Community discussions

MikroTik App
 
nfletcher2
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Sun Jun 14, 2015 2:10 am

Odd VOIP Behavior on Mikrotik 3011

Fri Oct 06, 2017 5:31 pm

Hello All!

We are having a weird issue and I am about out of ideas.

About 2 weeks ago we swapped out an old Cisco ASA (Config attached) with Mikrotik 3011. This customer has VOIP phones that connect to a cloud PBX. Shortly after we swapped the router one of their phones (EX 101) stopped working. They contacted the provider and they had them re-provision the phone. It is a Polycom VVX 400. Re-provisioning did not fix it so they rebooted the Mikrotik and the phone started working. When that one started working though, another stopped. This time EXT 102. They went through the same process and re-provisioning did not fix it. They rebooted the router and again it started working but a third phone (EXT 103) stopped. At this point they called us.

I have looked at the phone and I can see where it is actually pulling the config from the provisioning server but it is failing to register. The customer is convinced that it is a router related issue since rebooting the router got phones online and the VOIP company is sure it isn’t something on their side. The tech said he can see where is it pulling the provisioning files.

When I built the configuration for the Mikrotik there were only 4 ports allowed through the firewall, 25, 443, 80, and 3389. All going to their old server (which is still in place). The Sharpen tech said they need TCP/UDP 5060-5081 allowed and UDP 10,000-20,000 allowed so I created those and can see traffic hitting those but it did not resolve the issue. And the fact that some phones will register fine, it doesn’t make sense. I also went into IP>Firewall>Service Ports and disabled SIP as I read this is the SIP helper that is similar to SIP ALG and is recommended to be disabled. Since other phones are actually registering, this didn’t really make sense, but I am reaching at this point.

Any thoughts?
 
troffasky
Member
Member
Posts: 436
Joined: Wed Mar 26, 2014 4:37 pm

Re: Odd VOIP Behavior on Mikrotik 3011

Sun Oct 08, 2017 10:23 pm

Did disabling the SIP ALG make any difference to the observed behaviour?
You need a packet capture of a phone that is failing to register. SIP is quite readable in Wireshark.
 
Ape
Member Candidate
Member Candidate
Posts: 177
Joined: Sun Oct 06, 2013 3:32 pm
Location: Freiburg, Germany
Contact:

Re: Odd VOIP Behavior on Mikrotik 3011

Mon Oct 09, 2017 11:46 am

Hi,

as troffasky already stated, most of the time these issues occur in conjunction with ALG settings.
Another thing to look at: As the firewall is stateful and UDP (which is used fpr SIP) is stateless, the firewall emulates stateful UDP connections by maintaining timers for those UDP connections. As SIP also maintains timers for several purposes, make sure the values of the firewall connections timers match or exceed the timers used by your SIP implementation.

Regards,
ape
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Odd VOIP Behavior on Mikrotik 3011

Mon Oct 09, 2017 2:11 pm

If rebooting the router fixes the connections for you, as a workaround, drop the active connections every hour:
/ip firewall connection remove [ find where protocol=udp and dst-address="1.2.3.4:5060" ]
Scheduled:
/system scheduler
add interval=1h name=reset-sip-conn on-event="/ip firewall connection remove [ find where protocol=udp and dst-address=\"1.2.3.4:5060\" ]" policy=read,write
I had to apply the same fix to a ZyXEL router which would keep the connection tracking in table forever.
As SIP phones tend to keep the same source port this would result in unsuccesful registrations.

Active conversations will not be affected as SIP is used for signalling only.
 
nfletcher2
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Sun Jun 14, 2015 2:10 am

Re: Odd VOIP Behavior on Mikrotik 3011

Mon Oct 09, 2017 2:54 pm

Did disabling the SIP ALG make any difference to the observed behaviour?
You need a packet capture of a phone that is failing to register. SIP is quite readable in Wireshark.

Disabling SIP ALG did not make any noticeable difference. The phone still failed to register.
 
nfletcher2
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Sun Jun 14, 2015 2:10 am

Re: Odd VOIP Behavior on Mikrotik 3011

Mon Oct 09, 2017 2:56 pm

If rebooting the router fixes the connections for you, as a workaround, drop the active connections every hour:
/ip firewall connection remove [ find where protocol=udp and dst-address="1.2.3.4:5060" ]
Scheduled:
/system scheduler
add interval=1h name=reset-sip-conn on-event="/ip firewall connection remove [ find where protocol=udp and dst-address=\"1.2.3.4:5060\" ]" policy=read,write
I had to apply the same fix to a ZyXEL router which would keep the connection tracking in table forever.
As SIP phones tend to keep the same source port this would result in unsuccesful registrations.

Active conversations will not be affected as SIP is used for signalling only.
I did find this listed in several forums as a possible solution but I went in and killed all active connections for the specific phone and it still failed to register. I am not sure this will resolve the problem, unfortunately.
 
nfletcher2
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Sun Jun 14, 2015 2:10 am

Re: Odd VOIP Behavior on Mikrotik 3011

Mon Oct 09, 2017 2:59 pm

Hi,

as troffasky already stated, most of the time these issues occur in conjunction with ALG settings.
Another thing to look at: As the firewall is stateful and UDP (which is used fpr SIP) is stateless, the firewall emulates stateful UDP connections by maintaining timers for those UDP connections. As SIP also maintains timers for several purposes, make sure the values of the firewall connections timers match or exceed the timers used by your SIP implementation.

Regards,
ape
Is that the timers listed under tracking in IP>Firewall>Connections? Specifically, the UDP Timeout vs the UDP Stream Timeout?
 
Ape
Member Candidate
Member Candidate
Posts: 177
Joined: Sun Oct 06, 2013 3:32 pm
Location: Freiburg, Germany
Contact:

Re: Odd VOIP Behavior on Mikrotik 3011

Mon Oct 09, 2017 3:29 pm

Hi,

yes, these two values are especially relevant for SIP/RTP.
I can't give a general advice which values to set in your case, but it's worth trying to slightly increase these values.

Furthermore, have a read of this thread: viewtopic.php?t=85039

Usually, the problem is the "keep alive" of the NAT mapping.
Do you have the possibility to periodically re-register your phones?

I'm using freeswitch and periodically re-registering my public extensions to the providers SIP gateway solved the problem for me as it keeps the NAT mapping in the router.

Regards,
Ape
 
nfletcher2
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Sun Jun 14, 2015 2:10 am

Re: Odd VOIP Behavior on Mikrotik 3011

Mon Oct 09, 2017 5:20 pm

Hi,

yes, these two values are especially relevant for SIP/RTP.
I can't give a general advice which values to set in your case, but it's worth trying to slightly increase these values.

Furthermore, have a read of this thread: viewtopic.php?t=85039

Usually, the problem is the "keep alive" of the NAT mapping.
Do you have the possibility to periodically re-register your phones?

I'm using freeswitch and periodically re-registering my public extensions to the providers SIP gateway solved the problem for me as it keeps the NAT mapping in the router.

Regards,
Ape
I believe they re-register every 240 seconds, according to the vendor. Unfortunately, they were pre-existing before we installed the router and were unknown to us. We are just doing a new server project for this customer so we didn't have much reason to question their phones. I feel like if it was a connection tracking issue we would get the phone to at least register sometimes. I can't even get it to register once. I will check out that link, thank you.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1347
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Odd VOIP Behavior on Mikrotik 3011

Mon Oct 09, 2017 10:52 pm

I believe they re-register every 240 seconds, according to the vendor.
Change this to be less than 180 seconds, say 120. The remote server maybe terminating them. MikroTik's timeout is 300. Linux is 180 I think.
 
nfletcher2
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Sun Jun 14, 2015 2:10 am

Re: Odd VOIP Behavior on Mikrotik 3011

Mon Oct 09, 2017 11:47 pm

I believe they re-register every 240 seconds, according to the vendor.
Change this to be less than 180 seconds, say 120. The remote server maybe terminating them. MikroTik's timeout is 300. Linux is 180 I think.
Are you talking about on the phone itself?
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1347
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Odd VOIP Behavior on Mikrotik 3011

Tue Oct 10, 2017 12:39 am

Are you talking about on the phone itself?
Yes
 
nfletcher2
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Sun Jun 14, 2015 2:10 am

Re: Odd VOIP Behavior on Mikrotik 3011

Tue Oct 10, 2017 2:21 pm

Are you talking about on the phone itself?
Yes
I will try this, thank you!

Who is online

Users browsing this forum: CGGXANNX, sindy and 24 guests