Fellow MikroTik enthusiasts --
My ISP assigns me a single dynamic public IPv4 address, and I run a small Asterisk SIP server on my LAN. In my MikroTik router I run a once-per-minute script that looks into the router's DHCP client and updates a dynamic DNS server if the public IPv4 address has changed.
My problem is (and has been for years) that if the public IPv4 address changes, there's enough outbound chatter to my SIP partners that the now-stale associated UDP/5060 connection table entries never time out, and so traffic for "existing" SIP connections exits my WAN interface with an obsolete source address and is presumably discarded immediately by my ISP.
I once imagined that a packet would never exit a src-NAT interface with a source address not currently assigned to the interface, but I was wrong. Experiment shows that it still happens, at least if the interface address was bound by the DHCPv4 client, the binding subsequently changed, and there was enough continuing traffic to keep the obsolete connection table entry alive.
The standard SIP UDP ports are dest-NAT'ed to the SIP server on my LAN, so the router's connection table shouldn't be necessary for SIP, but it is quite useful for other things. As I understand it, it can be either on or off but there are no finer-grain settings.
Over the years I've tried various workarounds with mixed success. For example, in my once-per-minute script I've tried removing all SIP connections involving my Asterisk server, like this
/ip firewall connection remove [find src-address="192.168.1.10:5060" protocol=udp];
/ip firewall connection remove [find reply-src-address="192.168.1.10:5060" protocol=udp];
where 192.168.1.10:5060 is the SIP port of the Asterisk server on my LAN.
A couple of years ago, the last time I looked at it carefully, those statements sometimes, although rarely, generated errors. So I surrounded them with
:do {
/ip firewall connection remove [find src-address="192.168.1.10:5060" protocol=udp];
/ip firewall connection remove [find reply-src-address="192.168.1.10:5060" protocol=udp];
} on-error={
:log info ("Couldn't remove :5060 UDP connections");
};
That worked better, but I still wasn't sure it worked perfectly.
Has anyone else faced this problem and found a completely reliable solution/workaround?
Many thanks,
Ed McCreight