Do GXP1625 support STUN server authentication?


#1

Hi,

Please find phone details below:

Product Model GXP1625
Part Number 9620008025A

Software Version

Boot 1.0.4.5
Core 1.0.4.100
Base 1.0.4.124
Prog 1.0.4.132
Locale 1.0.4.126
Recovery 1.0.4.100

Question being, do these phones support STUN server authentication?
We have a cloud pbx service provider who is requesting us to use authentication against their stun server and seem to find no answer regarding this.

thanks in advance,


#2

short answer: YES

Long answer
admin manual page 35

NAT Traversal
This parameter configures whether the NAT traversal mechanism is activated.
Users could select the mechanism from No, STUN, Keep-Alive, UPnP, Auto or
VPN. If set to “STUN” and STUN server is configured, the phone will route
according to the STUN server. If NAT type is Full Cone, Restricted Cone or PortRestricted Cone, the phone will try to use public IP addresses and port number
in all the SIP&SDP messages. The phone will send empty SDP packet to the
SIP server periodically to keep the NAT port open if it is configured to be “KeepAlive”. Configure this to be “No” if an outbound proxy is used. “STUN” cannot be
used if the detected NAT is symmetric NAT.


#3

Hi,

Thanks a lot for such fast reply, we have set stun server just like you described above, however it does not seem to allow authentication credentials be input, am I missing something?

regards,


#4

The original post was about STUN authentication. I’ve only come across this now and again and as far as I know GS handsets don’t support it. I’m not aware of any handsets that support it anymore as its not secure


#5

I just know it has these STUN settings as shown. I have yet to have a need for them so I can’t help you with that part.


#6

I did not realize there was so much to it.


#7

Hi again,

thanks a lot for all of your support, will confirm with provider.

cheers!


#8

STUN authentication is usually used where a provider uses their own STUN server and doesn’t wish to make it publicly available. Normally a STUN server on the public internet which supports ICE would not use authentication.
There should be no requirement for a provider to specify their own STUN server so any available STUN server can be used. Having said that a providers STUN server will usually be the most effective assuming its on the same network as their SIP servers.
There are plenty of publicly available STUN servers available including from Goole.