Router settings with VoIP - any explanatory documentation?

Discussion in 'UK VOIP' started by Ed, Jul 11, 2005.

  1. Ed

    Ed Guest

    When I first started to use a softphone (X-lite) with VoIP, I was told
    that my router needed to be set with particular parameters to get it
    to work. The parameters I was told to use were:
    SIP port 5060
    RTPLang port 5004
    Voice, ports 8000..8012
    STUN, port 3478

    This mean that I had to ditch dhcp and set my PC to a fixed IP
    address. Although my set-up works with X-lite, I got no explanation as
    to just as to what exactly all these parameters mean and why there are
    necessary. The problem now is that I have added an ATA in addition to
    my softphone and I heed to know if I need to set up yet another set of
    parameters to handle my ATA. As I have no documentation whatever, the
    whole process is a black art to me. Can someone please point me to
    some documentation showing me what exactly all these parameters are
    and how to use them. Do I have to go through the same pain with my
    ATA?
     
    Ed, Jul 11, 2005
    #1
    1. Advertising

  2. Ed

    Tony Guest

    "Ed" <a.@.invalid> wrote in message
    news:1121112865.3c626b862f27123b1918ff40db8abde9@teranews...
    > When I first started to use a softphone (X-lite) with VoIP, I was told
    > that my router needed to be set with particular parameters to get it
    > to work. The parameters I was told to use were:
    > SIP port 5060
    > RTPLang port 5004
    > Voice, ports 8000..8012
    > STUN, port 3478
    >
    > This mean that I had to ditch dhcp and set my PC to a fixed IP
    > address.


    Why? Hasn't your modem/router got an option to reserve IP addresses? Most
    have an option under DHCP to reserve IP addresses for certain
    devices/computers etc.

    Although my set-up works with X-lite, I got no explanation as
    > to just as to what exactly all these parameters mean and why there are
    > necessary. The problem now is that I have added an ATA in addition to
    > my softphone and I heed to know if I need to set up yet another set of
    > parameters to handle my ATA. As I have no documentation whatever, the
    > whole process is a black art to me. Can someone please point me to
    > some documentation showing me what exactly all these parameters are
    > and how to use them. Do I have to go through the same pain with my
    > ATA?


    If you have an modem/router with DMZ, just enter the IP address of the ATA
    into the DMZ option of the modem/router
    That will open up all ports to the ATA's IP address and you will be fine.

    Tony
     
    Tony, Jul 11, 2005
    #2
    1. Advertising

  3. Ed

    Ed Guest

    On Mon, 11 Jul 2005 21:29:51 +0100, Tony wrote:

    >
    >"Ed" <a.@.invalid> wrote in message
    >news:1121112865.3c626b862f27123b1918ff40db8abde9@teranews...
    >> When I first started to use a softphone (X-lite) with VoIP, I was told
    >> that my router needed to be set with particular parameters to get it
    >> to work. The parameters I was told to use were:
    >> SIP port 5060
    >> RTPLang port 5004
    >> Voice, ports 8000..8012
    >> STUN, port 3478
    >>
    >> This mean that I had to ditch dhcp and set my PC to a fixed IP
    >> address.

    >
    >Why? Hasn't your modem/router got an option to reserve IP addresses? Most
    >have an option under DHCP to reserve IP addresses for certain
    >devices/computers etc.


    Sure, so as I've said, I've had to ditch dhcp for my PC and go through
    the pain of setting up a static IP address.

    >If you have an modem/router with DMZ, just enter the IP address of the ATA
    >into the DMZ option of the modem/router
    >That will open up all ports to the ATA's IP address and you will be fine.


    I don't have DMZ.

    In any case, I'm not looking for a quick answer like that. As
    explained, I'm looking to find out what the following parameters mean
    and how they're used:.

    SIP port 5060
    RTPLang port 5004
    Voice, ports 8000..8012
    STUN, port 3478

    Can you refer me to some documentation that explains these? That's the
    only way I will learn about setting up the parameters.
     
    Ed, Jul 11, 2005
    #3
  4. Ed

    Tony Guest

    "Ed" <a.@.invalid> wrote in message
    news:1121115066.4539bb9570ccb08425d5ddd18f52156e@teranews...
    > On Mon, 11 Jul 2005 21:29:51 +0100, Tony wrote:
    >
    >>
    >>"Ed" <a.@.invalid> wrote in message
    >>news:1121112865.3c626b862f27123b1918ff40db8abde9@teranews...
    >>> When I first started to use a softphone (X-lite) with VoIP, I was told
    >>> that my router needed to be set with particular parameters to get it
    >>> to work. The parameters I was told to use were:
    >>> SIP port 5060
    >>> RTPLang port 5004
    >>> Voice, ports 8000..8012
    >>> STUN, port 3478
    >>>
    >>> This mean that I had to ditch dhcp and set my PC to a fixed IP
    >>> address.

    >>
    >>Why? Hasn't your modem/router got an option to reserve IP addresses?
    >>Most
    >>have an option under DHCP to reserve IP addresses for certain
    >>devices/computers etc.

    >
    > Sure, so as I've said, I've had to ditch dhcp for my PC and go through
    > the pain of setting up a static IP address.
    >
    >>If you have an modem/router with DMZ, just enter the IP address of the ATA
    >>into the DMZ option of the modem/router
    >>That will open up all ports to the ATA's IP address and you will be fine.

    >
    > I don't have DMZ.
    >
    > In any case, I'm not looking for a quick answer like that. As
    > explained, I'm looking to find out what the following parameters mean
    > and how they're used:.
    >
    > SIP port 5060
    > RTPLang port 5004
    > Voice, ports 8000..8012
    > STUN, port 3478
    >
    > Can you refer me to some documentation that explains these? That's the
    > only way I will learn about setting up the parameters.


    >

    Port 5060 is the SIP (Session Initiation Protocol) control port. This is
    used for connecting to the SIP proxy server. This communicates with the
    provider and then It opens other ports for the streams of voice data
    (commonly ports in the range of either 8000-8012 or 16348-32768 provider
    dependant) Service suppliers and/or devices differ in their choice of port
    ranges to use for the voice streams, these are the high numbered ones
    normally.

    Port 5004 is used for SIP signalling, this is used to start the handshaking
    procedure and define the ports which are to be used for the carriage of
    voice data once the session is started.

    Ports 8000-8012 These ports are used to carry the voice data by some
    providers, technically known as RTP (Real-time Transport Protocol), and RTCP
    (Real-time Control Protocol) multimedia streaming ports.

    Ports 16348-32768 UDP These ports are used to carry the voice data by some
    providers, technically known as RTP, and RTCP multimedia streaming (again
    they are provider dependant)

    Ports 3478 and 3479 STUN service; (Port 10000 UDP is also used by some
    providers for the STUN)

    The STUN server ((S)imple (T)raversal of (U)DP through (N)ATs), along with
    help of the proxy/registrar at your SIP provider should normally do
    everything else for you. Basically STUN enables a device to find out its
    public IP address and the type of NAT service its sitting behind. The
    problems in STUN have to do with the lack of standardized behaviors and
    controls in NATs. The result of this lack of standardization has been a
    proliferation of devices whose behavior is highly unpredictable, extremely
    variable, and uncontrollable. STUN does the best it can in such a hostile
    environment. Ultimately, the solution is to make the environment less
    hostile, and to introduce controls and standardized behaviors into NAT.
    However, until such time as that happens, STUN provides a good short term
    solution given the terrible conditions under which it is forced to operate.

    The best way to discover what ports your provider uses, is to define these
    port ranges above into your modem/router firewall rules (services) and then
    keep a watch of the log files to see which ports are active (being logged)
    during a session of service use.

    The use of a DMZ server, means you don't need to worry about opening any
    ports individually, as the DMZ opens up all ports to the IP address of the
    ATA unit only, ensuring that whatever ports your provider uses, they will be
    open to the ATA only. This is a quick way of ensuring the needed ports are
    open for cummunication to the internet.

    I hope that makes things a bit clearer Ed.

    Tony
     
    Tony, Jul 12, 2005
    #4
  5. Ed

    Paul D.Smith Guest

    You've been told wrong. If you're using STUN and a proxy server (and most
    SIP service providers do), then you should not need to change ANYTHING on
    your router.

    Paul DS.
     
    Paul D.Smith, Jul 12, 2005
    #5
  6. Ed

    Tony Guest

    "Paul D.Smith" <> wrote in message
    news:42d3ccb3$0$6484$...
    > You've been told wrong. If you're using STUN and a proxy server (and most
    > SIP service providers do), then you should not need to change ANYTHING on
    > your router.
    >
    > Paul DS.
    >


    It did clearly say in my post:

    The STUN server ((S)imple (T)raversal of (U)DP through (N)ATs), along with
    help of the proxy/registrar at your SIP provider should normally do
    everything else for you.

    This pretty much covers what you commented about.

    It was 'Ed' who wanted the more in-depth description for the ports etc.

    Was it any good for you Ed?
     
    Tony, Jul 12, 2005
    #6
  7. Ed

    Ed Guest

    On Tue, 12 Jul 2005 19:33:59 +0100, Tony wrote:

    >Was it any good for you Ed?


    Yes Tony, it certainly helped to make things a little clearer. Thanks
    to your explanation and doing a bit further reading elsewhere, I've
    now got my ATA fully (fingers crossed) working for 2 lines! Phew what
    a palaver getting all those scores of optional parameters set.

    A few queries:

    These names (like "RTPLang" or "Voice") I was told to use in my router
    configuration, I had assumed they were some kind of reserved names for
    particular functions. I'm beginning now to think they're not reserved
    names but I can use whatever name for these services that I like, as
    long as I can understand them. Is that right?

    Then regarding DMZ, which my router doesn't have as an option. From my
    reading of DMZ is nothing more than a particular device with an IP
    address on my LAN which has all ports open. If so, can I not achieve
    the identical thing to DMZ by just defining all ports on that IP
    address as open? Is there anything else that the "proper" DMZ function
    does which is over an above my simply opening all ports on that IP
    address?

    Finally relating to STUN. That is configured on my ATA (which has 2
    lines) as a global parameter rather than as a parameter per line. I
    find that a bit confusing, since my 2 lines are attached to 2 totally
    different providers. From your explanation it seems that STUN is a
    provider-specific facility so I would have assumed that I would put a
    separate parameter in for each line.
     
    Ed, Jul 12, 2005
    #7
  8. Ed

    Paul D.Smith Guest

    Tony,

    You're talking about configuring DMZs and hard-coded IP addresses in your
    original post, neither of which should be required. For example, a fully
    hardened router (all inbound ports closed, no DMZ, DHCP addresses etc.) will
    still work completely with a STUN enabled ATA/softphoine without any
    configuration changes at all.

    Paul DS.
     
    Paul D.Smith, Jul 13, 2005
    #8
  9. Ed

    Paul D.Smith Guest

    Tony may disagree (see our earlier exchanges) but see below...

    Paul DS

    "Ed" <a.@.invalid> wrote in message
    news:1121203776.26690ab196d5cb1c0ebc59bc7efd462d@teranews...
    > On Tue, 12 Jul 2005 19:33:59 +0100, Tony wrote:
    >
    > >Was it any good for you Ed?

    >
    > Yes Tony, it certainly helped to make things a little clearer. Thanks
    > to your explanation and doing a bit further reading elsewhere, I've
    > now got my ATA fully (fingers crossed) working for 2 lines! Phew what
    > a palaver getting all those scores of optional parameters set.
    >
    > A few queries:
    >
    > These names (like "RTPLang" or "Voice") I was told to use in my router
    > configuration, I had assumed they were some kind of reserved names for
    > particular functions. I'm beginning now to think they're not reserved
    > names but I can use whatever name for these services that I like, as
    > long as I can understand them. Is that right?
    >


    PDS> Probably but for SIP with STUN you can ignore these. Services such as
    Yahoo Messenger and MS Messenger need you to open various holes through your
    security (i.e. open ports on your router) which is exactly why I don't use
    them. SIP does not require you do anything like this.

    > Then regarding DMZ, which my router doesn't have as an option. From my
    > reading of DMZ is nothing more than a particular device with an IP
    > address on my LAN which has all ports open. If so, can I not achieve
    > the identical thing to DMZ by just defining all ports on that IP
    > address as open? Is there anything else that the "proper" DMZ function
    > does which is over an above my simply opening all ports on that IP
    > address?
    >


    PDS> A DMZ usually an area between a weakened firewall (to the outside) and
    a fully hardened firewall (to your internal network) where servers such as
    mail or web servers are placed. They have to be in a weakened area because
    you have to allow people from the outside world to get to them, but you
    don't want these same people into your internal LAN.

    So you can do something like...

    Internet -- weak firewall -- DMZ -- strong firewall -- Internal network

    On the weak firewall you open whatever ports you need to direct traffic to
    the machines located in the DMZ.

    Now there is sometimes a "DMZ options" which basically says "unless told
    otherwise, an inbound connection is sent to this specific machine. This is
    fine apart from one problem. If your "DMZ machine" is a WinDoze machine,
    odds are it can be compromised and unless it is separated from your internal
    network by a good firewall, the WinDoze machine can sometimes be used to
    relay attacks to your internal network.

    So, the strong firewall is really required although with careful
    configuration you might be able to get away with using a software firewall
    such as ZoneAlarm _PROVIDING_ you mark the DMZ machine as "I wouldn't trust
    it as far as I could throw it"!

    Bottom line though - you don't need a DMZ or any specially opened ports.

    > Finally relating to STUN. That is configured on my ATA (which has 2
    > lines) as a global parameter rather than as a parameter per line. I
    > find that a bit confusing, since my 2 lines are attached to 2 totally
    > different providers. From your explanation it seems that STUN is a
    > provider-specific facility so I would have assumed that I would put a
    > separate parameter in for each line.


    PDS> I _think_ (and I have to read some more on STUN) that you should be OK.
    My understanding is that a STUN server allows your client to find out
    answers to "I'm behind a NAT, but what does the outside world think my IP
    address is"? The answer won't change between the two SIP service providers
    so a single STUN server _might_ be able to satisfy both.
     
    Paul D.Smith, Jul 13, 2005
    #9
  10. Ed

    Ivor Jones Guest

    Paul D.Smith wrote:
    > Tony,
    >
    > You're talking about configuring DMZs and hard-coded IP addresses
    > in your original post, neither of which should be required. For
    > example, a fully hardened router (all inbound ports closed, no DMZ,
    > DHCP addresses etc.) will still work completely with a STUN enabled
    > ATA/softphoine without any configuration changes at all.


    In theory yes, in practice not always. I have a Sipura 2000 that flatly
    refuses to connect without DMZ set.

    Ivor
     
    Ivor Jones, Jul 13, 2005
    #10
  11. Ed

    Paul D.Smith Guest

    > In theory yes, in practice not always. I have a Sipura 2000 that flatly
    > refuses to connect without DMZ set.
    >
    > Ivor
    >


    What are the symptoms? Can you call out? Can someone call you? Do you
    hear nothing but the other end does, or vice versa? What diagnostics such
    as line trace do you have?

    This sounds very much like a poorly implemented box which personally, I'd
    return. Since other ATAs work fine without me needing to tweak my router, I
    would expect this one to as well.

    Paul "very picky" DS
     
    Paul D.Smith, Jul 13, 2005
    #11
  12. Ed

    James Ikom Guest

    On Wed, 13 Jul 2005 13:14:28 +0100, "Paul D.Smith"
    <> wrote:

    >> In theory yes, in practice not always. I have a Sipura 2000 that flatly
    >> refuses to connect without DMZ set.
    >>

    I also have Sipura (2100) which works well as ATA and as router when
    connected directly to NTL cable modem. Have tried everything I know of
    (DMZ, port forwarding..) with Sipura behind Dell Truemobile 1184
    router and can make calls and be heard but cannot hear the person at
    the other end. For now I can settle for the first configuration but
    would love to get Sipura working behind the router.
     
    James Ikom, Jul 13, 2005
    #12
  13. Ed

    Sven Guest

    "James Ikom" <> wrote in message
    news:...
    > On Wed, 13 Jul 2005 13:14:28 +0100, "Paul D.Smith"
    > <> wrote:
    >
    >>> In theory yes, in practice not always. I have a Sipura 2000 that flatly
    >>> refuses to connect without DMZ set.
    >>>

    > I also have Sipura (2100) which works well as ATA and as router when
    > connected directly to NTL cable modem. Have tried everything I know of
    > (DMZ, port forwarding..) with Sipura behind Dell Truemobile 1184
    > router and can make calls and be heard but cannot hear the person at
    > the other end. For now I can settle for the first configuration but
    > would love to get Sipura working behind the router.


    Have you got STUN SERVER TEST, enabled on the SIP config menu? Turn it
    off.... and see how that goes.
     
    Sven, Jul 13, 2005
    #13
  14. Ed

    James Ikom Guest

    On Wed, 13 Jul 2005 17:26:23 +0100, "Sven" <>
    wrote:

    >
    >"James Ikom" <> wrote in message
    >> I also have Sipura (2100) which works well as ATA and as router when
    >> connected directly to NTL cable modem. Have tried everything I know of
    >> (DMZ, port forwarding..) with Sipura behind Dell Truemobile 1184
    >> router and can make calls and be heard but cannot hear the person at
    >> the other end. For now I can settle for the first configuration but
    >> would love to get Sipura working behind the router.

    >
    >Have you got STUN SERVER TEST, enabled on the SIP config menu? Turn it
    >off.... and see how that goes.

    Thanks for the suggestion. Stun test enable was set to OFF by default.
    I set it to ON and tried again but no difference. Any further
    thoughts?
    Thanks
     
    James Ikom, Jul 13, 2005
    #14
  15. Ed

    Ivor Jones Guest

    Paul D.Smith wrote:
    >> In theory yes, in practice not always. I have a Sipura 2000 that
    >> flatly refuses to connect without DMZ set.
    >>
    >> Ivor
    >>

    >
    > What are the symptoms? Can you call out? Can someone call you?
    > Do you hear nothing but the other end does, or vice versa? What
    > diagnostics such as line trace do you have?
    >
    > This sounds very much like a poorly implemented box which
    > personally, I'd return. Since other ATAs work fine without me
    > needing to tweak my router, I would expect this one to as well.
    >
    > Paul "very picky" DS


    I think it's down to the router actually, rather than the Sipura, because
    it works fine behind a Fritz!Box Fon which doesn't even have the option to
    set DMZ.

    Ivor
     
    Ivor Jones, Jul 13, 2005
    #15
  16. Ed

    Ivor Jones Guest

    James Ikom wrote:
    > On Wed, 13 Jul 2005 17:26:23 +0100, "Sven"
    > <> wrote:
    >
    >>
    >> "James Ikom" <> wrote in message
    >>> I also have Sipura (2100) which works well as ATA and as router
    >>> when connected directly to NTL cable modem. Have tried everything
    >>> I know of (DMZ, port forwarding..) with Sipura behind Dell
    >>> Truemobile 1184 router and can make calls and be heard but cannot
    >>> hear the person at the other end. For now I can settle for the
    >>> first configuration but would love to get Sipura working behind
    >>> the router.

    >>
    >> Have you got STUN SERVER TEST, enabled on the SIP config menu?
    >> Turn it off.... and see how that goes.

    > Thanks for the suggestion. Stun test enable was set to OFF by
    > default. I set it to ON and tried again but no difference. Any
    > further thoughts?
    > Thanks


    With me, it worked fine with STUN TEST set to OFF, with it ON I got one
    way audio, the other end could hear me but I couldn't hear them.

    Ivor
     
    Ivor Jones, Jul 13, 2005
    #16
  17. Ed

    Paul D.Smith Guest

    > I think it's down to the router actually, rather than the Sipura, because
    > it works fine behind a Fritz!Box Fon which doesn't even have the option to
    > set DMZ.
    >
    > Ivor
    >


    Umm. I suppose that's possible. I wonder what router the OP has? Wait a
    minute, perhaps the router is closing "unused" connections? To get through
    routers/NATs/firewalls, the ATA will open pin-holes _outbound_ and the proxy
    will send inbound calls through these pin-holes. I wonder if the router is
    "helpfully" closing these pin-holes because of a lack of data traffic
    through them whilst the ATA is sitting around waiting for a call?

    If the OP can say which router, perhaps someone can tell us if there is such
    a function, perhaps with a configurable timeout that can be tweaked, that
    would do this?

    Alternatively, maybe the Sipura can be tweaked to send traffic periodically
    to keep the pin-holes open.

    Paul DS.
     
    Paul D.Smith, Jul 14, 2005
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jamesb
    Replies:
    2
    Views:
    442
    hktco
    Sep 29, 2004
  2. Consultant

    OT self explanatory

    Consultant, Dec 30, 2003, in forum: MCSE
    Replies:
    2
    Views:
    369
    Dragon
    Dec 30, 2003
  3. Replies:
    2
    Views:
    1,215
    Tor-Einar Jarnbjo
    Dec 12, 2005
  4. Networking Student
    Replies:
    4
    Views:
    1,401
    vreyesii
    Nov 16, 2006
  5. ANDANI
    Replies:
    2
    Views:
    1,867
    torontolife
    Jun 4, 2009
Loading...

Share This Page