ISP SIP configuration

RouterOS Beginner Basics
1

So, I need to forward my ISP SIP service from a Mikrotik hEX S to all connected devices. The authentication part would be done client side, both on a Computer and a Phone (Zoiper). I extracted the following configuration from my ISP provided router: Mitrastar GPT-2542GNUAC:

 Global Parameters:
------------------
BoundIfName          : Multi_WAN
IP address family    : IPv4
Management Protocol  : TR69

Service Provider 0:
--------------------
   Associated Voice Profile: 1
BoundIfName          : Multi_WAN
BoundIfList          : veip0.2
IP  Address          : 0.0.0.0
   Locale                  : BRA
   DTMFMethod              : RFC2833
   DigitMap                : (x.T|*x.T|#x.T|*x.#|#x.#|*xx*x.#|*xx*xxxx*xx#|*xx*xxxx*xxxx*xxxx#|#xx*xxxx#)
   T38                     : off
   RTPDSCPMark             : 46
   SIP:
      Domain               : ims4.vivo.net.br
      Port                 : 5060
      Transport            : UDP
      RegExpires           : 3600
      InviteExpires          : 1800
      RegRetryInterval     : 120
      DSCPMark             : 46
      Registrar Addr       : ims4.vivo.net.br
      Registrar Port       : 5060
      Proxy Addr           : 10.23.240.111
      Proxy Port           : 5060
      OutBoundProxy Addr   : 10.23.240.111
      OutBoundProxy Port   : 5060
      Timer B ( in ms )    : 32000
      Timer F ( in ms )    : 32000

   Account 0:
   -----------
      ActivationStatus        : Enabled
      VoipServiceStatus       : Disabled
      CallStatus              : Idle
      PhysEndpt               : 0
     Extension               : +45**********
      URI                     : sip:+45*********@ims4.vivo.net.br
      DisplayName             :
      AuthName                : +45***********
      AuthPwd                 : ******************
      TxGain                  : 0 dB
      RxGain                  : 0 dB
      CALLFEATURES:
         CallWaiting          : on
         AnonymousOutgoingCall: off
         AnonymousCallRcvBlock: off
         DoNotDisturb         : off
         SpeedDial            : off
         WarmLine             : off
         WarmLineNum          : 1210
      CODECSETTINGS:
         VAD                  : off
         pTime                : 20
         CodecList            : (0) G.711ALaw
                                (1) G.729
                                (2) T38
                                (3) NTE

As I understand, I would have to open the port 5060 (UDP) and forward from and to my ISP Proxy Address - 10.23.240.111.

The SIP service is provided by my ISP through VLAN 30, which is already set up and working on my Tik. I’ve also disabled the SIP ALG service as pointed by the Wiki. My problem is opening and forwarding this Port/Proxy, since I haven’t got much experience with Networking and Tik yet, I would really appreciate some help on setting this up.

Detail: I’ve tested this configuration on generic routers such as the Mitrastar mentioned and TP-Link and everything works fine. There’s no hardware blacklist that I know of on the ISP side.

2

Any possible help at all here? I’m not looking for a guide, just directions… Anyways. I completely forgot to include a static route to the ISP proxy address (10.23.240.111). Now I’m able to ping and tracert this address from my Mikrotik.

Still… I’m having a final issue here. The proxy is not reaching my LAN devices. Being very novice in Networking, I will make more assumptions here and say that my routes are misconfigured. I think I probably need to redirect my route from vlan30 (which reaches the ip 10.23.240.0/23 range) to bridge (connected LAN devices) in order to make the proxy available locally.

Here is my route configuration on Mikrotik. I hope anyone is able to tell what’s wrong:

  #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
       0 ADS  0.0.0.0/0                          pppoe-out1                1
       1 ADC  10.22.64.0/19      10.22.75.213    vlan30                    0
       2 A S  10.23.240.0/23                     10.22.64.1                1
       3 ADC  ****************  ***************   pppoe-out1                0
       4 ADC  192.168.88.0/24    192.168.88.1    bridge                    0
3

Have you tried proxy-arp on the vlan interface?

4

Just tried that. No success. Even when I try to bridge from Mikrotik to the generic routers it doesn’t work.

My scenario is supposed to be simple:

PBX and softphones behind NAT/Firewall on LAN. VoIP Trunk or provider on a public IP (Proxy address). All that provided by vlan 30.

5

I don’t think you need to perform port forwarding in your use case. Since you have already added the static route to your SIP proxy there are only a couple more changes I would do.

Typically connections to telco SIP servers are very restrictive, and my assumption is that you will have to perform only source NAT (or masquerade) on VLAN30 interface of the MikroTik. The simplest one would be (change vlan30 to the name of the interface on your router):


/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan30

Be aware to check all the NAT rules, place the one I have mentioned on top of NAT table.

In addition to NAT, you might have to set up the DNS A record for the ims4.vivo.net.br domain if you are not able to resolve it outside of the original SIP client. If you use MikroTik as DNS server in your network and assuming that the proxy IP matches the mentioned domain, you can enter this on your MikroTik box:


/ip dns static
add address=10.23.240.111 name=ims4.vivo.net.br ttl=1w

All these steps are only to help you authenticate your devices to SIP proxy server. Once you have your devices logged in to SIP proxy and only if your calls have some kind of issue (one way or no audio, no ring tone, etc), you can think about changing SIP ALG settings.

6

Very clever answer. Especially in regard of setting up a DNS A record, that solved my problem and now I have a fully working phone at my home, without relying on crap ISP hardware! Thank you very much for the support che.

I also realized I was missing the DHCP client for the vlan…Huge mistake.

Anyways, I know a fair amount of people using this specific provider with the same issue, and there are several discussions on other forums regarding this SIP setup without any solution. I’m leaving my router config here for the sake of documentation and struggle spare of others:

VLAN and DHCP:

/interface vlan print
Flags: X - disabled, R - running
 #   NAME                      MTU ARP             VLAN-ID INTERFACE
 1 R vlan30                   1500 enabled              30 ether2 

/ip dhcp-client print
Flags: X - disabled, I - invalid, D - dynamic
 #   INTERFACE          USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS        ADDRESS
 0   vlan30             yes          yes               bound         10.22.76.14/19

Routes:

 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          pppoe-out1                1
 1 ADC  10.22.64.0/19      10.22.76.14     vlan30                    0
 2 ADS  10.23.240.0/23                     10.22.64.1                1
 4 ADC  192.168.88.0/24    192.168.88.1    bridge                    0

NAT:

/ip firewall nat
 0    chain=srcnat action=masquerade out-interface=vlan30

DNS

 /ip dns static
 0    ;;; defconf
      router.lan                                                            192.168.88.1                                                    1d
 1    ims4.vivo.net.br                                                      10.23.240.111                                                   1w
7

Hello scyron, good evening!
I’m trying to achieve a similar scenario, that is, use voip handset to authenticate directly in the SIP (Vivo) provider. However, I got stuck in enabling the routing of my internal LAN (192.168.x.x) to the private address space of the provider (10.23.240.111 and 10.176.128.32). I can see that when connected to the Vivo router I have no routes to this range, but I failed in configuring it… any chance you could give me some guidance on how you did this?
Thank you!