3

I am currently trying to get the following scenario to work.

Warning: I am a software engineer--not a network admin.

I have various SIP endpoints (sip based video servers) on a LAN. On a Windows Server on that LAN, I have tekSIP running as the SIP Registrar. All of this works so far. I can register from the endpoints with the registrar and make calls just fine.

Now I want to allow remote calls from outside our LAN. First, I put an A entry in our dns: "sip" which resolves to our external ip. I setup an SRV record for _sip._udp.sip.ourdomain.com. If I ping sip.ourdomain.com, everything works, the dns resolves to our public ip and the ping works. Everything also looks good in nslookup.

On our router, I forwarded port 5060 for udp to the server running tekSIP. Here is where the problem comes in. If I try to register or make a call from a remote endpoint, it always fails, and I can't even see the incoming request in wireshark on the application server.

Any ideas? I would be happy to post any config files you request.

Jonathan Henson
  • 979
  • 2
  • 10
  • 16

1 Answers1

2

You're going to need to open more ports than just 5060. 5060 is the SIP "control" port that is used for signalling only. Other ports are needed for the actual media streams.

In the case of VoIP, you'd typically be using SIP/RTP, where the RTP traffic uses one ore more ports between 10,000 and 20,000.

You'll need to examine the video transport you're using to determine what other ports are in use.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • I thought STUN, uPnP, and the registrar magically took care of the RTP, RTCP ports? – Jonathan Henson Apr 20 '12 at 01:31
  • Even so, I am not even seeing the control messages. – Jonathan Henson Apr 20 '12 at 01:31
  • There's no "magic" here. STUN et. al. may help, but you still need to be able to configure them properly and troubleshoot. I'd recommend taking a packet capture on your WAN (if possible) to see if packets are making it there. If so, then something is awry with your router and you'll need to troubleshoot further. – EEAA Apr 20 '12 at 01:33
  • Also, I must mention that uPnP has **no** place on your network. Do you really want random applications to be able to poke holes in your firewall without your knowledge? Didn't think so. – EEAA Apr 20 '12 at 01:35
  • how do I take a packet capture on the WAN? – Jonathan Henson Apr 20 '12 at 01:35
  • That's beyond the scope of this question. You're really best off just finding someone who is well-versed in this sort of thing to help you out. – EEAA Apr 20 '12 at 01:36
  • It seems that STUN handles the RTP ports just fine without any port forwarding so long as I don't use a symmetric NAT. – Jonathan Henson May 21 '12 at 15:42