B4 i pull the rest of my hair out could someone help me figure out how to configure my mikrotk router to QUIT blocking calls to my pbx server behind the firewall … i’m newbie @ this and REALLY REALLY NEED to get this working asap
incoming calls work fine and last as long as you want …BUT all out going calls are dropped after 30 seconds and my voip terminator and a lot places i have read say it sounds like a firewall issue … i even tried using just port 4569 udp but no matter what type of registration setting i use it drops dead after 30 seconds …
i’m told the voip provider / terminator is not getting the reply from my pbx behind router firewall and dies …
when i connect directly to the voip provider with xlite softphone using a direct connection on a network that provides auto nat transversal i can make calls
i’m sorry you lost me huh??? a what ?? i’d be glad to provide you any info you need … but kinda new to this … guy left me hanging and don’t know what to do .. .you can contact me by IM if you like oilfield123@hotmail.com or yahoo IM) i really appreciate any help
Do you have the SIP helper enabled (/ip firewall service-ports), and is it set for the ports you use? Are you accepting established and related traffic in the firewall, if you have any drop rules?
i NEED to know if mikrotik does PAT in addition to NAT when passing sip traffic becuz IF it does that is my problem right there …i just talked to a friend @ the university that works with asterisk a lot and asked me if mik does PAT when doing NAT for asterisk which will mangle it beyond recognition … pls let me know asap…
PAT simply is NAT overload, where many private IP addresses share one public IP address that they are translated to. If you’re masquerading traffic or using src-nat with just one to-address for an entire network, you’re doing PAT.
If you’re translating the one private IP address for a VoIP server to one public IP address, you’re doing what your friend is referring to as NAT.
That “RouterOS does PAT in addition to NAT” doesn’t make much sense as a statement. PAT is a form of NAT, and unless you have rules for multiple interfaces that the traffic traverses RouterOS is not going to NAT a connection more than once. There isn’t an issue as such with PAT’ing SIP connections as long as the device that does PAT inspects the packet so it know about related connections.
Again: Do you have the SIP helper enabled (/ip firewall service-ports), and is it set for the ports you use? Are you accepting established and related traffic in the firewall, if you have any drop rules?
Is your Asterisk in your LAN, or outside?
I have two line SIP adapter behind Mikrotik, registered to hosted PBX (pbxes.com) - no problems at all.
SIP helper is on. I set ports 5061 and 5062 as SIP ports.
this is exactly the problem i am facing everyone seems to have a " theory" i need to know for sure …
i was told by a supposed mikrotik “expert” sip helper does NOT help … others say it does which is it ???
i have a simple network setup with 1 public dynamic ip address on the router, one network card with 1 private internal network with 1 pbx server with a static internal ip address and 3 other computers connect to a switch … that’s it …
SIP is flawed protocol for VoIP, and it makes things very complicated. Every party comes up with their own workarounds, and in total you have so mane combinations so there simply can’t be a general rule on routers and VoIP.
For example, it all depends on:
do you use STUN
does your VoIP provider uses session border controllers
what sub-standard customizations the provider made to accommodate his average client setup
what SIP headers he relies on - there are so many approaches here
what SIP headers your SIP agents set
what SIP headers are changed by your PBX and router
I’d say - go to VoIP tech forum on dslreports.com and read, I spent countless hours there to make my system stable
so then what your trying to tell is that it’s a crap shoot … russian roulette per say … not ready for production use … only for testing purposes and good luck … mik " should" work with voip …
This whole issue has nothing to do with mikrotik, just as with any other router, SIP agent, or your beer fridge.
It’s flawed design (SIP for VoIP), and to make it work reliably ‘admin’ usually has to learn and try few things.
If you don’t like it - use Skype, implementation wise it’s much superior technology.
i beg to differ … prove me wrong … if your so absolutely sure that mik isn’t the “issue” here then you also must know what the solution is … talk is cheap … show me how to setup/ configure mik properly to work properly with sip … i can’t even get it work with properly with iax2 for pete’s sake something in mik router config is blocking rtp or something … if i knew why i wouldn’t be asking you guys would i ???
and why
when i swap mik out for a cheapy dlink 6 series router … i don’t have that problem
i connect directly to my voip terminator bypassing the router using x-lite calls are not dropped and works perfectly
when i try the same thing as above but thru the router it won’t even allow me to register …i have to use a specific ip adresss @ voip terminator that does automatic nat transversal to connect why ??
i’m sure i’m not the only guy having this problem… this is not a complicated network setup …very basic what wrong with mik ???
I know for a fact that MT isnt the issue. I have a built from source asterisk server behind my RB1000 and it works like a champ.
I allow 22,25,80,443 tcp and 5060,10000-30000 udp into it from outside. MT is not a SIP proxy. Its connection tracking works for outgoing connections, not incoming connections.
been there done that doesn’t work … something else in mik router is " still " blocking it … even tried 4569, 5038, calls dropped after 30 seconds…
this mik router was built & configured by one of the supposed certified " mik "consultants … i paid a lot of $$$$ to setup … like they say … talk is cheap and to put your $$$ where your mouth is LOL…
so either
he doesn’t know what he’s doing or…
this software based mik software isn’t capable of doing the job properly …
I would glady pay you or someone that actually knows what they are doing … if it’s really that simple (as i assume it should be) … “experts” like him give you a bad rap… makes people think it’s the product… and frustrates the heck out of people …
so … can you duplicate that success on our system …
30 sec ?
tipically, your voip server cannot receive sip packets about connection.
Check the firewall: you drop something between your pbx and voip server.
Try to nat everything from your public ip to your pbx.
been there done that …next! or should i say he did i assume … he says he did …
ummmmmmmmm yes 30 seconds hence the title been there done that … if i knew how to do this myself i :
wouldn’t be hiring someone else to do it
I wouldn’t be asking for help
so … does anyone know how to properly configure it or not ??? or like i have said many times i don’t think it’s even possible to do it with the software if so why can’t anybody get it working … ?
Your problem does not require any hidden knowledge.
30 sec is the typical timeout of voip pbx before they receive correct sip handshake messages: some ports are close (either by nat or firewall).
Just:
nat required ports from wan to your pbx
be shure your outgoing sip packets exit using the same ip address of natted public ip
change firewall rules to allow your data streams
How could you check the configuration ?
use packet sniffer to observe data flow
use action ‘log’ in firewall to check if something is dropped or not
been there done that … if i knew how to do this myself i :