[WXC/VFX] PAP2t, Double Nat, first call after a period of time has one way audio

Forums › One New Zealand (including Vodafone, WxC, Farmside) › [WXC/VFX] PAP2t, Double Nat, first call after a period of time has one way audio

foufee

35 posts

Geek

#175671 7-Jul-2015 20:56

We have a Linksys Pap2t hooked up to a DD-WRT router, which is performing nat, which is in turned hooked up to a Ubiquity radio (from our ISP). I know that the radio is performing NAT aswell, and isn't forwarding any ports by default.
The PAP2t is being provisioned by http://voipzone.co.nz/spaconfig.cfg

The issue we have is that when we receive a call, most times, the first time they call, we can not hear anything (they can hear us fine), however, if they hang up, and call right back, then the call works fine.

This was working fine a while ago when we had a Trango that was in bridging mode instead of the Ubiquity radio doing NAT, we're not 100% sure, but we think that coincides with when the problem started.

I should be able to get some ports opened up on the radio, and the DD-WRT router if I wanted to do port forwarding (if that would help).

What do people suggest I do to test, verify, or help track down this annoying issue.

Cheers

1 | 2

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1338914 7-Jul-2015 21:28

One way calling is caused by NAT issues 99.9% of the time. Double NAT will always typically break VoIP.

foufee

35 posts

Geek

#1338915 7-Jul-2015 21:31

Why does it work though if they call straight back?

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1338921 7-Jul-2015 21:41

Probably a NAT pinhole in place allowing it. Without a full SIP debug it's not really possible to know exactly why.

foufee

35 posts

Geek

#1338943 7-Jul-2015 22:23

If I could get port forwarding on the Ubiquity radio, and on the DD-WRT router, would that more than likely solve the issue, if so, what ports would I need for WXC's service, from my reading I see that for SIP it would be 5060 and 5061 (UDP), but what is the port range for RTP?

Thanks

michaelmurfy

meow
13243 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1338954 7-Jul-2015 23:00

I wouldn't recommend simply forwarding ports - it can come with several consequences if you don't have a properly secured device.

Off the top of my head the Ubiquiti radio won't be running NAT - it'll be the device on the other end. If you simply get private IP addresses from the radio I'd start with disabling the routing functions on your AP so it passes over the DHCP from the ISP itself. Some routers also have SIP-ALG enabled that can in some cases cause voice issues, check if your router has this and try turning it off.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

foufee

35 posts

Geek

#1338996 8-Jul-2015 07:28

DD-wrt has the SPI firewall enabled, and currently the only other ports are being forwarded are SSH and HTTP.

I was present when the ubiquity kit was installed, and I can confirm it is doing NAT. It's external IP is 202.x.x.x and it's internal address is 192.168.5.1 and my router was modified to have the external IP address of 192.168.5.2, and allocates DHCP addresses on my LAN in the 10.0.1.x range.

I must admit I'm not overly keen on changing the router function to that of just a switch, and moving DHCP, and firewall etc to the ubiquity device as I have no control over the device.

Unfortunately the PaP2t is over 200m from the ubiquity kit, the ddwrt is co-located with the radio though...the joys of broadband in rural Wairarapa, so I couldn't have a switch between the radio and the router and put the pAp2t off that...
Hm, that has me thinking, I might be able to do it by installing a switch at the radio, this will enable me to hook up both wifi bridges to my house and the neighbours (I give free broadband to an elderly couple who can't get adsl), then at my house on the other end of the wifi bridge, the IP address will still be on the 192.168.5 range, and at which point I could have another switch, and run the pap2t off that and it will be in the single natted range. If I still wanted to I could then have the ddwrt box and then my internal network.

How secure am I hiding behind a ubiquity device with NAT enabled? For the last 15 years I've always had control of my firewall, and passing it off just seems odd, but then for that period, I've always just had a device that has a internet visible IP address to look after.

I might try that tomorrow during my day off.

Thanks.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1338997 8-Jul-2015 07:29

Port forwards should never ever be used with VoIP unless you're fully aware of the consequences. They also won't necessarily solve the problem. As I said without a full SIP debug it's not possible to know the exact cause, but it sounds very much like double NAT. The typical issue with double NAT is that SIP headers end up with the wrong IP address when double NAT occurs so can't be correctly routed.

The first question if why you have a double NAT setup. If this is what your ISP requires by default it's an extremely sub optimal setup.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

foufee

35 posts

Geek

#1338999 8-Jul-2015 07:35

The reason for double NAT is that my ISP had a bridged network and they are now switching to a routed network, and are allocating all the consumer side equipment to have private addresses instead of the public address. Because I had a personal router configured from before this change, I ended up with double NAT, ( my neighbours who also get broadband off my link) have ended up with triple NAT!!)
In my last post I think I have worked out how to reorganise the network to remove the double NAT for the PAP2t device, and I might just abandon my router altogether based on advice here.

maverick

3594 posts

Uber Geek

Trusted

WorldxChange

#1339004 8-Jul-2015 07:45

Mr Bibble will be right .. the nat isn't so much the problem its the pinhole being opened, this will occur when your device makes an outbound registration or make a call.

What is happening is that that outbound traffic opens a pin hole to allow sip traffic to work in both directions, what is then happening after a period of time the pinhole is closed and inbound sip traffic is getting blocked, this is an issue for UDP traffic , TCP shouldn't be a problem as it will keep the connection open

What is your registration timer set to ?

Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well

https://www.facebook.com/wxccommunications

foufee

35 posts

Geek

#1339013 8-Jul-2015 07:58

The "registration expires" is set to 3600.

maverick

3594 posts

Uber Geek

Trusted

WorldxChange

#1339019 8-Jul-2015 08:05

try setting this to 180

Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well

https://www.facebook.com/wxccommunications

foufee

35 posts

Geek

#1339026 8-Jul-2015 08:21

All done, I'll get my wife to call me later this morning to test it.... Certainly will be easier than rearranging the hardware!

foufee

35 posts

Geek

#1339076 8-Jul-2015 09:15

Well, we've received one phone call already, and audio was both ways. Looking good (well with a sample size of 1 anyway ;-) )

maverick

3594 posts

Uber Geek

Trusted

WorldxChange

#1339079 8-Jul-2015 09:16

well i wont say anything until you have done a few then

Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well

https://www.facebook.com/wxccommunications

k14

629 posts

Ultimate Geek

#1339114 8-Jul-2015 09:49

Funny you should say this. I have a PAP2T running on slingshot voip and have the same exact thing. I don't have any double NAT settings (well I don't think I do anyway) but quite often if I call someone I can hear them but they can't hear me, call back and all good. I have always blamed slingshot but maybe it is the PAP2T or router? I will see if changing the registration expires field to 180 does anything. We so infrequently use the phone that it never really has bothered me much.

1 | 2