[SOLVED] Soft phone on linux server does not work due to udp:50000?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Soft phone on linux server does not work due to udp:50000?
Hi everyone,
great forum. I'm running since more than 10 years a linux server behind my router (fritzbox which connects to the internet / dsl) and since a few year a home automation but I stumbled across a problem I need some advice.
My linux server has the ip 192.168.1.1 and is connected via ethernet to my fritzbox router on 192.168.1.2. My linux router has wifi and dhcp and does all the wireless stuff. My fritzbox is responsible for the ethernet and the dhcp on wired devices. Everything runs smoothly and I can get internet access with my smartphones connecting to my linux server which forwards it to the router. Also my self built home automation (fhem) runs on the server without any issues:
smartphone (192.168.2.xxx) wlp2s0 <--> linux server wlp2s0 (192.168.2.1) <--> linux server enp0s10 (192.168.1.1) <--> fritzbox (192.168.1.2) <--> dsl/internet
With one exception: on my smartphones I got an softphone app for my fritzbox. Basically it is a SIP to call others on a landline. When I connect my smartphones to my linux server wlp2s0 (192.168.2.1) I can ring other phones but voice is not transmitted in any direction. Affected ports by the sip are tcp 5060 and udp 50000:50100.
Now if I instead use a xiaomi wifi mini router instead the linux server which connects also via ethernet to my fritzbox and I connect my smartphones to this access point it works.
Additionally I installed an app on my smartphone to check which apps use which ips and ports. I found in the case of my smartpphone connecting to my linux server the sip:5060 is used. In the case where I connect to the xiaomi mini router the sip:5060 and additionally udp:50000.
Looks like the udp:50000 is missing on my linux server. Any idea how I could solve this?
> ip route
default via 192.168.1.2 dev enp0s10 onlink
172.16.0.0/24 via 172.16.0.2 dev tun0
172.16.0.2 dev tun0 proto kernel scope link src 172.16.0.1
192.168.1.0/24 dev enp0s10 proto kernel scope link src 192.168.1.1
192.168.2.0/24 dev wlp2s0 proto kernel scope link src 192.168.2.1
With one exception: on my smartphones I got an softphone app for my fritzbox. Basically it is a SIP to call others on a landline. When I connect my smartphones to my linux server wlp2s0 (192.168.2.1) I can ring other phones but voice is not transmitted in any direction. Affected ports by the sip are tcp 5060 and udp 50000:50100.
This is due to the SIP protocol not being NAT friendly.
SIP uses UDP/5060 for authentication and call setup, but the actual voice data is transmitted using RTP (Real-time Transport Protocol). The latter has no default port number.
During call setup, the calling party will inform the peer of the IP address and port number to be used for the RTP connection, but if that party is behind NAT, both will probably be wrong. In your case, the smartphone app will probably request RTP data be sent to 192.168.2.<something>/UDP/50000. Not only is that the wrong IP address, but at that point the NAT router hasn't even created a mapping for a UDP port. And even if it had, it would be an incredible stroke of luck if the external port number of that mapping happened to be identical to the internal port.
There are two ways to fix this.
Have the client send the external IP address rather than the NATed address. This requires configuration on the client side; you need to specify a STUN server somewhere in the softphone app.
STUN is simply a service that tells a VoIP client the IP address it's being NATed behind, and there are a number of public STUN servers you can use (Google is your friend).
Have the router/gateway modify the data inside the SIP control session to reflect the NAT mapping. This requires the router to contain an Application Layer Gateway (ALG) (also known as a "NAT helper") for the SIP protocol.
You may already have this module on your router, but it doesn't load automatically. Try modprobe nf_nat_sip and see what happens.
The Xiamo router probably contains a permanently enabled SIP ALG as well as ALGs for other NAT-unfriendly protocols that insert layer 3 references in their control streams, like FTP and PPTP.
I forgot: On recent kernels, the nf_conntrack module doesn't invoke NAT helper modules by default. You can do this manually with a rule in the "raw" table:
Code:
iptables -t raw -A PREROUTING -p udp --dport 5060 -j CT --helper sip
congratualations! I have never seen such a detailed, competent and helpful answer ever to any of my questions I had. This solution would not have come to my mind.
I tried
Code:
modprobe nf_nat_sip
and
Code:
iptables -t raw -A PREROUTING -p udp --dport 5060 -j CT --helper sip
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
