I have just signed up with new VOIP service with VOIPo. They sent me a Grandstream ht702 voip router, and I installed it by connecting it to my 8 port switch which is behind my clearos 6.6 server. My old service (RingTo with an Obihai 202) worked just fine, but they have phased out the Obi device, so I needed to switch. I didn't need to open any incoming ports for the Obi device, and that device was also connected to the same switch the Grandstream is now connected to.
I cannot make outgoing calls. I can receive calls. According to VOIPo tech support, I need to port forward UPD 5004-65000 to the grandstream in order for the adapter to work. I find that ludicrous, especially since I have never had to open ports before with voip, which I have been using for 7 years now (incidentally, I have used VOIPo in the past, and I didn't have to open UDP ports then, either). I thought voip always registered with the SIP provider, making everything outgoing traffic so that incoming firewall rules wouldn't be necessary?
I have read numerous posts around the web stating that people haven't needed to open any ports for their various voip routers to work. So I clearly have something mis-configured in my clearos server that is preventing the service from working.
I have the egress firewall app installed, and there are currently no rules defined (nothing is blocked that is outgoing). Qos is installed, I am using authentication proxy with content filtering, and the intrusion detection app is running (no subscription). Not sure what else might be of interest to troubleshooting this.
VOIPo also suggested putting the grandstream in the dmz, which I really don't want to do. I've heard of too many horror stories of script kiddies forcing unprotected voip adapters to ring the phone at all hours of the day and night.
Anybody have any ideas?
Thanks,
Dirk
I cannot make outgoing calls. I can receive calls. According to VOIPo tech support, I need to port forward UPD 5004-65000 to the grandstream in order for the adapter to work. I find that ludicrous, especially since I have never had to open ports before with voip, which I have been using for 7 years now (incidentally, I have used VOIPo in the past, and I didn't have to open UDP ports then, either). I thought voip always registered with the SIP provider, making everything outgoing traffic so that incoming firewall rules wouldn't be necessary?
I have read numerous posts around the web stating that people haven't needed to open any ports for their various voip routers to work. So I clearly have something mis-configured in my clearos server that is preventing the service from working.
I have the egress firewall app installed, and there are currently no rules defined (nothing is blocked that is outgoing). Qos is installed, I am using authentication proxy with content filtering, and the intrusion detection app is running (no subscription). Not sure what else might be of interest to troubleshooting this.
VOIPo also suggested putting the grandstream in the dmz, which I really don't want to do. I've heard of too many horror stories of script kiddies forcing unprotected voip adapters to ring the phone at all hours of the day and night.
Anybody have any ideas?
Thanks,
Dirk
In VoIP and PBX
Share this post:
Responses (6)
-
Accepted Answer
Just for closure, I ended up provisioning my Obi202 to work with the VOIPo service (I wasn't aware I could do that when I started this process), and now all is well. I don't need any incoming ports open on the firewall for the Obi. Not sure why VOIPo can't make the Grandstream do this, but whatever...
Thanks to all of those who replied! -
Accepted Answer
-
Accepted Answer
I wish I could accept all 3 responses as the answer, because they are really all correct. I never bothered to read the manual because I don't have access to the "Advanced Settings" tab in the router (it's provisioned by VOIPo), so I couldn't change anything there if I wanted to. I went and read the manual section about Net Settings per Tony's advice and recommended setting changes (configure the STUN server) to VOIPo. They said that they can't change any of those settings
Peter, what service(s) would you recommend should I try to continue with my Obihai? The Obihai 202 is mine and I can do what I want with it. $60 for 1 phone line would be fine with me.
Thanks,
Dirk -
Accepted Answer
Another silly question and a few thoughts...
1. I note you use authenticated proxy. Did you set up the Grandstream to authenticate?
2. I agree with Frederik, that either STUN or ICE is required. I use STUN and it works like a dream. However, VOIPO does not advertise supporting STUN so you need either setting it up using a public STUN server - anyone will do - or find out how you set up STUN (or ICE) with VOIPO.
3. I notice from VOIPO's installation instructions that the Grandstream appears to be provisioned over the net. The Proxy Server may get in the way of the provisioning process. I once had that problem. Explaining the issue to my VOIP provider enabled them to resolve it from their end.
Either way, opening ports or otherwise exposing the Grandstream directly to the internet should be avoided at all cost. If you can't get the VOIPO service to work, I suggest dropping them in favor of buying your own voip box (or use your old Obihai 202 if its open for configuration) and then using one of the many voip services that do not wall you into a closed garden. That's what I do and have done for the last 10 years. It works like a dream and costs me about $60 a year for two incoming phone numbers (US and Denmark respectively) and unlimited outgoing national and international calls. The wife loves it!
Cheers,
Peter -
Accepted Answer
-
Accepted Answer
Dirk,
First of all, and this is the basic problem: The SIP protocol was never designed to work with NAT (unfortunately if you ask me...). That is it. So SIP will never work OK if you somewhere in the path have a NAT-translation of the IP addresses.
However, there are a number of work arounds to make VoIP to work.
- Use different protocols than SIP (I think Skype is a good example)
- Introduce STUN and ICE
- Uppgrade your NAT "firewall" to also include a SIP proxy (or a good SIP ALG). Unfortunately this is not very common and I do not think ClearOS has this functionality.
- Open up a range of ports in your NAT "firewall" and forward them to your SIP device so it can be reached from the "outside". Apart from TCP/UDP port 5060, about 10 UDP ports or so should be enough for media. But it is important I believe to configure it in the Grandstream as well so it knows which ports it can use.
My guess is that your old Obi box used STUN and ICE, but the new Grandstream is not (or not yet configured by you to do it).
My recommendation is to search on the Internet for the best solution. You will find that this is a VERY common problem. Sorry...
/Fred
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »