VoIP Configuration Assistance?

DoubleSpeed · January 25, 2019, 11:59am

On my home network, I have a Linksys WRT 32X which has an extremely basic Web Interface/UI and I'm trying to set-up work/office VoIP phone which is a Polycom handset. I've set a static LAN IP 192.168.1.161 for the Polycom, I've set the device to high priority for QoS however I'm having both QoS and routing issues, I can receive calls however audio is clipping so difficult to hear what people are saying, however, cannot dial out and the VoIP provider has said the reason for this is..

“It appears on the traces that the IP is changing and thus we receive a 403 lookup failed back from our AS when we send you a 200 OK”

They’ve also said that I needed to disable SIP ALG which I think I've done using a command I was provided...

opkg remove siproxd opkg remove libosip2

and…

Firewalls should be set with Consistent NAT switched on (where available). NAT time out values should be set to a minimum of 5 minutes to prevent issues with device registrations and Busy Lamp monitoring.

For security reasons we recommend that SIP traffic on port 5060 and port 5070 are restricted to our platform only. Below is the list of IP Addresses that will require access:
• For Synergy UC
o 185.70.192.0/24
• For Polycom Auto-Provisioning
o 52.0.183.240
o 52.2.100.162
o 52.21.73.34
o 54.86.39.219
o 54.152.105.93
o 54.210.194.27
• For NTP Time Server domain
o 0.uk.pool.ntp.org

RTP ports required; Synergy: 11,000 - 65,535.

DHCP (Dynamic Host Configuration Protocol) should be used to simplify network configuration and administration.

All equipment should be certified to meet current industry standards. Key feature to be considered are QOS support (802.1p), VLAN (802.1q) STP (802.1d), IEEE 802.3af for POE network switch.

If VLANs are configured for Voice and Data, you will need to add the following option string to the Data scope: Option 128 – VLAN-A=xxx; (xxx is the VLAN ID for the Voice VLAN)

So I've started to try and create rules for this...

config redirect
	option name '5060-5070'
	option proto 'tcp udp icmp'
	option target 'DNAT'
	option src 'wan'
	option src_ip 185.70.192.0/24 
	option dest 'lan'
	option dest_port '5060-5070'
	option src_dport '5060-5070'
	option dest_ip '192.168.1.161'
	option enabled '1'

config redirect
	option name '11000-65535'
	option proto 'tcp udp icmp'
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option dest_port '11000-65535'
	option src_dport '11000-65535'
	option dest_ip '192.168.1.161'
	option enabled '1'

So I think the above should forward ports 5060-5070 to the Polycom on 192.168.1.161 if the source is 185.70.192.0/24 and the second rule should forward ports 11000-65535 as well.

Can anyone confirm the above is OK and also advise me on how to set-up the other things that they are stating is needed?

trendy · January 25, 2019, 12:49pm

The redirects look correct. The icmp is not correct in the option proto when you forward ports.

However I am not confident that this is what you should do. I mean that you have opened the ports 5060, 5070 and everything above 11000 to your Polycom phone. Usually it is the phone that connects to the UC/CM/SipServer on these ports, not vice versa as you made it. Furthermore you are residential customer and most likely you have dynamic public IP, so if Polycom UC was to connect to you, you should also provide them with a dynamic dns name.

I am not expert with telephony, but my 2 sip phones at home work with a couple of providers without any port forwards on the router. I could also be wrong, if Polycom phones work differently.

DoubleSpeed · January 25, 2019, 1:47pm

Thanks for replying, yes it is a home network however I do have fixed IP as home office,

Are you saying to remove the lines:

option proto 'tcp udp icmp'

?

I'm not sure if the issues relate to the overall router itself causing all the issues as the Linksys WRT 32X is sold as a gaming router

trendy · January 25, 2019, 2:07pm

Just the icmp. You cannot mix port forwarding rules for tcp-udp with icmp.

and have you provided this IP to Polycom at some point, so they connect to you?

That should not matter. The problem is that since I am not fully aware of the flows that need to be open and to which direction, I cannot help you any further. In my home I don't need to open any ports for the sip phones. Most likely Polycom has a different implementation, so it would be best if someone more experienced answered.

dlakelan · January 25, 2019, 7:44pm

Is this running stock Linksys firmware?

Also is the audio problem consistent or only during certain busy times on your network?

Finally what kind of WAN do you have? Cable, VDSL, FTTH, 4G mobile, etc and what speeds

DoubleSpeed · January 26, 2019, 12:21am

Yes standard Linksys firmware, the clipping of the audio seems to be random so could be occurring when traffic is high/packets lost etc however the inability to be able to make outgoing calls is a constant issue, I have approx 70MBs down & 20MBs Up fibre to caninet

dlakelan · January 26, 2019, 12:33am

What exactly is running OpenWrt in this setup? Can you describe the topology a little?

DoubleSpeed · January 27, 2019, 2:18pm

So I have a totally standard Linksys WRT 32X, it has a very basic UI however I have 4 devices prioritised (2x XBOX One & 2 VoIP Handsets - Both VoIP handsets have static IP's assigned) for QoS and the routes own speed test is prioritising based on 71MBits/s Download / 19MBits/s Upload & 13 ms Ping and I have the port forwarding rules set-up described above which are set to forward to the Polycom handset and that is basically it, OpenWrt is native to this device.

dlakelan · January 27, 2019, 3:51pm

Linsys firmware may be based on OpenWrt but it's not the same as OpenWrt. In particular, the knowledgeable folks here are not going to know in what ways the system differs.

DoubleSpeed · January 27, 2019, 4:43pm

Not sure what to do then as I have been referred to this i.e. the OpenWrt support forum after posting on the Linksys support forum, if we were to assume the core of OpenWrt is in place what would I/should I do to configure this to work correctly?

trendy · January 27, 2019, 5:12pm

First you need to have a list of the flows (source IP/port - destination IP/port) that your Polycom phone needs in order to work.
Without that, no matter the OS of the router, you won't be able to get some help.

dlakelan · January 27, 2019, 9:42pm

If you install openwrt we have a better chance of helping you. It's normally not required to open any ports for SIP because the phone opens outgoing connections.

Under normal openwrt the first thing to do would be to install the SQM package and configure that. I know nothing about how Linksys firmware handles QoS