[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-user
Subject:    Re: [IPCop-user] IPCop and VoIP compatibility
From:       David W Studeman <dave () davestudeman ! com>
Date:       2014-07-17 14:54:36
Message-ID: lq8o3e$min$1 () ger ! gmane ! org
[Download RAW message or body]

Brad Morgan wrote:

> A non-profit that I provide IT support for is considering a purchase of a
> VoIP system from Intermedia. They provided the following to the
> non-profit. Does anyone know if IPCop is going to be an issue?
> 
 No issue, the next version will be more in line with your requirements as 
I'll outline below.
> 
> Thanks for your help.
> 
>  
> 
> Brad
> 
>  
> 
> General Linux firewalls/routers known Issues:
> 
> SIP ALG needs to be disabled.
> 
> A module that controls RTP traffic needs to be loaded.
> 
>  
> 
> Resolution:
> 
> Your IT or whoever setup the Linux firewall will need to make the changes
> below.
> 
>  
> 
> The site below explains that a kernel module nf_nat_sip needs to be
> unloaded in order to disable SIP ALG.

It is not loaded by default and will not be.

> For RTP, the nf_conntrck_sip module needs to
> loaded to prevent audio problems.

The next version of IPCop will load this automatically. Any options can be 
put into /etc/modprobe.d/local.conf. 
  
> 
> The instructions below may vary slightly, depending on the variant of
> Linux.
> 
> http://wiki.freeswitch.org/wiki/ALG
> 

They do vary but it is figured out for IPCop. Your post led me to looking 
into this since I am an avid VOIPer so you helped a lot here, thanks! I 
posted to the devel list and it is now being included in IPCop 2.1.6. Don't 
worry though, nf_nat_sip (the deadly SIP ALG module) will NOT be loaded. 

I soon realized that nf_conntrack_sip solved a problem I was having with one 
of my three VOIP providers in that they expected your firewall to maintain 
the sip signaling connection for at least 600 seconds whereas without this 
module, IPCop only kept it open for 180 seconds or so (don't have the exact 
number) without it. The default for the module is 3600 seconds but the clock 
goes back to 3600 whenever the provider sends a keep alive. With the one 
provider, it goes down to 3000 seconds and then jumps back to 3600 seconds. 
Other providers jump back up every 180 seconds or so. No harm in leaving it 
at 3600.

Of course as you know from your research, if one uses encrypted sip, the 
module will do nothing so it is up to the sip client.
-- 
Dave Studeman
http://www.raqcop.com 



------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-user
[prev in list] [next in list] [prev in thread] [next in thread]