IV. Voice-over-IP (VoIP)

NAT Traversal with Voice over IP (VoIP)

Products:
Vigor 2620Ln
Vigor 2760
Vigor 2762
Vigor 2765
Show all

Keywords:
Application Layer Gateway
IPv6
NAT
Outbound Proxy
Show all

Voice-over-IP (VoIP) systems are great for linking remote offices or working from home, but when working over the Internet they will typically be going through NAT (Network Address Translation), which complicates the process of making and receiving calls.

If the VoIP (SIP) call's setup gives the wrong information to either side, this will often result in calls with one-way audio or no audio, or the call could fail entirely.

Network Address Translation is practically required on the Internet because of IPv4 IP address limits. Your router performs NAT to share the single Internet IP between all devices on your internal network. The only way to avoid NAT on the Internet is for both phones (not their routers) to have public Internet IP addresses, which would be expensive and could be insecure.


NAT Traversal with Voice over IP (VoIP) & SIP

The SIP protocol (Session Initiation Protocol) used by most VoIP systems does not inherently handle Network Address Translation, unless your SIP provider offers a NAT Proxy such as DrayTel's NAT proxy configuration.

With no method for SIP to handle NAT, your phone has an internal IP address of 192.168.1.19 for example; when making a call, it will tell the phone at the other end to send a call's audio to that IP address - that's not an Internet IP address and isn't directly routable.

The SIP call's packets are routed through NAT, their IP headers and ports being translated from 192.168.1.19 to the Internet IP and the remote end by the NAT router / gateway to the Internet. Although the IP headers are changed, there are additional IP addresses specified in SIP's SDP (Session Definition Protocol) packets, which define where to route the call's RTP (Real Time Protocol) audio packets to.

The NAT router / gateway will not normally alter the IP addresses in the SIP SDP packets, which will still point to that local 192.168.1.19 IP address. This can result in one-way audio, or no audio at all because the remote phone being called will attempt to send its audio to the 192.168.1.19 address, which isn't routable across the Internet.



To resolve this, either the phone needs to know its Internet IP address, to give that address when making calls, or its Internet NAT router / gateway will need to amend the phone's SIP packets so that they have the correct address.

The sections below detail some possible methods that can be used to help SIP calls to work through NAT:

VoIP Phone & SoftPhone NAT Traversal

Methods for NAT traversal that can be implemented on a VoIP Phone or SoftPhone.

Recommended where the IP-Phone or SoftPhone won't always be connected to the same router, or where it's not possible to implement NAT traversal on the router, for instance a 4G connection.

NAT Traversal on the Router

Methods of NAT traversal that can be implemented at the router or network level.

Recommended for use with networks that have a number of fixed VoIP phones connecting through the router.

VoIP Phone & SoftPhone NAT Traversal

VoIP Phone & SoftPhone NAT Traversal

Where the SIP client, either a SoftPhone app or IP-Phone, will routinely be connecting through different networks - for instance going from your home's Wi-Fi to 4G Internet, it's best to have the SIP client itself handle the NAT traversal because the router it's connecting through may not have any SIP/NAT traversal set up.

There are two primary methods for achieving this from the SIP client, without modifying any router settings, which are described in the table and sections below:

MethodSTUN ServerSIP Outbound Proxy
What does it do? When registering and making / receiving calls, the IP-Phone checks with the configured STUN  Server what Internet IP address it is using and what type of NAT it is located behind All outgoing SIP calls are routed through the proxy, which handles the NAT translation of SIP & RTP packets
Recommended Usage
  • Connecting IP-Phones in an office to a hosted PBX or SIP provider
  • Mobile phones running a Softphone
  • Double-NAT (one NAT router behind another NAT router)
  • Any device that is connected to a different network frequently
  • Connecting IP-Phones in an office to a hosted PBX or SIP provider
Limitations
  • Requires a working STUN server to make & receive calls, which may be difficult if the SIP provider doesn't provide one.
  • If the STUN server is not working or has significant latency, it can negatively affect or break the process of making and receiving SIP calls
  • Requires that the SIP provider has provided a NAT proxy, which not all SIP providers do.

STUN Server

A STUN (Session Traversal Utilities for NAT) server allows a NAT-ted client to contact it and check what type of NAT the client is located behind, along with the public IP address it's using. It does this independently of the router it's connecting through, which makes it ideal for devices that move between networks frequently.

Once the IP-Phone or SoftPhone's SIP client has determined the Internet IP address the call is being routed through, it can then set the correct IP address to send call audio to.

It sets this in the SIP-SDP (Session-Definition-Protocol) packet, which contains the call's information, including the number it's calling from, the number it's calling and the IP address that the call's audio will be sent to.

STUN servers can operate over TCP or UDP and typically use UDP port 3478. If your SIP provider doesn't have a STUN server available, there are some public STUN servers available that can be used for this purpose. Because of the STUN server's important role in both making and receiving calls once set up, the SIP client may be unable to make or receive calls if the STUN server can not be contacted or has high latency / packet loss.

In the example below, the call proceeds once the STUN server has responded with the requested information, at which point the IP-Phone proceeds to call the remote phone, with the correct Internet IP address in its SIP-SDP packets:

Some SIP providers have provisions for handling NAT through the use of a SIP Outbound Proxy server.

All of the SIP client's SIP messages are routed through this proxy and are modified by the Proxy server to be able to make and receive calls through a network that has no other NAT traversal (such as SIP-ALG).

For instance DrayTel provide the "nat.draytel.org" server on port 5065 to handle SIP calls going through NAT-ted networks.

Is there an outgoing Proxy for DrayTEL ?

Check your SIP provider's setup information for an Outbound Proxy setting, it's possible that they provide one for handling NAT connections.

SIP Outbound Proxy

How do you rate this article?

1 1 1 1 1 1 1 1 1 1