One way audio on hardware sip client

ratkat · November 24, 2020, 7:54pm

Used hardware:

ZyXEL Armor Z2 NBG6817 running OpenWrt 19.07.3
UTStarcom F1000G Wifi-Sip-Phone

External IP is fixed and I created a guest wifi following
Guest Wi-Fi basics
since the hardware client doesn't support WPA2. Clients can connect on the guest wifi, sip phone gets a static IP address and registers with my sip provider (sipcall). I can call out, and also receive calls, microphone on the sip phone works, too, however I do not hear any audio on the sip phone (neither when I call out nor when receiving calls). I created two port forwards (49160-49161 for SIP, and 49104-49116 for RTP audio). Do I need to use
siproxd
or did I miss something in my config? Or am I using faulty hardware...

Thanks, any help much appreciated,
Stefan

root@zyxel:~# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan wg0'
	option masq '1'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '51999'
	option name 'Allow-Wireguard-Inbound'

config rule
	option src '*'
	option target 'ACCEPT'
	option dest_port '51413'
	option name 'Allow-Transmission-Inbound'
	list proto 'tcp'
	list proto 'udp'

config zone 'guest'
	option name 'guest'
	option network 'guest'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config forwarding 'guest_wan'
	option src 'guest'
	option dest 'wan'

config rule 'guest_dns'
	option name 'Allow-DNS-Guest'
	option src 'guest'
	option dest_port '53'
	option proto 'tcp udp'
	option target 'ACCEPT'

config rule 'guest_dhcp'
	option name 'Allow-DHCP-Guest'
	option src 'guest'
	option dest_port '67'
	option family 'ipv4'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest_port '49160-49161'
	option src 'wan'
	option name 'sip2'
	option src_dport '49160-49161'
	option target 'DNAT'
	option dest_ip '10.10.0.10'
	option dest 'guest'

config redirect
	option dest_port '49104-49116'
	option src 'wan'
	option name 'voip2'
	option src_dport '49104-49116'
	option target 'DNAT'
	option dest_ip '10.10.0.10'
	option dest 'guest'

vgaetera · November 25, 2020, 4:03am

Try this way:
[SOLVED] Incoming calls not reaching hosts on the network

ratkat · November 25, 2020, 9:25am

Thanks for the hint, but this didn't help. My guess is that the problem is somewhere else (since I am able to receive and make calls, and also to send audio, only the wifi phone doesn't "play" the audio). So the UTStarcom might have a hardware problem, or is not compatible with sipcall (anymore?). I also checked codecs, there is not so much to configure, and I am successfully registering with the sip provider. It used to work quite a while back (on my old openwrt router...) so who knows what has happened/changed in the meantime.

In the meantime I have configured a Cisco SPA112 (dual sip->POTS adapter) on my "normal" lan (i.e. part of the internal lan zone) and changed the forwarding rules accordingly. Surprisingly, everything works. As do all the android sip softphones.

Any suggestion is welcome, otherwise I give up.
Stefan

vgaetera · November 25, 2020, 9:29am

Check the output:

sysctl net.netfilter.nf_conntrack_helper; \
iptables-save -c -t raw | grep -e PREROUTING -e sip

ratkat · November 25, 2020, 10:40am

I have changed the wifi phone settings back to default (i.e. sip port 5060, rtp port 10010), since the cisco solution works fine Still the same issue, ie. one way audio.

When I use your commands

I get

[1695:348071] -A PREROUTING -i wlan1-1 -m comment --comment "!fw3: guest CT helper assignment" -j zone_guest_helper
[0:0] -A zone_guest_helper -p tcp -m comment --comment "!fw3: SIP VoIP connection tracking" -m tcp --dport 5060 -j CT --helper sip
[24:10068] -A zone_guest_helper -p udp -m comment --comment "!fw3: SIP VoIP connection tracking" -m udp --dport 5060 -j CT --helper sip

vgaetera · November 25, 2020, 12:15pm

And what about the first command?

ratkat · November 25, 2020, 1:05pm

sorry, forgot to paste some lines:

net.netfilter.nf_conntrack_helper = 1
:PREROUTING ACCEPT [723833:488622530]
[75:20649] -A PREROUTING -i wlan1-1 -m comment --comment "!fw3: guest CT helper assignment" -j zone_guest_helper
[0:0] -A zone_guest_helper -p tcp -m comment --comment "!fw3: SIP VoIP connection tracking" -m tcp --dport 5060 -j CT --helper sip
[0:0] -A zone_guest_helper -p udp -m comment --comment "!fw3: SIP VoIP connection tracking" -m udp --dport 5060 -j CT --helper sip

I have to admit, that doesn't give me any insights. What is the expected output?

vgaetera · November 25, 2020, 1:11pm

Well, we have verified the settings are applied correctly.
But I don't actually use SIP, so I'm not sure how to proceed.

ratkat · November 25, 2020, 1:23pm

Thanks a lot, anyway. I really appreciate all the efforts of the developers of openwrt and its community!
Right now I cannot rule out a hardware error, or it's a combination of the current setup (ISP, SIP provider, router, handset), and if I use a different client everything is fine. So if I really wanted to find the problem, I should probably either change back to the old router (still running on Lede), or try another SIP provider, or another access point ... too many options and not enough time, especially without the proper knowledge like me.