Kitz Forum
Computers & Hardware => Networking => Topic started by: Weaver on April 17, 2018, 05:45:25 AM
-
I am ashamed to say that years have passed and I have done little about sorting voip out properly. I have failed to get voip working directly into a box on the lan, too befuddled and too much pain to debug it, and it may be that voip through a multi-line bonded dsl link isn't viable anyway for all I know, especially given that the upstream is very ‘odd’ in performance terms as one line is quite a bit faster upstream than the other two [12-15%], for some reason, also my chosen huge interleave imposes sizeable latency.
I have a Siemens N300 VoIP box which I got from AA, my ISP. AA staff would definitely be up for sorting it out but I just don't have the stamina or the tools. I'm not 100% sure if I have the firewalling correct for it. I've read the requirements carefully several times but I may have missed something. I think I did get this bit right because an earlier Siemens box, same model, did sort-of work in the distant past, but was not reliable. I think it was perhaps possible that it would fail when the network was loaded with other traffic, which if true is very very bad, lack of proper QoS marking or handling. For some reason, I ended up with a replacement box, can't remember why. The second one never worked, just completely fails 100%.
My questions:
* Has anyone got voip working properly over dsl?
* Does it work even when the network is loaded flat out?
* Got a slow link?
* Has anyone tried and failed to get voip working at all? Or got something that half works?
* Anyone out there with line bonding?
The problem is that it's just to easy to leave things unfinished. I can simply use AA’s redirect facility where they reroute calls to Mrs Weaver’s mobile phone over the normal phone network. I don’t think Mrs has noticed any audio quality or reliability problems with such a half-voip (or less; half voip at the very most) system. So because that is good enough and she has voice mail anyway if her mobile has no signal, then there is little motivation to summon up the energy and restart the gruesome attempt to get full 100% voip going via the Siemens box. I’m so full of pain drugs these days that everything seems to be in a spin.
Router: I am aware that Firebrick routers have special directives in their config now for VoIP support, but I have never used these. I don't know why they are needed, perhaps something to do with NAT mitigation? I have zero NAT. If there is more to it and they must be used because of say QoS or something to do with special firewalling exceptions then I should be using these voip directives and maybe that is why nothing works. But people used to manage ok somehow before Firebrick software upgrades brought these new voip-awareness directives, and my config is from that era, so I'm just guessing that NAT users are the people who really need this new config technology.
-
Hi Weaver great to have you back. :)
I use the Firebrick as my SIP gateway to AAISP which I understand removes the need to do NAT, but my rules do accommodate this as I initially had the N300 talk directly to Voiceless. I have two bonded lines and it works fine. I did change the QoS setting on my modems to prioritise upstream traffic by packet size. Take a look at my working configuration settings, they may help with your setup.
Here is my VoIP rule-set:
<rule-set name="Incoming Firewall Rules"
no-match-action="continue">
<rule name="SIP"
source-ip="81.187.30.110-119 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48"
target-ip="192.168.1.0/24"
target-port="5060-5069"
action="accept"/>
<rule name="RTP"
target-ip="192.168.1.0/24 90.155.3.0/24 90.155.103.0/24 2001:8b0:0:30::5060:0/112 2001:8b0:5060::/48"
target-port="1024-65534"
protocol="17"
set-graph="RTP"
action="accept"/>
</rule-set>and the VoIP config. Replace the username etc. and password with the carrier credentials from the control page. The credentials in the telephone configuration can be to your chosing and are used in the N300 connection settings (see attachment).
<voip comment="VoIP Services">
<carrier name="AASIP+44nnnnnnnnnn”
allow="81.187.30.110-119 2001:8b0:0:30::5060:0/112"
registrar="voiceless.aa.net.uk"
username="+44nnnnnnnnnn”
password=“xxxxxxxxxxxxx”
extn="+44nnnnnnnnnn”
max-calls="1"
comment="AAISP"/>
<telephone name="GigasetN300-A"
display-name="N300-AAISP"
username="N300-AAISP"
password=“xxxxxxxxxx”
allow="192.168.1.0/24"
ddi="+44nnnnnnnnnn"
extn="2001"
carrier="AASIP+44nnnnnnnnnn"/>
</voip>You can also set the IP Access List on the Outgoing tab on the control pages to restrict the IPs allowed to connect to your service for outgoing calls once you are satisfied it is working ok.
-
Brilliant vic, many many thanks for your generous post, so it definitely can be done. Mind you, I don't have any QoS facilities in my modems that I know if, so I could be in big trouble there. The Firebrick prioritises short packets, but stuff that has already gone into the modem's upstream ingress queue is beyond the reach of such a mechanism of course.
I will adapt those config rules when I am feeling a bit more with-it.
-
I may have got this utterly wrong but I thought that (in your specific case) it would be the Firebrick to apply the QoS rules before passing the data to the three pure dumb modems. :-\
-
You are, of course, correct. Looking back at the article I followed on the AAISP support site I now realise that it was referring to the device (VMG1312-B10A) running in modem/router mode, not bridged mode as is the case here.
-
The Gigaset N300 is very "firewall friendly" so it should essentially work with no special firewall configuration, assuming the firewall behaves in the normal way which is to permit pretty much anything outbound, but inbound to only allow replies to outbound packets. What are the issues that you experience, for example does it fail to register, fail on inbound or outbound calls, or one way audio or none?
-
I'll need to ask Mrs Weaver as it has been such a long time. The most recent thing though was that we couldn't seem to the phones to see it [vague]
I'll need to ask my beloved if she can find a mo to give it another look.