VOIP etc > Voice Over IP - VOIP > VOIP Tech Chat > Is SIP ALG a good solution for NAT?

Is SIP ALG a good solution for NAT?

SIP ALG's in most consumer grade routers is broken. Most providers recommend turning them off because they break more than they fix. I can't think of a router with a working sip alg off the top of my head.
--
Dovahkiin, Dovahkiin naal ok zin los vahriin wah dein vokul mahfaeraak ahst vaal!
Ahrk fin norok paal graan fod nust hon zindro zaan Dovahkiin, fah hin kogaan mu draal!

Exactly.

See here, one fellow even calls SIP ALG as evil.

»wiki.freeswitch.org/wiki/ALG

reply to vincentdelpo
I've tried it on a couple of Netgear routers. Doesn't work for me with voip.ms.

reply to OmagicQ
Even Tomato - which makes a fantastic router in my opinion - has a horrible SIP ALG. Frankly I don't know why people put energy into it, if it's going to work this poorly.

reply to vincentdelpo

reply to vincentdelpo
New to this forum and have been lurking for the past few days in preparation for my new VoIP service. That said, in seeing the opinions of SIP ALGs just now, any difference in opinion when it comes to Siproxd, »siproxd.sourceforge.net ?

Thanks.

reply to RonR
It's in Conntrack/Netfilter, but it only appears in some builds of Tomato. Indeed, Tomato is an excellent router for VoIP, when SIP ALG is disabled.

reply to Bink
Bink,

siproxd works and works very well. I have used it in the past.
in the other hand my mom told me that sip alg is the devil.
--
[nUll@dcypher ~]$

reply to Mango

Good point. All I know about that option is that it makes SIP connections time out after an hour, and not respect the UDP Timeout settings. This is bad if you're affected by the Tomato bug that causes NAT associations to be mangled. I'm not sure what else it does, if anything.

I don't think I explained that clearly. I didn't mean phone conversations would cut off after an hour. When your phone registers with a VoIP server, the router keeps the "NAT hole" open for typically the length of the Assured UDP timeout. This way, the VoIP server may deliver incoming calls to you. As long as the phone's registration interval is less than the Assured UDP Timeout, everything will work properly.

With SIP Helper turned on, the router will not respect the Assured UDP Timeout and instead uses 3600 seconds. This means that your phone has one hour to re-register and will possibly make Linksys devices workish with their default settings.

The reason this is not optimal is that if for example your ISP changes your public IP address, it could potentially take an hour before you can receive incoming calls, or worse, it could require human intervention to reboot things if you're affected by the bug I mentioned before.

Obviously if things work well for you then there's no need to tinker with anything. My point was that my opinion is the same as the general opinion in this thread - leave my SIP alone!

m.
--
Recommended ATA Settings | e164 - make your DID accessible via SIPBroker!

reply to vincentdelpo
Does anyone know if IAX gets mangled by a SIP ALG or not? I'm wondering if it might be an option for people who are stuck behind isp provided/provisioned routers with no admin access to turn it off.

(Jedi mind trick) These aren't the packers you're looking for...(/jedi mind trick)
--
Dovahkiin, Dovahkiin naal ok zin los vahriin wah dein vokul mahfaeraak ahst vaal!
Ahrk fin norok paal graan fod nust hon zindro zaan Dovahkiin, fah hin kogaan mu draal!

reply to vincentdelpo

reply to vincentdelpo
Since we're on this topic, I was wondering if you guys could help me with my DLINK DIR-625 settings.

I am experiencing problems with my voip.ms account. Often times, like today for instance, I received calls several times and each time I picked up the phone, it would get disconnected. I called back the number after a pause and I get a busy tone. I then receive a voice mail (no voice) but some background noise after every two seconds. I am sure the person trying to call me did not leave a message. This has happened several times and it is really frustrating me now.

I guess it is my router but I am not sure. I have used voip.ms's tickets and so far they haven't been able to help me out. They're trying to troubleshoot it.

Here is the screenshot to my router's firewall page:
»i39.tinypic.com/206hd84.png

Thanks guys!

reply to vincentdelpo
It's very rare to see someone runs its own STUN server. I still not have one, even though I want to do it on my local Windows server. But there is no simple and free package, that does just that...

Answering your questions:
1. I don't run Asterisk, I use FreeSWITCH instead
2. It's called "direct media mode" (one of the terms used)
3. Yes, you are. One of the functions of UPnP is to allow clients to open and forward ports on NAT router. Check for that feature support on your particular hardware
4. Yes, it is. There are two different streams of data (and related protocols) - SIP (initiation and control of the call), RTP (media stream, usually only sound stream). Direct media mode is when SIP clients stream media directly between them and do not through SIP server. The latter is used for SIP protocol only. In that mode (support is required) you may run SIP clients independently of any NAT (or multiple NATs) in the middle. But again, because the SIP protocol was not initially designed to be used with a NAT (a huge omission, IMO), there should be a special setup. STUN (ICE, local UPnP etc) could help to automate it.
--
Keep it simple, it'll become complex by itself...

reply to erfans