Questions

Can I use SIP outbound proxy to bypass NAT?

Tags:
+
0 Votes
Locked

Can I use SIP outbound proxy to bypass NAT?

chinesehkl
Guys,
I want to make voip call from LAN/softphone to PSTN across ISP network, which block all voip ports. Do you think below network setup can accomplish my goal? Can I bypass NAT router/ ISP firewall by putting SIP Proxy between ISP and SIPserver to perform NAT traversal?

[PSTN]----(FXOgateway)----{Router}----(ISP)----{Router}----(SIPserver)----[LAN]

Thanks for all your inputs.

hkl
  • +
    2 Votes
    robo_dev

    It all depends on how clever your ISP is. Some do a good job of spotting/blocking SIP and others simply block port 5060. A point-to-point VPN is a better solution since it will work with almost any ISP, and typically the connection can be used for more than just voice.

    http://www.brekeke.com/products/products_sip_nat.php
    http://www.voip-info.org/wiki/view/NAT+and+VOIP

    +
    0 Votes
    chinesehkl

    robo_dev,
    Sip server i used is based on asterisk (PBXinaFlash) and in local network. Can PBXinaFlash perform NAT traversal? Do you mean VPN solution can solve both NAT issue and ISP firewall problem? Internet connection is slow (512kbps) at one end (PSTN side) so will there be voice quality problem considering encryption/decryption nature of vpn method? and tks for sharing the links.

    +
    1 Votes
    jhoward

    512Kb dedicated for VOIP or a DSL line used for other stuff as well? This along with the CODEC used will determine the number of concurrent calls you can expect before bandwidth becomes a call quality issue. Keep in mind bandwidth is usually not the culprit for call quality but rather QoS. The main reason people usually have issues with VOIP is they try to use SIP trunks over public internet where neither the user nor the trunk provider have control over the middle network resulting in sporadic problems that neither end can do anything about. Don't get me wrong it is entirely possible to have good calls over the public internet - you just never know when something in the middle will cause an issue.

    On a side note to the above caution - A VPN to the other server (TCP based with very lightweight encryption) can actually help voice quality over the public internet in some cases by reducing the number of lost packets - YMMV.

    Another option to look at (or combined with a VPN):
    Since you are Asterisk based on at least one end you could also have a local asterisk server that takes SIP from the phones and uses an AIX2 trunk to the far end server. AIX2 uses a single port for RTP and messaging which solves a lot of the NAT problems and also reduces some of the messaging bandwidth overhead from SIP - although not likely to make a difference in this case. You can also specify a port for AIX2 to use to get around a providers limitations.

    +
    0 Votes
    chinesehkl

    xDSL line 512kbps is a shard common line, but i can make sure it to be indirectly dedicated for VoIP by making some controls over users. For VPN setup, i'm thinking to use OpenVPN tunnelling. (with dd-wrt firmware) Thanks for introducing me about aix2 trunk, which seems better than sip trunk as you mentioned. Referring diagram in my question, i want to put sip server on LAN subnet and make 1 stage dialing to FXO gateway across public internet. Do u think this network setup can work? If I were to replace FXOgateway with GSM gateway, can i still establish aix2 trunk? sorry for the stupid questions.

    +
    0 Votes
    chinesehkl

    One more thing, I don't want to put another sip server on PSTN side to make sip/aix2 trunk. Can it be done?

    +
    0 Votes
    jhoward

    Do you manage the server/appliance that is the FXOGateway? What is this FXOGateway - Adtran, Asterisk w/ FXO cards, etc.?

    There are quite a few options here but a VPN might be the simplest especially with regards to SIP and NAT.

    Feel free to take this offline if the details get too specific and you want to send me a PM. We can always post the overall solution later in case anyone else has a similar question.

  • +
    2 Votes
    robo_dev

    It all depends on how clever your ISP is. Some do a good job of spotting/blocking SIP and others simply block port 5060. A point-to-point VPN is a better solution since it will work with almost any ISP, and typically the connection can be used for more than just voice.

    http://www.brekeke.com/products/products_sip_nat.php
    http://www.voip-info.org/wiki/view/NAT+and+VOIP

    +
    0 Votes
    chinesehkl

    robo_dev,
    Sip server i used is based on asterisk (PBXinaFlash) and in local network. Can PBXinaFlash perform NAT traversal? Do you mean VPN solution can solve both NAT issue and ISP firewall problem? Internet connection is slow (512kbps) at one end (PSTN side) so will there be voice quality problem considering encryption/decryption nature of vpn method? and tks for sharing the links.

    +
    1 Votes
    jhoward

    512Kb dedicated for VOIP or a DSL line used for other stuff as well? This along with the CODEC used will determine the number of concurrent calls you can expect before bandwidth becomes a call quality issue. Keep in mind bandwidth is usually not the culprit for call quality but rather QoS. The main reason people usually have issues with VOIP is they try to use SIP trunks over public internet where neither the user nor the trunk provider have control over the middle network resulting in sporadic problems that neither end can do anything about. Don't get me wrong it is entirely possible to have good calls over the public internet - you just never know when something in the middle will cause an issue.

    On a side note to the above caution - A VPN to the other server (TCP based with very lightweight encryption) can actually help voice quality over the public internet in some cases by reducing the number of lost packets - YMMV.

    Another option to look at (or combined with a VPN):
    Since you are Asterisk based on at least one end you could also have a local asterisk server that takes SIP from the phones and uses an AIX2 trunk to the far end server. AIX2 uses a single port for RTP and messaging which solves a lot of the NAT problems and also reduces some of the messaging bandwidth overhead from SIP - although not likely to make a difference in this case. You can also specify a port for AIX2 to use to get around a providers limitations.

    +
    0 Votes
    chinesehkl

    xDSL line 512kbps is a shard common line, but i can make sure it to be indirectly dedicated for VoIP by making some controls over users. For VPN setup, i'm thinking to use OpenVPN tunnelling. (with dd-wrt firmware) Thanks for introducing me about aix2 trunk, which seems better than sip trunk as you mentioned. Referring diagram in my question, i want to put sip server on LAN subnet and make 1 stage dialing to FXO gateway across public internet. Do u think this network setup can work? If I were to replace FXOgateway with GSM gateway, can i still establish aix2 trunk? sorry for the stupid questions.

    +
    0 Votes
    chinesehkl

    One more thing, I don't want to put another sip server on PSTN side to make sip/aix2 trunk. Can it be done?

    +
    0 Votes
    jhoward

    Do you manage the server/appliance that is the FXOGateway? What is this FXOGateway - Adtran, Asterisk w/ FXO cards, etc.?

    There are quite a few options here but a VPN might be the simplest especially with regards to SIP and NAT.

    Feel free to take this offline if the details get too specific and you want to send me a PM. We can always post the overall solution later in case anyone else has a similar question.