SIP connection problem (Cs or C not SACs)

Redmor · May 1, 2018, 9:07pm

Hello,

I have a problem with SIP connections and I can’t determine what’s causing it.
Here’s the RB’s configuration for SIP:
My RB has got two pppoe-clients, one for Internet connection with NATs and queues on server, and one only for VoIP without NAT or queues on the server.
I have two separate LAN networks for Internet and SIP, two different /24.
For both /24 I have two masquerade with out-interface the pppoe client for that /24 (Internet/24 goes to pppoe Internet, SIP/24 goes to SIP pppoe).
SIP/24 has got a routing mark, and there’s a route with gateway SIP pppoe client only for SIP/24.
On the PPPoE server there isn’t NAT between SIP PPPoE clients and SIP server, so there’s only one NAT between SIP server and client.
The problem is:
Sometimes, on several RBs, SIP connection goes Cs (Connected, src-natted) instead of SACs (Seen-Reply, Assured, Connected, src-natted), and if I remove the connection in connection tracking, it goes SACs.
What can be the problem?
I’ve also tried, with same devices, to make SIP client connect to the server of the phone numbers provider, and for that I have to make SIP client connect via Internet PPPoE Client, and in that case the connection is natted twice, but I never saw a connection go “Cs”.

I’ve already read this topic http://forum.mikrotik.com/t/troubleshoot-a-bug-like-situation-in-nat/102215/1 but I can’t be sure that the problem will be resolved.

mTwUser · May 2, 2018, 7:45am

http://forum.mikrotik.com/t/ppoe-sip-issue-bug-ticket-2018031922003491/118331/1

i sent supout to support etc etc… so far i haven’t gotten anything back.

msatter · May 2, 2018, 9:44am

You should receive a support number by mail. Support is catching up and the 1st of May was probably a free day for them.

Redmor · May 2, 2018, 9:49am

I read the workaround, but remove the PPPoE client isn’t a solution, why it should work sometimes and other times it shouldn’t?
That’s not the solution

Redmor · May 16, 2018, 8:42am

Edit: Firewall solution isn’t working.

I’m trying this: /ip route rule add action=lookup-only-in-table src-address=SIP client IP table=voip

action=lookup-only-in-table should prevent SIP client to go through Internet PPPoE

NOT WORKING:

I have a solution:

/ip firewall filter add action=drop chain=forward comment=“DROP VoIP over main routing table” routing-table=!voip src-address=[SIP client IP or network]

In my case, I have a routing mark called voip with a network as src-address.
As said Janis from Mikrotik Support, if default route with mark “voip” goes down, my SIP client tries to reach server via main route, but it can’t be src-natted because I have out interface on src-nat rule.
With this I solved, and also reducing timeout of SIP in Service Port or disabling it.

amirkarimi02 · July 10, 2024, 7:06am

Can you please give more details about your solution, because also i have this problem in my trunks.

sindy · July 10, 2024, 9:32am

Can you please give more details about the problems on your trunks?

I mean, are you sure that your configuration is 100% the same like the OP’s one an thus the same solution will help? In general, as you mention trunks, it is well possible that the SIP ALG is unable to deal with them - it cannot handle cases where RTP and SIP of the same call use different addresses on the LAN side.