Why can’t I register my VoIP device?

Support
2018-11-15 10:37

Why can’t I register my VoIP device?

Firewalls and Interfering routers are the most common cause of SIP registration failure with your VoIP device where the firewall/router blocks incoming traffic required by our SIP registration process. Remember that the process of any SIP registration comprises a sequential number of requests and challenges between your PBX or handset and CloudPBX as the registration server.

The underlying logic is our CloudPBX authenticates your credentials, and secondly stores your IP address and port number at the moment of registration. When a call hits our CloudPBX we in turn redirect that call to the last successfully registered IP address and port on your router. If your router blocks our incoming traffic, the call will fail.

The easiest way to get around these SIP ALGs is to set your SIP Transport to 'TLS' (instead of UDP) - this encrypts the SIP so your routers/firewalls cannot interfere with the SIP traffic. Our own Hero Apps for Android etc. all use TLS to avoid these issues.  This might be why your own SIP device is not working while our Hero Apps work just fine.

If TLS is not available, the next trick you can try is to set the 'Proxy' or Host settings to use a non-standard SIP port to connect to our service. We support port 50600 for this purpose so you can set your Proxy to phone.hero.co.nz:50600 (instead of just phone.hero.co.nz) - this should tell your device to use port 50600 instead of the usual 5060. Some devices have the port in a separate box but most you just put it after the host name with :50600 at the end.

Next, you can look at your router and/or firewall device and look to turn off the SIP ALG functionality. If you can't see this setting in your router then send us the make/model of your router and we will do some research for you to see how this functionality is turned off.

Lastly, the issue can sometimes be related to NAT (Network Address Translations) timeout being too low on your device. Sometimes this is configurable, sometimes it isn't. If you can configure the NAT timeout (for UDP traffic) then set this to 1 minute (60 seconds). One other trick to combat a low NAT timeout value is to register with our service more frequently. So you can set the Registration Timeout to 60 seconds for example. This means your device registers with us every minute but it also has the effect of keeping the NAT connections alive for your phone to avoid the NAT timing out and our service having issues connecting to your device which is on your LAN.

Registration – Inbound only

We don’t require you to register to make an outbound call as we check your credentials on each call. Registration is merely the mechanism we use to direct incoming calls through to your router /firewall and ultimately phone or PBX (if using registration).

SIP Keep Alive

For security routers are oblivious to the requirements of SIP and by design regularly close the ports preventing CloudPBX from redirecting to your PBX or handset. To avoid, set your phones “Keep Alive” values to 60 seconds an interval generally well inside the period most routers close their incoming ports. This means every minute your phone updates our CloudPBX registration server with its latest IP address and port setting. When an incoming call is received to our network, we can be confident of your IP and port numbers.

Recommendations

  • SIP ALG: We recommend disabling SIP ALG as most implementations incorrectly modify SIP and ultimately corrupt SIP packets rendering them unreadable causing unexpected behaviors such as registration and incoming calls failing.
  • TLS: Is a reliable work around which alleviates interference caused by SIP ALG as TLS packets are encrypted ultimately preventing corruption. To use TLS set your phones or endpoints to port 5061.
  • Port Forwards: For SIP peering installations we recommend port forwarding all traffic on UDP port 5060 to your device. Additionally we strongly recommend you set your firewall access control lists (ACL) to limit to traffic on 5060 to our trunking IP address. Note: we have also configured port 50600 on our end to receive SIP traffic.
Average rating: 0 (0 Votes)

You cannot comment on this entry