VoIP NAT: Difference between revisions

VoIP NAT (view source)

Revision as of 00:08, 15 March 2017

1,083 bytes added , 15 March 2017

m

→‎NAT is evil: clean up, typos fixed: mutliple → multiple, etc) → etc.)

Reedy

editor

698

edits

Revision as of 09:59, 18 March 2015 (view source) AA-Andrew (talk \| contribs) mNo edit summary ← Older edit		Revision as of 00:08, 15 March 2017 (view source) Reedy (talk \| contribs) m (→‎NAT is evil: clean up, typos fixed: mutliple → multiple, etc) → etc.)) Newer edit →
(2 intermediate revisions by one other user not shown)
NAT onis ~~our~~not ~~VoIP~~officially ~~platform~~supported, ~~does~~but ~~work~~generally incan ~~many~~be ~~cases.~~made ~~However,~~to work. ~~due~~Due to the nature of NAT, and the numerous implementation and 'fixes' and 'bodges' in routers, it can be tricky to get working. Lots of the phones that we've tested do just work without the need for an ALG, Stun, Port Forwarding etc., but other network equipment (i.e. the router) may get in the way. '''We'd always suggest using public IP addresses for VoIP devices.''' The technicolor broadband routers we used to supply with Home::1 provide a full SIP/NAT ALG which means they work such that neither the phone nor our call server know NAT is in use. This appears to be a well implemented ALG and just works. Using a FireBrick FB2700 providing NAT has no ALG and does simple dynamic port forwarding of outgoing UDP connections with a default timeout of over 2 minutes. This also just works as the call server recognises the NAT and sends one minute keep-alive packets to hold the NAT session open, as well as sending symmetric RTP response packets. Other cases where testing has been done have usually required one or other approach, and in some cases required "NAT assist" to be disabled on phones or routers to allow the correct operation. SIP and NAT requires the call server, NAT device and phone to all play nicely and can still mean problems. There are a few specific cases we have tested and found reliable, but we cannot guarantee it will work in all cases or without some specific configuration settings ==NAT Tips== Disable UPnP on routers Disable SIP ALG on the router (or try enabling) See [[Disable SIP ALG]] *Disable Stun settings on the VoIP phone (or try enabling it - stun.aa.net.uk can be used) ===NAT is evil=== We could go on about the evils of NAT - but suffice to say that it is a bodge. It breaks the fundamental design principles of IP. It came about almost by accident as a way of handling ~~mutliple~~multiple devices when people moved from using one PC with a modem to a small network in their home. It served a vaguely useful purpose in that respect allowing some internet connection sharing which works for some things (web pages, email, etc.). However, it has a lot of problems. Many devices that do NAT also have ALGs (Application Level Gateways) which assist the NAT by tinkering with the packets as they go through in complex ways where the devices understands the higher level protocol. There are devices that do a reasonal job at this even with NAT. Even so, expecting this to work is pot luck as NAT and especially NAT ALGs are not built to any standard or even well documented. They work in some cases and not others. ===Why is SIP a problem===