How do VoIP devices punch holes for RTP?

Discussion in 'VOIP' started by Gilles Ganault, Apr 15, 2007.

  1. Hi

    I was wondering: How do SIP devices open the ports they need for RTP?

    I'm about to send an IP phone to someone who doesn't know much about
    things computers, so I need to find out if his router can handle
    SIP/RTP automagically, or if he'll need to map incoming ports to this

    Is there a way to check this easily? Some special words to look for in
    the router's documentation ("UPnP?")? Some utility I can run from the
    outside or that he can download and run on his computer to check if
    his router will open ports dynamically?

    Thank you.
    Gilles Ganault, Apr 15, 2007
    1. Advertisements

  2. Ideally the phones would be put in front of any firewalls or NAT
    translations. That's how SIP and RTP are meant to be run and doing it
    any other way is a bit of an uphill battle.

    If you do need to run SIP and RTP behind a firewall or NAT box you'll
    need to read up on "stun" and configure the phones to use one. If
    things are working correctly stun should take care of opening up
    any stateful firewall and working around any NAT translations.

    Wolfgang S. Rupprecht, Apr 15, 2007
    1. Advertisements

  3. Gilles Ganault

    Hongtian Guest

    If your SIP client (or SIP phone) can support STUN protocol, it will
    be very easy to through NAT with a STUN server.

    If you want to run your SIP server on microsoft windows platform, I
    suggest you to try miniSipServer which is a SIP&STUN server.

    If you have a linux computer, it is better to try Asterisk or Brekeke
    SIP server, they are also very good choices. But they cannot be STUN
    server at the same time, then you can try '' as your
    STUN server.

    Enjoy SIP!
    Hongtian, Apr 16, 2007
  4. Thanks guys for the tip. I though STUN was simply a way for an SIP
    device in a private LAN to learn its public IP address by connecting
    out to a STUN server on the Net, but I guess that, when running in
    STUN mode, an SIP device keeps sending packets out to keep some ports
    open on the router.

    In that case, how can the remote SIP device use those open ports? Is
    an open UDP port available for use by any remote host, even if it's
    not the STUN server that was used to open them in the first place?

    I'll read up on STUN. Thank you.
    Gilles Ganault, Apr 17, 2007
  5. I believe the STUN hack works as such: Initially both sides talk to
    the stun server and it relays the packets. After a while the two
    endpoints try to talk to each other directly using the same ports that
    they used when talking indirectly via the stun server. The act of the
    local phone sending a UDP packet out to the remote phone through the
    local stateful firewall should cause the firewall to create a second
    opening, this time for the remote phone. Since both sides are doing
    the same thing, both firewalls should end up having pass rules
    inserted for packets from both the stun server and for the direct UDP
    link to the other side. (This is just from my cursory reading, I may
    have some of the details wrong. Corrections welcome.)

    Wolfgang S. Rupprecht, Apr 17, 2007
  6. Thanks for the explanation, but most calls are made from two phones
    that don't use the same STUN server, if at all. In that case, I wonder
    how the STUN trick works.

    I'll see what documentation I can gather about STUN, UPnP and possibly
    other tricks SIP phones can use to open RTP ports dynamically.
    Gilles Ganault, Apr 18, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.