Hello,
I installed OpenWrt on my Zyxel M1 router and it works quite well so far.
The only problem I have is the Voip setup. Since I use OpenWrt now, I put my Fritzbox behind it and change it's operation mode to phone only.
To make phone calls possible I added a NAT rule:
Restrict to address family: automatic
Protocol: UDP
Outbound zone: wan, wan6
Source address: fritzbox
Source port: any
Dest. address: any
Dest. port: any
Action: SNAT
Rewrite IP address: wan ip
Rewrite port: do not rewrite
This works for 1-2 days and then stops. Fritzbox is complaining. I check the rewrite IP address and update it to the new IP. Since my internet connection is reconnecting every night I think thats the root of my problem.
Does anyone know how to fix that? Either by automatically updating it somehow or is there a different solution?
Honestly, I don't know. Thats just the closest I got to make it work. And without it, it doesn't.
I already tried to change the action to MASQUERADE. But then it's red and says "Address family, source address, destination address, rewrite IP address must match" and I don't know how to fix that.
In general you shouldn't need to fiddle with the firewall for VOIP to work, however there can be issues with NAT connection timeouts. In a quick look I haven't found exactly where the UDP NAT connection timeouts are set in recent OpenWrt releases or what they're set to, however RFC4787 generally recommends 5 minutes though some thread info I came across suggests OpenWrt is set to 3 minutes.
I believe Fritz!OS has a VOIP connection keep-alive setting: see here - the "port forwarding" option set to 5 minutes in the image. You might try setting this to 60 seconds to see whether that helps.
Thank you @pythonic
I was about to say that I already did that timeout setting weeks ago. But when I checked it was set to 30s. I changed it now to 5min. But the FB is still complaining.
What exactly should I look for in the post you mentioned?
Ok in that case the problem isn't the NAT timeout issue I was thinking of; the 30s you previously had should have been sufficient - 5 minutes is far too long though given it is likely longer than any OpenWrt timeout setting.
I understood it as an example setup that matched your requirements and illustrated how the parts were configured - i.e. OpenWrt without any special routing or firewall settings and Fritz!Box behind with it's WAN set as a router and the "port forward" keep alive. That should have been all you needed, as it was sufficient for the poster.
Does the Fritz!Box have VOIP problems when used as the primary router?
I'm also wondering whether your VOIP provider is having problems with NATted VOIP end points (the Fritz!Box doesn't connect it's VOIP through it's NAT which is why it would work when it's the primary router). If this is the case and you want to persist with the OpenWrt router as primary, you might try installing kmod-nathelper-nf-extra.
If your VOIP provider supports TLS connections, recent Fritz!Os releases supposedly support TLS VOIP connections which would probably be a better option than the above SIP pass-through.
Does the Fritz!Box have VOIP problems when used as the primary router?
I had never any issues with VOIP before. Only when I put the FritzBox behind other routers. Some time ago I tried OPNsense and VOIP first didn't work. After setting up a similar NAT rule it worked and never broke.
The current problem only occured when I switched to OpenWrt (not saying that it's causing the problem by itself).
I will look into the package.
I just wonder why there are quite a lot people similar problems (VOIP doesn't work when Fritzbox is behind router) and there doesn't seem to be that one solution. I found other forums where one solution did work for somebody but didn't for someone else.
Are you connecting to your VoIP provider using IPv6?
This would explain the need for an additional SNAT rule (if you are SNAT-ing to the wan IPv6 address) as well as the error message.
I wanted to give an update. Since I installed kmod-nathelper-nf-extra the problem seems to be gone. Nothing else helped. But now it works. Thanks a lot.
