In my mikrotik i have tried everything that i have read on this forum about SIP.
I have tried a complicated script for packet mark and prioritizing too… but… my phone not register to the voip provider…
It is so weird that a so simple thing not work!!
I’m inspecting connections, there is a little traffic from the UDP 5060 and 5061 port related to SIP registration… but it fails ever…
I’ve tried to set the voip phone with dynamic ip or static ip too, tried to make static in DHCP Leases, etc etc…
Now i’m desperate!
See here:
sip-mikrotik.PNG
Is it correct that the connection works in this manner?
The ip that start with 77.89.xx.xx is the dedicated IP from internet WAN.
Why ports are changing? Voip provider require 5061 in settings, why i see 5060 in connection?
Voip registrations would use very little data. Your phone is sending and receiving on port 5060, voip provider is sending and receiving on port 5061. That’s why you see two ports in the connection info window. That’s ok.
Your settings look correct. Next step in troubleshooting is to go to Tools > Packet Sniffer and capture packets (and save it to a file on the Mikrotik). You can filter by your device IP or voip server ip. After some packets are captured, stop the capture view the capture file in Wireshark. Or post the capture file on this forum. Maybe the server is replying with an error message.
Ether3 is the lan port for the subnet 192.168.1.0/24
“LAN” is a bridge.
This is the packet sniff for all interfaces:
packet-sniff-eth.PNG
This is a packet sniff for the ip of gigaset (only ether3)
packet-sniff-all.PNG
I don’t see traffic for the eth1 that is the WAN port, is it normal?
Does the mikrotik router have the public IP itself, or is connected to the provider router through a private address WAN on the Mikrotik?
That packet indicates the phone is asking for a SRV type DNS record for _sip._tcp.sip.messagenet.it, which doesn’t exist. These SRV DNS records are often used by SIP equipment for dynamic configuration of sip server ip address and port when “auto” or stun/proxy server settings are used.
Do you control such DNS server?
This query is most likely triggered on the C610 by the proxy setting. Have you tried setting it up for a “direct” connection with no proxy setting, i.e. just the server and port?
We have a router from fiber connection provider that we can’t touch, so a lan cable is connected to the mikrotik.
In Mikrotik we have set ip, subnet, gateway and dns that the provider of fiber connection give us.
That packet indicates the phone is asking for a SRV type DNS record for _sip._tcp.sip.messagenet.it, which doesn’t exist. These SRV DNS records are often used by SIP equipment for dynamic configuration of sip server ip address and port when “auto” or stun/proxy server settings are used.
Do you control such DNS server?
messagenet.it is voip provider, and i have a gigaset with this settings
ConnessioniC610A_IP.png
Configurazione-IP_C610A-IP.png
This query is most likely triggered on the C610 by the proxy setting. Have you tried setting it up for a “direct” connection with no proxy setting, i.e. just the server and port?
Are you using fasttrack?
I have tried with proxy outbound on “never”, no luck!
No, i’m not using fasttrack, i don’t know what it is
You have the WAN IP assigned to ether1, and that same interface added to the LAN bridge where you assigned private ips “on top”.
When adding interfaces to bridges, IPs, services, etc should be assigned to the bridge, not to individual interfaces as this can lead to unpredictable behaviour.
On top of that you used same bridge horizon values for the interfaces in the bridge, then used the firewall…
To firewall in Layer3, wan ether port shouldn’t be on the same L2 segment as the LAN ports.
What do you exactly want to achieve with such configuration?
Try removing ether1 from LAN bridge, and reboot. Does the phone register now?
I’d cleanup your configuration following best practices:
1.- Isolate WAN port (remove it form the bridge)
2.- If you want to serve different network segments:
delete the LAN bridge
Assign IP addresses on each ether port
3.- Create a multiple DHCP server instances, on top of each interface, so that you can control each dhcp server individually depending on network.
4.- (If you want all the networks to reach the internet) change the firewall masquerade rule to
I have only followed pieces of information that i have read in this forum and in the wiki.
Try removing ether1 from LAN bridge, and reboot. Does the phone register now?
Did you mean removing the “port” ether1 from LAN bridge? Right?
I’d cleanup your configuration following best practices:
1.- Isolate WAN port (remove it form the bridge)
2.- If you want to serve different network segments:
delete the LAN bridge
Assign IP addresses on each ether port
3.- Create a multiple DHCP server instances, on top of each interface, so that you can control each dhcp server individually depending on network.
4.- (If you want all the networks to reach the internet) change the firewall masquerade rule to
>
So, i have do all things wrong :frowning:
I will wait that our office is empty and the i will try!
thanks!!
PS: if in one interface (for example ether3) i want two subnets because i have a wifi accesspoint that can handle multiple ssid and vlan?
This appears to be from the LAN side only, do you also have a trace from the WAN side? I can see your device is sending REGISTER requests but doesn’t receive a response.
This could be because your provider is not implementing NAT traversal and the responses are going back to 192.168.1.22, or it could be that your F/W is blocking the responses.
A WAN side SIP trace should indicate what’s going on.
too much indexable data!