[jitsi-users] SIP with TCP


#1

Hi,

first of all I would like to thank the developers
and contributors of jitsi, it's a nice piece of
software. I like it very much.

Now, back to my question/issue.

I've the following:

One Linux PC with iptables running.
One Windows PC (I guess W7), with firewall disabled,
it seems.

The Linux PC is connected to internet via a
router/firewall.
The Windows PC is connected to interneti directly,
it seems.

If I connect the two PCs to the router/firewall,
that is both are in the internal LAN, after opening
port 5060/5061 TCP/UDP and ports 5000-5031 UDP on
iptables, it is possible to call one each other
(p2p connection) and run normal VoIP communication.

So, it seems, from this setup, there's no issue
in p2p connectivity, once the above ports are open.

Now, if the Windows PC is on the other side of the
router/firewall, i.e. it is on open internet, after
opening the same ports in the router (with forwarding),
trying to call the other (Linux) PC results in ringing,
but, after answering, the whole connection waits with
"Initiating Call", until it gives up.

The FAQ mention this could be due to UDP packets
not being passed properly (size issue).
The reccomendation is to use TCP (I wonder, then,
about RTP).

Question is: how to use SIP with TCP?

Furthermore, what would a good way to debug this
issue? Wireshark?
Note that I cannot access the Windows PC anymore,
so that side cannot help (except for calling and
reporting the results).

Final note, the router/firewall has its own SIP/RTP
rules, so ports 6060/6061 TCP/UDP are forwarder to
port 5060/5061 TCP/UDP of the Linux PC.
This does not seem to be a problem, since the call
ring is received properly.
The caller uses, of course, the :6060 extension.
The router/firewall has a DNS entry.

Thanks for any help and sorry for the lengthy
explanation, but maybe better more than less...

bye,

···

--

piergiorgio


#2

Hi Emil,

thanks for the answer.

I admit I did not grasped the SIP/RTP thing completely,
so I'm probably missing something.

Nevertheless, what's the matter with NAT traversal,
since the router is setup to forward the ports to the
proper place?
SSH and HTTP works fine with such configuration, so
why SIP does not?

Could you (or someone else) explain or provide some
reference, so I could understand better the issue?

Thanks a lot,

bye,

pg

···

On Thu, Sep 29, 2011 at 07:20:34AM +0200, Emil Ivov wrote:

Hey Piergiorgio,

It seems from your mail that you are using registrarless accounts. If this is the case, then there's no one handling NAT traversal for you and it would indeed be impossible to establish a call between the two clients.

Cheers,
Emil

--sent from my mobile

On 28 sept. 2011, at 21:03, Piergiorgio Sartor <piergiorgio.sartor@arcor.de> wrote:

> Hi,
>
> first of all I would like to thank the developers
> and contributors of jitsi, it's a nice piece of
> software. I like it very much.
>
> Now, back to my question/issue.
>
> I've the following:
>
> One Linux PC with iptables running.
> One Windows PC (I guess W7), with firewall disabled,
> it seems.
>
> The Linux PC is connected to internet via a
> router/firewall.
> The Windows PC is connected to interneti directly,
> it seems.
>
> If I connect the two PCs to the router/firewall,
> that is both are in the internal LAN, after opening
> port 5060/5061 TCP/UDP and ports 5000-5031 UDP on
> iptables, it is possible to call one each other
> (p2p connection) and run normal VoIP communication.
>
> So, it seems, from this setup, there's no issue
> in p2p connectivity, once the above ports are open.
>
> Now, if the Windows PC is on the other side of the
> router/firewall, i.e. it is on open internet, after
> opening the same ports in the router (with forwarding),
> trying to call the other (Linux) PC results in ringing,
> but, after answering, the whole connection waits with
> "Initiating Call", until it gives up.
>
> The FAQ mention this could be due to UDP packets
> not being passed properly (size issue).
> The reccomendation is to use TCP (I wonder, then,
> about RTP).
>
> Question is: how to use SIP with TCP?
>
> Furthermore, what would a good way to debug this
> issue? Wireshark?
> Note that I cannot access the Windows PC anymore,
> so that side cannot help (except for calling and
> reporting the results).
>
> Final note, the router/firewall has its own SIP/RTP
> rules, so ports 6060/6061 TCP/UDP are forwarder to
> port 5060/5061 TCP/UDP of the Linux PC.
> This does not seem to be a problem, since the call
> ring is received properly.
> The caller uses, of course, the :6060 extension.
> The router/firewall has a DNS entry.
>
> Thanks for any help and sorry for the lengthy
> explanation, but maybe better more than less...
>
> bye,
>
> --
>
> piergiorgio

--

piergiorgio


#3

Hey there,

На 29.09.11 20:15, Piergiorgio Sartor написа:

Hi Emil,

thanks for the answer.

I admit I did not grasped the SIP/RTP thing completely,
so I'm probably missing something.

Nevertheless, what's the matter with NAT traversal,
since the router is setup to forward the ports to the
proper place?
SSH and HTTP works fine with such configuration, so
why SIP does not?

When you call someone with SIP you tell them what address you'd like to
receive audio and video on. If you don't explicitly handle NAT
traversal, that address would be your private one (e.g. 192.168.0.1) and
it would be impossible for your contact to send anything there.

There are a number of free services out there that you could use to do
this for you. iptel.org or ippi.com for example are among them.

Cheers,
Emil

···

Could you (or someone else) explain or provide some
reference, so I could understand better the issue?

Thanks a lot,

bye,

pg

On Thu, Sep 29, 2011 at 07:20:34AM +0200, Emil Ivov wrote:

Hey Piergiorgio,

It seems from your mail that you are using registrarless accounts. If this is the case, then there's no one handling NAT traversal for you and it would indeed be impossible to establish a call between the two clients.

Cheers,
Emil

--sent from my mobile

On 28 sept. 2011, at 21:03, Piergiorgio Sartor <piergiorgio.sartor@arcor.de> wrote:

Hi,

first of all I would like to thank the developers
and contributors of jitsi, it's a nice piece of
software. I like it very much.

Now, back to my question/issue.

I've the following:

One Linux PC with iptables running.
One Windows PC (I guess W7), with firewall disabled,
it seems.

The Linux PC is connected to internet via a
router/firewall.
The Windows PC is connected to interneti directly,
it seems.

If I connect the two PCs to the router/firewall,
that is both are in the internal LAN, after opening
port 5060/5061 TCP/UDP and ports 5000-5031 UDP on
iptables, it is possible to call one each other
(p2p connection) and run normal VoIP communication.

So, it seems, from this setup, there's no issue
in p2p connectivity, once the above ports are open.

Now, if the Windows PC is on the other side of the
router/firewall, i.e. it is on open internet, after
opening the same ports in the router (with forwarding),
trying to call the other (Linux) PC results in ringing,
but, after answering, the whole connection waits with
"Initiating Call", until it gives up.

The FAQ mention this could be due to UDP packets
not being passed properly (size issue).
The reccomendation is to use TCP (I wonder, then,
about RTP).

Question is: how to use SIP with TCP?

Furthermore, what would a good way to debug this
issue? Wireshark?
Note that I cannot access the Windows PC anymore,
so that side cannot help (except for calling and
reporting the results).

Final note, the router/firewall has its own SIP/RTP
rules, so ports 6060/6061 TCP/UDP are forwarder to
port 5060/5061 TCP/UDP of the Linux PC.
This does not seem to be a problem, since the call
ring is received properly.
The caller uses, of course, the :6060 extension.
The router/firewall has a DNS entry.

Thanks for any help and sorry for the lengthy
explanation, but maybe better more than less...

bye,

--

piergiorgio

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31


#4

Hi Emil,

thanks a lot for the explanation.

I guess I was missing that SIP handles the IP addresses
by itself.

Thanks again.

Since we are at it, about iptel.org or ippi.com, is there
any configuration that the router/firewall needs or it
will go "automatically"?

Thanks,

bye,

pg

···

On Thu, Sep 29, 2011 at 08:45:52PM +0200, Emil Ivov wrote:

Hey there,

На 29.09.11 20:15, Piergiorgio Sartor написа:
> Hi Emil,
>
> thanks for the answer.
>
> I admit I did not grasped the SIP/RTP thing completely,
> so I'm probably missing something.
>
> Nevertheless, what's the matter with NAT traversal,
> since the router is setup to forward the ports to the
> proper place?
> SSH and HTTP works fine with such configuration, so
> why SIP does not?

When you call someone with SIP you tell them what address you'd like to
receive audio and video on. If you don't explicitly handle NAT
traversal, that address would be your private one (e.g. 192.168.0.1) and
it would be impossible for your contact to send anything there.

There are a number of free services out there that you could use to do
this for you. iptel.org or ippi.com for example are among them.

Cheers,
Emil

> Could you (or someone else) explain or provide some
> reference, so I could understand better the issue?
>
> Thanks a lot,
>
> bye,
>
> pg
>
> On Thu, Sep 29, 2011 at 07:20:34AM +0200, Emil Ivov wrote:
>> Hey Piergiorgio,
>>
>> It seems from your mail that you are using registrarless accounts. If this is the case, then there's no one handling NAT traversal for you and it would indeed be impossible to establish a call between the two clients.
>>
>> Cheers,
>> Emil
>>
>> --sent from my mobile
>>
>> On 28 sept. 2011, at 21:03, Piergiorgio Sartor <piergiorgio.sartor@arcor.de> wrote:
>>
>>> Hi,
>>>
>>> first of all I would like to thank the developers
>>> and contributors of jitsi, it's a nice piece of
>>> software. I like it very much.
>>>
>>> Now, back to my question/issue.
>>>
>>> I've the following:
>>>
>>> One Linux PC with iptables running.
>>> One Windows PC (I guess W7), with firewall disabled,
>>> it seems.
>>>
>>> The Linux PC is connected to internet via a
>>> router/firewall.
>>> The Windows PC is connected to interneti directly,
>>> it seems.
>>>
>>> If I connect the two PCs to the router/firewall,
>>> that is both are in the internal LAN, after opening
>>> port 5060/5061 TCP/UDP and ports 5000-5031 UDP on
>>> iptables, it is possible to call one each other
>>> (p2p connection) and run normal VoIP communication.
>>>
>>> So, it seems, from this setup, there's no issue
>>> in p2p connectivity, once the above ports are open.
>>>
>>> Now, if the Windows PC is on the other side of the
>>> router/firewall, i.e. it is on open internet, after
>>> opening the same ports in the router (with forwarding),
>>> trying to call the other (Linux) PC results in ringing,
>>> but, after answering, the whole connection waits with
>>> "Initiating Call", until it gives up.
>>>
>>> The FAQ mention this could be due to UDP packets
>>> not being passed properly (size issue).
>>> The reccomendation is to use TCP (I wonder, then,
>>> about RTP).
>>>
>>> Question is: how to use SIP with TCP?
>>>
>>> Furthermore, what would a good way to debug this
>>> issue? Wireshark?
>>> Note that I cannot access the Windows PC anymore,
>>> so that side cannot help (except for calling and
>>> reporting the results).
>>>
>>> Final note, the router/firewall has its own SIP/RTP
>>> rules, so ports 6060/6061 TCP/UDP are forwarder to
>>> port 5060/5061 TCP/UDP of the Linux PC.
>>> This does not seem to be a problem, since the call
>>> ring is received properly.
>>> The caller uses, of course, the :6060 extension.
>>> The router/firewall has a DNS entry.
>>>
>>> Thanks for any help and sorry for the lengthy
>>> explanation, but maybe better more than less...
>>>
>>> bye,
>>>
>>> --
>>>
>>> piergiorgio
>

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31

--

piergiorgio


#5

На 29.09.11 20:53, Piergiorgio Sartor написа:

Hi Emil,

thanks a lot for the explanation.

I guess I was missing that SIP handles the IP addresses
by itself.

Thanks again.

Since we are at it, about iptel.org or ippi.com, is there
any configuration that the router/firewall needs or it
will go "automatically"?

As long as you don't completely block UDP, everything should work
automatically.

Jitsi initiates all the connections that it needs and most NATs /
residential gateways would allow the destination to respond, so you
shouldn't need any static port forwardings.

Cheers,
Emil

···

Thanks,

bye,

pg

On Thu, Sep 29, 2011 at 08:45:52PM +0200, Emil Ivov wrote:

Hey there,

На 29.09.11 20:15, Piergiorgio Sartor написа:

Hi Emil,

thanks for the answer.

I admit I did not grasped the SIP/RTP thing completely,
so I'm probably missing something.

Nevertheless, what's the matter with NAT traversal,
since the router is setup to forward the ports to the
proper place?
SSH and HTTP works fine with such configuration, so
why SIP does not?

When you call someone with SIP you tell them what address you'd like to
receive audio and video on. If you don't explicitly handle NAT
traversal, that address would be your private one (e.g. 192.168.0.1) and
it would be impossible for your contact to send anything there.

There are a number of free services out there that you could use to do
this for you. iptel.org or ippi.com for example are among them.

Cheers,
Emil

Could you (or someone else) explain or provide some
reference, so I could understand better the issue?

Thanks a lot,

bye,

pg

On Thu, Sep 29, 2011 at 07:20:34AM +0200, Emil Ivov wrote:

Hey Piergiorgio,

It seems from your mail that you are using registrarless accounts. If this is the case, then there's no one handling NAT traversal for you and it would indeed be impossible to establish a call between the two clients.

Cheers,
Emil

--sent from my mobile

On 28 sept. 2011, at 21:03, Piergiorgio Sartor <piergiorgio.sartor@arcor.de> wrote:

Hi,

first of all I would like to thank the developers
and contributors of jitsi, it's a nice piece of
software. I like it very much.

Now, back to my question/issue.

I've the following:

One Linux PC with iptables running.
One Windows PC (I guess W7), with firewall disabled,
it seems.

The Linux PC is connected to internet via a
router/firewall.
The Windows PC is connected to interneti directly,
it seems.

If I connect the two PCs to the router/firewall,
that is both are in the internal LAN, after opening
port 5060/5061 TCP/UDP and ports 5000-5031 UDP on
iptables, it is possible to call one each other
(p2p connection) and run normal VoIP communication.

So, it seems, from this setup, there's no issue
in p2p connectivity, once the above ports are open.

Now, if the Windows PC is on the other side of the
router/firewall, i.e. it is on open internet, after
opening the same ports in the router (with forwarding),
trying to call the other (Linux) PC results in ringing,
but, after answering, the whole connection waits with
"Initiating Call", until it gives up.

The FAQ mention this could be due to UDP packets
not being passed properly (size issue).
The reccomendation is to use TCP (I wonder, then,
about RTP).

Question is: how to use SIP with TCP?

Furthermore, what would a good way to debug this
issue? Wireshark?
Note that I cannot access the Windows PC anymore,
so that side cannot help (except for calling and
reporting the results).

Final note, the router/firewall has its own SIP/RTP
rules, so ports 6060/6061 TCP/UDP are forwarder to
port 5060/5061 TCP/UDP of the Linux PC.
This does not seem to be a problem, since the call
ring is received properly.
The caller uses, of course, the :6060 extension.
The router/firewall has a DNS entry.

Thanks for any help and sorry for the lengthy
explanation, but maybe better more than less...

bye,

--

piergiorgio

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31