HELLO & WELCOME

[SteveAtVoIP2Go]

I've recently been testing a new VoIP server and was using an Obi1032 IP Phone to make calls. I was a bit upset when I started to experience one-way audio problems on some calls. One-way audio on outgoing calls usually means that the person you called will hear you, but you will not hear them.

The reason? - The far end is sending audio (RTP) packets to either the wrong IP address or the wrong RTP Port.

Without going into too much detail at this stage, the first thing to try is enabling STUN. This usually solves the problem by making sure that your VoIP equipment includes the correct public IP address and audio port in it's packets.

If STUN does not work for you, find out what port range is used for RTP packets, make sure your VoIP equipment has a fixed local IP address and then forward the RTP ports in your router to the IP address of your VoIP equipment.

Happy Calling

[WelshPaul]

make sure your VoIP equipment has a fixed local IP address and then forward the RTP ports in your router to the IP address of your VoIP equipment.

An example:

When using freepbx/asterisk you must make sure that you open the correct UDP ports in your router's firewall and point them at your Asterisk server. For SIP protocol, open UDP (NOT TCP) port 5060 (SIP) AND ports 10000-20000. All these ports are UDP, opening the TCP ports will NOT help anything and may expose your system needlessly. While you are in your firewall configuration, you may as well also open UDP port 4569 (IAX), since sooner or later you'll probably want to accept IAX connections.

You can see the actual range under the "General SIP Settings" page.

[bosconian]

I have an Asterisk server but it isn't exposed to the wild (as in it doesn't have Internet access) and we only use it on our local network so I haven't experienced NAT problems (i.e. one way audio) yet, but I want to make it available to the outside world. You think that if I just open 5060 and 10000-20000 UDP there won't be any problem? Also, isn't there any security risks on opening so many ports on my firewall?

[SteveAtVoIP2Go]

I do not use Asterisk but I believe it has settings to help with NAT. You have no option other than to open ports, however, from what I've read you can reduce SIP probes by around 90% simply by avoiding 5060 and using a port other than in the 5060 -6000 range.

[WelshPaul]

I have an Asterisk server but it isn't exposed to the wild (as in it doesn't have Internet access) and we only use it on our local network so I haven't experienced NAT problems (i.e. one way audio) yet, but I want to make it available to the outside world. You think that if I just open 5060 and 10000-20000 UDP there won't be any problem? Also, isn't there any security risks on opening so many ports on my firewall?

By default you shouldn't have to open any ports. As steve points out above, Asterisk has settings to help with NAT...

If your Asterisk PBX is behind a NAT firewall, i.e. the PBX has an IP such as 192.168.1.1 then you will need to perform additional configuration to allow Asterisk to route the SIP and RTP correctly.

The NAT configuration can be found in the file /etc/asterisk/sip.conf, the relevant section that needs to be edited is reproduced below:

The example below assumes that your Asterisk PBX has an IP address of 192.168.1.X

externip=XX.XXX.XX.XX (This needs to be your PUBLIC WAN IP address, which can be found out either from your routers administration web page, or by visiting www.whatismyip.com)

localnet=192.168.1.0/255.255.255.0

nat=yes

Once the file has been edited, you will need to restart Asterisk, consult your distribution documentation on how to perform this, for example:

service restart asterisk

sudo /etc/init.d/asterisk restart