Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

STUN Server

Status
Not open for further replies.

DominicE

Technical User
Feb 1, 2019
27
GB
Hi,

Before I go round in anymore circles I was hoping someone may know the answer.

I have a Gamma trunk which works absolutely fine with no STUN server. Everything is setup correctly in the LAN1 with a blank STUN server and incoming / outgoing calls function as normal.

I now need to use a STUN server which I'm currently testing with stun3.l.google.com however as soon as I put that in (nothing else on the LAN tab changes) incoming calls no longer function properly and are only one way/it may not even pick the call up (but it will drop it). Outgoing calls are fine.

As nothing further is updated on the LAN tab, why would this be? As soon as I remove the STUN server and go back to it being blank, it all works fine again.

I need to use a STUN server as our IP address changes when we failover from our primary to secondary connection.

Any help would be greatly appreciated.

Thanks,
 
Also, get a decent provider, or decent connections from them, we have primary and backup circuits (on different carriers) where the IP is retained on failover.. :)
 
Like Andy says, it works with no STUN set, so you probably have ALG on your router. You can't use ALG and STUN together.

1 Question though. If you have a SIP trunk working really well without the need for an external STUN server, why are you trying to break it by using a STUN server??

If it aint broke.........................

Jamie Green

[bold]A[/bold]vaya [bold]R[/bold]egistered [bold]S[/bold]pecialist [bold]E[/bold]ngineer
 
He says he is not using stun, but I would guess he is using the network topology to amend the public ip in the packets (just as I do for gamma).

It might be simpler to use ALG on the router to do this rather than the network topology tab.

| ACSS SME |
 
Thanks for the replies.

On a Watchguard SIP ALG is turned off by default. You have to have a separate policy to turn it on, which I don't - so I know that's not the problem.

The reason I'm trying to use STUN is because we're attempting to get it working with a failover connection which is on a separate IP. The only way to update the IP in the LAN tab is with STUN.

One slight problem in using SIP ALG is that failover connection is double NAT'd, so the router see's it as an 10.x IP and their router NAT's to an external fixed IP. So SIP ALG would write the IP to the local one, which wouldn't work. However if I specify the external IP in the LAN tab it works fine. So I know the double NAT'ing isn't a problem in getting it working if I specify the IP manually, but if I wanted to use SIP ALG which would work round this, I don't think I'll be able to so have ruled that.

Appreciate the comments about getting better connections, but if you're in contract for a leased line... you're in contract.

Really all I need to do is update the IP in the LAN tab when it fails over as everything else is working fine - which is what I'm attempting to use STUN for. It adjusts the IP fine, but then doesn't allow inbound calls to be picked up. Strangely enough though, if I pick the call up, it carries on ringing in, however if I then drop the call, it cuts it off from ringing in. So I'm not sure what that's all about. It can clearly see the drop.

I can't see anything re-writing packets between switching the STUN server on and off. The router remains on the same settings. The only thing which can be re-writing packets it doesn't like is the IP Office once the STUN server is turned on, but as far as I'm aware it shouldn't be doing that at all.

I may start again from scratch with bare minimum settings just to make sure there's not something on there it doesn't like.

Thanks
 
DominicE said:
The reason I'm trying to use STUN is because we're attempting to get it working with a failover connection which is on a separate IP. The only way to update the IP in the LAN tab is with STUN.

Over the past couple of years, we've been installing edge router with SBC and dual WAN ports in order to have SIP fail over. While not inexpensive, they just work, which makes this solution cheaper in the end.

Mike Forrence
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top