Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

26 posts


# 236121 18-May-2018 18:38
Send private message

I have been migrating from the Orcon router to an EdgeRouter Lite but am having troubles getting the VOIP service working.


I have the following set up:


         Chorus NTU -> EdgeRouter Lite -> Unmanaged Switch -> NF4V




This works!  But when I remove the unmanaged switch and connect the NF4V directly into the ERL the VOIP status stays down. 


The NF4V can still ping external addresses including


I just don't know what the unmanaged switch could be doing that's making a difference.





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
1400 posts

Uber Geek

  # 2018513 18-May-2018 18:52
Send private message

Have you turned off the VLAN tagged WAN interface on the NF4V?



This is under
Advanced setup
--Layer 2 Interface
---ETH interface

Connection Mode should be DefaultMode or similar.

336 posts

Ultimate Geek

  # 2018521 18-May-2018 19:10
Send private message

The other ERL3 port you are using is on another subnet and can't communicate to main LAN
You need to do some more fiddling with settings to get the port the NF4V is on to link with main LAN


Below is modified version of what I use to see modem on eth0 (WAN) side of my setup
You will need to port forward port 5060 to the IP you give the NF4V
UPNP2 might also be needed as you are crossing Subnets
Below assuming eth1 = LAN and, eth2 is where NF4V will be an on
Give the NF4V and ip in the range (not 001) before putting on ERL3


CLI commands to setup, you may need to play with these to allow for your settings


#setup eth2
set interfaces ethernet eth2 address
set interfaces ethernet eth2 description 'NF4V/VOIP'
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 mtu 1500
set interfaces ethernet eth2 speed auto


#allow  eth2 to be seen from eth1
set service nat rule 5000 description 'Call this what you want'
set service nat rule 5000 destination address
set service nat rule 5000 outbound-interface eth2
set service nat rule 5000 source address
set service nat rule 5000 type masquerade


#Port forward setup
set port-forward auto-firewall enable
set port-forward hairpin-nat enable
set port-forward lan-interface eth1
set port-forward lan-interface eth2
set port-forward rule 10 description VOIP
set port-forward rule 10 forward-to address
set port-forward rule 10 forward-to port 5060
set port-forward rule 10 original-port 5060
set port-forward rule 10 protocol udp


Hope this helps and makes sense


26 posts


  # 2018532 18-May-2018 19:30
Send private message

I have deleted and recreated the eth4.1 interface under "WAN Service" so I could remove the VLAN 10 tag.


Under the Layer2 interface, ETH interface setup it has eth4/eth4 Connection Mode set to "VlanMuxMode".  I tried recreating this interface in case there was another option available for the connection mode, however, I wasn't able to select anything else.



26 posts


  # 2018533 18-May-2018 19:34
Send private message

freakngeek - I'm not trying to pass traffic between the two LAN ports.  Just have the NF4V connect out to the internet for VOIP 5060 traffic.




It's my understanding that you don't need port forwarding for a SIP client. And this seems correct as VOIP services work fine if I have an unmanaged switch between the ERL and NF4V.


But I'll review what you've posted and maybe try applying those settings in case there's some aspect that will help.



336 posts

Ultimate Geek

  # 2018562 18-May-2018 19:52
Send private message

Is the NF4V in AP mode ?
Or it will try and route against the ERL3 also trying to route, the switch would have allowed double NAT ?

I set my FB7390 in AP mode and it does my VOIP with the ERL3



26 posts


  # 2018590 18-May-2018 20:36
Send private message

Not sure I follow you re AP?  Access Point mode?


No - Wireless is disabled. 

336 posts

Ultimate Geek

  # 2018599 18-May-2018 21:03
Send private message

Hard to tell how you've setup your network, but looks like double routing happening


AP mode turns the NF4V into a switch then the ERL3 does all the routing
Not sure if in AP mode VOIP turns off, I don't have my NF4V yet
If it does, then turn off DHCP on the NF4V, plug ERL3 into a LAN port as WAN port may not work, VOIP should still work


Why even have have the ERL3 ?
Does it do anything else ?


481 posts

Ultimate Geek

  # 2018685 18-May-2018 23:19
Send private message



freakngeek - I'm not trying to pass traffic between the two LAN ports.  Just have the NF4V connect out to the internet for VOIP 5060 traffic.




It's my understanding that you don't need port forwarding for a SIP client. And this seems correct as VOIP services work fine if I have an unmanaged switch between the ERL and NF4V.


But I'll review what you've posted and maybe try applying those settings in case there's some aspect that will help.



For VOIP to work, you do need to open or forward the ports, and you need more than just port 5060.


Port 5060 is used for the SIP connection that sets up and manages the VOIP connections, but the actual phone calls are sent on different ports using RTP protocol.  For my FritzBox to operate behind my ERL3, I have to open UDP 5060 for SIP and UDP 7078-7109 for RTP.  The RTP connections come in pairs, one for the RTP with the actual call packets, and one for RTCP, which provides feedback about the call in progress, with error counts and sync data.  So the first call through the FritzBox will allocate UDP 7078 for RTP and UDP 7079 for RTCP.  If that call is still in progress and another call starts, it will use UDP 7080 for RTP and UDP 7081 for RTCP.  And so on up to the maximum number of calls the FritzBox will support.  The RTP/RCTP ports used commonly start at 7078, but it can vary between VOIP boxes, so you need to find out what the NF4V actually uses.  The RTP port numbers are negotiated using the SIP protocol on UDP 5060.  I think TCP 5060 can also be used for SIP, or both TCP and UDP, depending on your VOIP provider.


You might be able to get away with not opening port 5060, but only if the keepalive packets for the SIP connection to your VOIP provider happen often enough that the ERL3 will not timeout and close that port.  My experience says it needs to be open, as the keepalive packets send by my FritzBox are way too far apart and it will timeout.  The keepalive packet frequency is dependent on the VOIP software, so maybe the NF4V will do them often enough to keep the port open, but I would not risk it.


You do have to have the RTP UDP ports open, as the direction the first RTP or RTCP packet comes from depends on the direction on the call, inbound or outbound.  If the first RTP or RTCP packets are inbound from your VOIP provider, the ports will likely not be open and the call will fail.


One of the reasons for having a nice router like the ERL3 is all the extra things you can do with it.  So in this case, if the worst comes to the worst and you can not find out the correct RTP port numbers for the NF4V with Orcon firmware, you can use the ERL3 to see what is actually happening.  You set up SSH access to the ERL3 and using that, install tshark (the command line version of Wireshark) and use that to capture the port 5060 traffic, then use SSHFS or scp to download the capture file to your PC and get Wireshark to read it.  Wireshark knows the SIP protocol and you can see the port numbers being negotiated.  If you use tshark on the ERL3, make sure it stores its capture file to RAM disk - having it save to the internal flash stick kills the flash stick rapidly with too many fast writes.  The /var/log directory is where I store capture files.  PM me if you want help doing that.

336 posts

Ultimate Geek

  # 2018768 19-May-2018 08:01
Send private message

I just forward port 5060, nothing else on the FB7390 behind the ERL3
I think UPNP does the rest (incase of ERL3 UPNP2)


I bought the ERL3 to do the nice things it can do, but I don't run other routers in Router mode.
It's a brilliant router that needs some thought with all the other bits around it.
My Netgear R7800 does Wifi in AP mode, the FB7390 does VOIP in AP mode

336 posts

Ultimate Geek

  # 2018808 19-May-2018 10:02
Send private message

Just turned off Port forwarding on port 5060 on ERL3
Turned off Keep port forward open on FB7390
Rebooted FB to make sure it had to register VOIP number


VOIP still happily works

28264 posts

Uber Geek

Biddle Corp
Lifetime subscriber

  # 2018842 19-May-2018 10:26
2 people support this post
Send private message

If you're going to forward ports for VoIP (in any setup) you need to be fully aware of the risks associated with this. Port forwards (particularly 5060) open your device up to the entire Internet meaning it will be attacked by SIP bots literally within hours.


If 5060 needs to be opened and you don't have something like a SBC as a layer of protection it should be at a bare minimum have IP whitelisting in place. In 99.9% of VoIP setups port forwards are not needed.





336 posts

Ultimate Geek

  # 2019070 19-May-2018 16:57
Send private message

Taking above advise, and having a play


I now have FB7390 doing just VOIP on eth2 on ERL3
Setup a route so I can see it from LAN on eth1
I can see it, if I plug in via the FB LAN connection I can surf the web but I can't see eth0 or eth1
Port forwarding removed.
Only thing I had to do was change the DNS and gateway on FB to the eth2 IP address of router and set an IP on the FB so I can see it


@shadsnz you should theoretically be able to do the same with the NF4V behind the ERL3

26 posts


  # 2020037 21-May-2018 19:49
Send private message

Yes, that's effectively where I got to.




The issue is it works fine if I have a switch between the ERL and the NF4V.  But if I remove the switch and have the NF4V directly connected to the ERL then VOIP doesn't work (which other functions continue to work - like web browsing, DNS, and ping traffic).



1400 posts

Uber Geek

  # 2020045 21-May-2018 19:54
Send private message

You may need to manually specify the interface VoIP traffic is sent out.



Usually it is your WAN connection although depends on how you have things connected. Make sure a DNS server is also reachable by the router.



26 posts


  # 2020052 21-May-2018 20:05
Send private message

Thanks for the suggestion.  I checked that setting.  It was on "Any_WAN".  I tried changing it to "eth4.1" but that didn't help. 


No VOIP when the NF4V is connected directly to the ERL.  But works fine if I put a switch in between them.


Will start down the road of capturing packets and try to look for differences.





 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36

MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28

Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15

D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31

Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29

Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24

Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59

Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07

Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02

Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41

Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36

2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17

Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46

Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.