VoIP NAT: Difference between revisions
Content deleted Content added
Fixing the multiple phones behind NAT problem |
|||
| (8 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
<indicator name="VoIP">[[File:menu-voip.svg|link=:Category:VoIP|30px|Back up to the VoIP and SMS Category Page]]</indicator> |
|||
You have probably been directed to this page because you are having trouble with Voice over IP services (using SIP) when using a router or firewall which does some sort of Network Address Translation (NAT). This page tries to explain some of the issues, and why it is often a problem. |
You have probably been directed to this page because you are having trouble with Voice over IP services (using SIP) when using a router or firewall which does some sort of Network Address Translation (NAT). This page tries to explain some of the issues, and why it is often a problem. |
||
| Line 7: | Line 8: | ||
*The Technicolor broadband routers we used to supply with Home::1 provide a full SIP/NAT ALG which means they work such that neither the phone nor our call server know NAT is in use. This appears to be a well implemented ALG and just works. |
*The Technicolor broadband routers we used to supply with Home::1 provide a full SIP/NAT ALG which means they work such that neither the phone nor our call server know NAT is in use. This appears to be a well implemented ALG and just works. |
||
*Using a FireBrick FB2700 providing NAT has no ALG and does simple dynamic port forwarding of outgoing UDP connections with a default timeout of over 2 minutes. This also just works as the call server recognises the NAT and sends one minute keep-alive packets to hold the NAT session open, as well as sending symmetric RTP response packets. |
*Using a FireBrick FB2700 providing NAT has no ALG and does simple dynamic port forwarding of outgoing UDP connections with a default timeout of over 2 minutes. This also just works as the call server recognises the NAT and sends one minute keep-alive packets to hold the NAT session open, as well as sending symmetric RTP response packets. |
||
*Some phones allow the public IP address to be entered in the configuration (e.g. Grandstream products have a "Use NAT IP" option). |
|||
*A STUN server enables a phone to be told its public IP address (e.g. ''stun.aa.net.uk). |
|||
*Other cases where testing has been done have usually required one or other approach, and in some cases required "NAT assist" to be disabled on phones or routers to allow the correct operation. |
*Other cases where testing has been done have usually required one or other approach, and in some cases required "NAT assist" to be disabled on phones or routers to allow the correct operation. |
||
*SIP and NAT requires the call server, NAT device and phone to all play nicely and can still mean problems. There are a few specific cases we have tested and found reliable, but we cannot guarantee it will work in all cases or without some specific configuration settings |
*SIP and NAT requires the call server, NAT device and phone to all play nicely and can still mean problems. There are a few specific cases we have tested and found reliable, but we cannot guarantee it will work in all cases or without some specific configuration settings |
||
==Tips and recommendations for VoIP through NAT== |
|||
==NAT Tips== |
|||
If you do want to use NAT, then here are some tips if you are struggling: |
If you do want to use NAT, then here are some tips if you are struggling to get calls working: |
||
*'''Have your broadband with us.''' - we provide public IPs on all our connections. |
|||
*Disable UPnP on routers |
*'''Disable UPnP''' on routers |
||
*Disable SIP ALG on the router (or try enabling) See [[Disable SIP ALG]] |
*'''Disable SIP ALG''' on the router (or try enabling) See [[Disable SIP ALG]] - ALG can do funky things! |
||
*Reduce the '''registration 'expiry'''' - try '''10 minutes''' (600 seconds) the default on devices us usually an hour. - helps keeps the registration active |
|||
*Set '''SIP Keepalive''' (if the phone has this option) to '''30 seconds''' - this helps keep the NAT session live on the router |
|||
*If the VoIP phone has a config setting to enter your external/public IP address, then enter the address of your router's WAN port |
*If the VoIP phone has a config setting to enter your external/public IP address, then enter the address of your router's WAN port |
||
* |
*'''Enable Stun''' settings on the VoIP phone, or disable stun it - stun.aa.net.uk can be used as the server name |
||
*Enter firewall rules on the router to allow UDP traffic from our VoIP servers to your VoIP phone. See [[VoIP Firewall]] |
*Enter firewall rules on the router to allow UDP traffic from our VoIP servers to your VoIP phone. See [[VoIP Firewall]] - usually not needed for NAT, but needed if you have public IPs |
||
* '''Avoid ISPs that do CGNAT''' - that is NAT within their own network. - Having multiple levels of NAT between your handset and our service can cause problems in practice. Ask your ISP to provided you with a public IP address and no CGNAT. |
|||
* '''Switch to using IPv6''' |
|||
If you have |
If you have two similar VoIP phones behind a router using NAT, you may have to change the port settings on one phone. |
||
The local SIP port (often 5060) and the local RTP port(s) can't be the same on the 2 phones - if they are the same, you'll |
The local SIP port (often 5060) and the local RTP port(s) can't be the same on the 2 phones - if they are the same, you'll |
||
get weirdness on incoming calls. |
get weirdness on incoming calls. |
||
| Line 128: | Line 136: | ||
[[Category:VoIP Faults]] |
[[Category:VoIP Faults]] |
||
[[Category:VoIP]] |
|||