[prev in list] [next in list] [prev in thread] [next in thread]
List: ipcop-user
Subject: Re: [IPCop-user] IPCop and VoIP compatibility
From: David W Studeman <dave () davestudeman ! com>
Date: 2014-07-17 14:54:36
Message-ID: lq8o3e$min$1 () ger ! gmane ! org
[Download RAW message or body]
Brad Morgan wrote:
> A non-profit that I provide IT support for is considering a purchase of a
> VoIP system from Intermedia. They provided the following to the
> non-profit. Does anyone know if IPCop is going to be an issue?
>
No issue, the next version will be more in line with your requirements as
I'll outline below.
>
> Thanks for your help.
>
>
>
> Brad
>
>
>
> General Linux firewalls/routers known Issues:
>
> SIP ALG needs to be disabled.
>
> A module that controls RTP traffic needs to be loaded.
>
>
>
> Resolution:
>
> Your IT or whoever setup the Linux firewall will need to make the changes
> below.
>
>
>
> The site below explains that a kernel module nf_nat_sip needs to be
> unloaded in order to disable SIP ALG.
It is not loaded by default and will not be.
> For RTP, the nf_conntrck_sip module needs to
> loaded to prevent audio problems.
The next version of IPCop will load this automatically. Any options can be
put into /etc/modprobe.d/local.conf.
>
> The instructions below may vary slightly, depending on the variant of
> Linux.
>
> http://wiki.freeswitch.org/wiki/ALG
>
They do vary but it is figured out for IPCop. Your post led me to looking
into this since I am an avid VOIPer so you helped a lot here, thanks! I
posted to the devel list and it is now being included in IPCop 2.1.6. Don't
worry though, nf_nat_sip (the deadly SIP ALG module) will NOT be loaded.
I soon realized that nf_conntrack_sip solved a problem I was having with one
of my three VOIP providers in that they expected your firewall to maintain
the sip signaling connection for at least 600 seconds whereas without this
module, IPCop only kept it open for 180 seconds or so (don't have the exact
number) without it. The default for the module is 3600 seconds but the clock
goes back to 3600 whenever the provider sends a keep alive. With the one
provider, it goes down to 3000 seconds and then jumps back to 3600 seconds.
Other providers jump back up every 180 seconds or so. No harm in leaving it
at 3600.
Of course as you know from your research, if one uses encrypted sip, the
module will do nothing so it is up to the sip client.
--
Dave Studeman
http://www.raqcop.com
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic