in opensips ? admin 2017-12-09 2272
148 what is loose_route() in opensips ? file admin 2017-12-09 2283
147 in opensips what is lookup(domain [, flags [, aor]]) admin 2017-12-09 2261
146 in opensips db_does_uri_exist() what is admin 2017-12-09 2201
145 in opensips what is has_totag() admin 2017-12-09 2281
144 opensips exec module admin 2017-12-08 2357
143 opensips push notification How to admin 2017-12-07 2254
142 OpenSIPS Module Interface admin 2017-12-07 2321
141 opensips configuration config explain easy basic 오픈쉽스 컨피그레이션 기본 설명 file admin 2017-12-07 2377
140 openssl 을 이용한 인증서 생성 절차를 정리한다. 개인키 CSR SSL 인증서 파일 생성 admin 2017-09-14 3298
139 Documentation -> Tutorials -> TLS opensips.cfg admin 2017-09-14 3287
138 Using TLS in OpenSIPS v2.2.x admin 2017-09-14 3208
137 opensips tls cfg admin 2017-09-14 3414
136 How to setup a Jabber / XMPP server on Debian 8 (jessie) using ejabberd admin 2017-09-13 3655
135 SIP to XMPP Gateway + SIP Presence Server opensips admin 2017-09-13 3279
134 OpenSIPS command line tricks admin 2017-09-13 3231
133 Fail2Ban Freeswitch How to secure admin 2017-09-12 3371
132 opensips.cfg. sample admin 2017-09-12 3218
131 Advanced SIP scenarios with Event-based-Routing admin 2017-09-11 3348
130 PUSH SERVER 푸시서버 안드로이드 애플 admin 2017-09-11 3553
129 오픈소스 (사내)메신저 서버 구축, 오픈 파이어(openfire) 설치방법과 세팅(리눅스 기준) admin 2017-09-09 5883
128 rtpengine config basic and opensips configuration and command admin 2017-09-06 3397
127 WebSocket Transport using OpenSIPS configuration 웹 소켓 컨피그레이션 기본 admin 2017-09-06 3318
126 OpenSIPS basic configuration script 기본 컨피그 admin 2017-09-05 3364
125 rtpengine install and config admin 2017-09-05 3396
124 Installing RTPEngine on Ubuntu 14.04 admin 2017-09-05 3471
123 compile only the textops module make modules=modules/textops modules admin 2017-09-05 3384
122 opensips command /sbin/opensipsctl detail admin 2017-09-04 3433
121 2017 08 31 opensips 2.32 install debian8.8 module install compile err modules admin 2017-09-04 3436
120 Build-Depends debian 8.8 opensips 2.3 admin 2017-09-04 3362
119 What is new in 2.3.0 opensips admin 2017-09-04 3694
118 ubuntu 安装配置opensips,rtpproxy,mediaproxy admin 2017-09-04 3671
117 How to install Mediaproxy 2.5.2 on CentOS 6 64 bit admin 2017-09-04 3735
116 Using TLS in OpenSIPS v2.2.x configuration admin 2017-09-04 3485
115 How to 2.3 download , OpenSIPS new apt repository. DEBs for Debian / Ubuntu admin 2017-09-02 3543
114 You can install CDRTool in the following ways: admin 2017-09-01 3616
113 How to Install OpenSIPS 2.1.2 Server on Ubuntu 15.04 admin 2017-09-01 3592
112 Opensips 2.32 download admin 2017-09-01 3413
111 OpenSIPS 2.3 install admin 2017-09-01 3626
110 JsSIP: The JavaScript SIP Library admin 2017-09-01 3568
109 WebSocket Transport using OpenSIPS admin 2017-09-01 3664
108 A2Billing and OpenSIPS – Part 1 admin 2017-08-29 3542
107 A2Billing and OpenSIPS – Part 2 admin 2017-08-29 3510
106 A2Billing and OpenSIPS – Part 3 admin 2017-08-29 3625
105 OpenSIPS 2.3 philosophy admin 2017-08-17 3981
104 The timeline for OpenSIPS 2.3 is admin 2017-08-17 4202
103 OpenSIPS Control Panel and Homer integration admin 2017-08-17 3870
102 Opensips sip capture re designed admin 2017-07-16 3867
101 WebRTC with OpenSIPS WebSocket is a protocol provides full-duplex admin 2015-04-04 8567
100 WebSocket Support in OpenSIPS 2.1 admin 2015-04-04 9056
99 OpenSIPS 2.1 (rc) is available, download now! admin 2015-03-22 8533
98 Service Provision Using Asterisk & OpenSIPS - AstriCon 2014 admin 2015-02-25 10157
97 SIP Signaling-Messages OpenSIPS Running On Multicore Server file admin 2014-11-02 17799
96 opensips.cfg for Asterisk admin 2014-10-20 20017
95 A2Billing and OpenSIPS config admin 2014-10-20 19286
94 Jitsi Videobridge meets WebRTC admin 2014-10-18 19575
93 A Survey of Open Source Products for Building a SIP Communication Platform admin 2014-10-18 18999
92 Script Function , Module Index v1.11 함수 모듈 opensips admin 2014-10-14 19191
91 Opensips TM module enables stateful processing of SIP transactions admin 2014-10-04 16881
90 kamailio.cfg configuration Example admin 2014-10-04 19086
89 opensips NAT Traversal Module admin 2014-10-02 18438
88 UAC Registrant Module admin 2014-09-28 20128
87 MediaProxy 2.3.x & OpenSIPS 1.5.x Integration admin 2014-08-24 19136
86 RTPPROXY Admin Guide admin 2014-08-24 19573
85 CANCEL MESSAGE not handled correctly admin 2014-08-23 19389
84 [Sipdroid] SIP data collection study tour admin 2014-08-23 19948
83 [OpenSIPS-Users] Opensips 1.10 NAT radius aaa admin 2014-08-23 19895
82 OpenSIPS Consultancy Pricing module install Server 판매 또는 설치및 컨설팅 가이드 admin 2014-08-23 19823
81 ICE: The ultimate way of beating NAT in SIP admin 2014-08-23 19473
80 Many OPENSIPS Configuration Examples This will Help you admin 2014-08-23 19128
79 Real-time Charging System for Telecom & ISP environments admin 2014-08-23 19842
78 OPENSIPS EBOOK admin 2014-08-21 19990
77 Opensips Documentation Function admin 2014-08-21 19885
76 Presence Tutorial OpenXCAP setup admin 2014-08-18 19101
75 Opensips Modules Documentation admin 2014-08-18 19936
74 A lightweight RPC library based on XML and HTTP admin 2014-08-18 19337
73 opensips Nat script with RTPPROXY - English Good perfect admin 2014-08-15 17501
72 OpenSIPS Control Panel (OCP) Installation Guide Good admin 2014-08-13 17470
71 Installation and configuration process record opensips opensips-cp admin 2014-08-13 39726
70 OpenSIPS as Homer Capture server admin 2014-08-13 17167
69 OpenSIPS , default script , Types of Routs , Routing in SIP, Video lecture admin 2014-08-13 19202
68 Configuracion de Kamailio 3.3 con NAT Traversal y XCAP. admin 2014-08-12 19720
67 Under RHEL6.5 install OpenSIPS 1.11.1 tls admin 2014-08-12 18666
66 OpenSIPS/OpenSER-a versatile SIP Server cfg admin 2014-08-11 19929
65 Kamailio Nat Traversal using RTPProxy admin 2014-08-11 19450
64 MediaProxy wiki page install configuration admin 2014-08-11 19506
63 오픈소스 (사내)메신저 서버 구축, 오픈 파이어(openfire) 설치방법과 세팅 admin 2014-08-11 30699
62 MediaProxy Installation Guide admin 2014-08-10 19122
61 RTPProxy 1.2.x Installation & Integration with OpenSIPS 1.5x admin 2014-08-10 20245
60 Opensips Installation, How to. Good guide wiki page admin 2014-08-10 17098
59 OpenSIPS Installation Notes admin 2014-08-09 16427
58 Installation and configuration process record opensips 1.9.1 admin 2014-08-09 22750
57 opensips 1.11.2 install Good Giide admin 2014-08-09 19885
56 fusionPBX install debian wheezy admin 2014-08-09 19313
55 opensips 1.11.2 install guide good 인스톨 가이드 admin 2014-08-09 19175
54 SigIMS IMS Platform admin 2014-05-24 20040
53 2013 2012년 분야별 최고의 오픈소스 소프트웨어 124선 admin 2014-04-05 22527
52 Video conference server OpenMCU-ru - Introduction admin 2014-04-01 22274
51 SIPSorcery admin 2014-03-18 20384
50 Ekiga (formely known as GnomeMeeting) is an open source SoftPhone admin 2014-03-12 20687
49 telepresence: Open Source SIP Telepresence/MCU admin 2014-03-12 28050
48 SIP PBX - OpenSIPS and Asterisk configuration admin 2014-03-12 22245
47 Conference Support in Kamailio (OpenSER) admin 2014-03-12 22689
46 OpenSIPS configuration for 2 or more FreeSWITCH installs admin 2014-03-12 18503
45 The Impact of TLS on SIP Server Performance file admin 2014-03-12 20487
44 book-opensips-101 / content / 3.2. SIP TLS Secure Calling.mediawiki admin 2014-03-12 19565
43 Where to check OpenSIPS does not start? admin 2014-03-09 19870
42 opensips-1.10.0_src.tar.gz experimental source code documentation admin 2014-03-09 20819
41 Kamailo OpenSIPs installation on Debian admin 2014-03-09 21008
40 Using the openSIPS Registrant Module admin 2014-03-09 21167
39 RTPproxy Frequentry Asked Questions (FAQ) ¶ admin 2014-03-07 19164
38 Building Telephony Systems with OpenSIPS 1.6 RTPProxy + OpenSIPS 1.7 admin 2014-03-07 20365
37 Installing RTPproxy Start RTPproxy in Bridged mode very good admin 2014-03-07 27145
36 OpenSIPS Control Panel (OCP) Installation Guide admin 2014-03-06 18740
35 OpenSIPS Control Panel install guide admin 2014-03-06 19764
34 rtpproxy Module admin 2014-03-06 20415
33 MediaProxy Installation Guide admin 2014-03-06 23074
32 How to install OpenSIPS on CentOS debian module add xcap admin 2014-03-06 20996
31 Problem with presence_xml module Opensips 1.9 admin 2014-03-06 20500
30 Building Telephony Systems with OpenSIPS 1.6 books file admin 2014-03-06 21411
29 Multimedia Service Platform admin 2014-03-06 19832
28 How to install OpenSIPS on CentOS Debian etc admin 2014-03-05 20786
27 Opensips Installation, How to. admin 2014-03-05 17179
26 100% CPU usage opensips admin 2014-03-05 20139
25 A2Billing and OpenSIPS admin 2014-03-04 21005
24 Opensips_1.9 install guide this is great I like this admin 2014-03-04 26320
23 Opensips install debian admin 2014-03-03 21064
22 Open Source VOIP applications, both clients and servers. admin 2013-11-20 21527
21 OfficeSIP Server is freeware VoIP, SIP server for Windows admin 2013-09-11 22550
20 My new toy: Bluebox-ng admin 2013-04-06 36021
19 Flooding Asterisk, Freeswitch and Kamailio with Metasploit admin 2013-04-06 33423
18 Asterisk Installation Asterisk Realtime configuration admin 2013-04-06 25179
17 The SIP Router Project admin 2013-04-06 24243
16 Kamailio :: A Quick Introduction admin 2013-04-06 21575
15 Welcome to the Smartvox Knowledgebase admin 2013-04-06 22041
14 Kamailio 3.3.x and Asterisk 10.7.0 Realtime Integration using Asterisk Database admin 2013-04-06 26127
13 OpenSIPS vs Asterisk admin 2013-04-06 51511
12 OpenSER_from_an_asterisk_POV file admin 2013-04-06 22018
» Using SIP Devices behind NAT OPensip Asterisk IPPhone SIP Telephony file admin 2013-03-31 50233