On 05/04/2009 11:43 PM, Iñaki Baz Castillo wrote:
El Lunes, 4 de Mayo de 2009, Dubravko Caric escribió:
There is a really easy way to detect if a router is performing SIP ALG:
- Configure you UA in the LAN with *no* STUN/ICE, just private IP.
- Capture a INVITE/REGISTER from that UA in the proxy (in the public
network). - Check if "Via" and/or "Contact" headers contain the router public IP instead of the UA private IP.
- If so, you are behind a *fucking* router with SIP ALG enabled.
I did everything as you described and I can confirm that this router has SIP ALG enabled.
Bad luck then... :( SIP ALG is the worst enemy for SIP.
workarounds could be: - run sip server also on a different port than 5060 (say 5070) - kamailio is just fine doing it. Point the users behind such ALGs to this port. Still alg can detect it, but most of them do the detection by port 5060 - use TCP if the phone supports it - most of algs do not touch TCP connections, but ... - use TLS if the phone supports it - safest - the alg cannot touch it - recommended - send back the router and ask for money return
Cheers, Daniel
If you can dissable it (by web, telnet...) please add that information to the wiki page: http://www.voip-info.org/wiki/view/Routers+SIP+ALG (or sent it to me directly and I'll add it).
there is no way to change this (turn ON/OFF) because there is no such option in the web interface of the router.
Have you tryed via telnet? Most of the commercial routers don't show the SIP ALG option in the web interface, but via telnet.
what i will try to do (over this weekend) is to load DD-WRT firmware (which isn't Linksys firmware) and if this goes well I'll put this solution on wiki.
I checked this closely once more and I was wrong (I had too much traces open) :( what really happens is that UAC sends "OK" with right port in Contact header towards the router but the router is the one that changes this port to "0" and sends this malformed message to the proxy.
Yes, setting a "cool" port (as 0) is a common "feature" in SIP ALG enabled routers. It's also very common to see ports like 12333453 (yes, greater than 2^16).
Thanks once more
Please, add any information you get to dissable SIP ALG in this router to the Wiki I suggested. Also, you can add information about the issues you had due to this SIP ALG router. Really thanks for it. :)