Multiple Grandstream phones behind home router

ochocobull · 2023-02-15 21:44:55 UTC

I have 4 grandstream phones behind a UBNT AC ISP home router with the latest firmware.

Phone list is as follows:

A) 1 GXP2140 with firmware version 1.0.11.71 statically assigned IP address outside DHCP range.
B) 3 GXP2130 with firmware version 1.0.11.71 statically assigned IP address outside DHCP range.

There is an external PBX that all these devices are registering too and they all appear to register fine. Ring group rings all phones and but when answered dead air. Outgoing calls appear to work as expected and call quality is good. When calling from extension to extension calls will ring but when answered there is dead air. Tried using the changing NAT Transversal option to keep alive but with no luck. In fact that broke the ring group.

I am assuming that the firewall on the home router is breaking the connection. I don’t see how to port forward RTP ports to multiple endpoints on the router. In fact on this router it doesn’t appear to be able to do port ranges so you would have to port forward each port individually I believe.

I am not sure the best way to tackle this problem. I am assuming a STUN server or if there is some configuration on the phone that I am not aware of that I can utilize I would sure appreciate the help. Thank you for any and all suggestions.

damiano70 · 2023-02-15 22:17:26 UTC

try changing the SIP listening ports on all phones (different on each phone), and do NAT on the same ports

ochocobull · 2023-02-15 23:02:33 UTC

Thank you for the quick reply. I changed the ports on each phone by going into the Accounts>SIP Settings>Basic settings and changing the local SIP port on each phone. They should now be as follows:

Phone 1 5060
Phone 2 6060
Phone 3 7060
Phone 4 8060

I then added the following port forward rules on the router:

5060 forwards to phone 1
6060 forwards to phone 2
7060 forwards to phone 3
8060 forwards to phone 4

It appears that the hunt group is now working but I haven’t put many calls through it as of yet. Right now 4 calls have went through the hunt group and each call was able to pickup and answer and call quality seemed fine. That being said it looks like phones 2 and 3 call call extension to one another but not to phones 1 and 2. The same symptoms are still occurring, phones will ring but dead air when call is answered. I am not sure what that is regarding. Looks like there is still something occurring. Do you have any idea why that might still be happening? Thanks again for the quick response and I can’t tell you how much I appreciate all the help.

Avidcomm · 2023-02-16 00:02:09 UTC

Check for SIP ALG it should be off in the router/firewall.

ochocobull · 2023-02-16 00:58:15 UTC

Thank you for the response,

I tried looking for that option on that router but unfortunately it does not appear to be there. Only thing I could find was in an earlier version they inadvertently enabled it with no way to turn it off. They have assured me that the newer firmware does not have this problem.

damiano70 · 2023-02-16 02:30:34 UTC

the same thing you did for the SIP listening ports, try doing it with a different range of RTP ports (range for each phone).
also reduce the audio codecs to PCMU/PCMA only (example, check with whoever manages your voip server)

it’s sure a NAT problem,
the problem could be that your remote router is not properly handling the NAT mode, which must not be “!Symmetric NAT”
disable SIP ALG on router
try to create a PCAP and provide it to whoever manages the VoIP server and they should be able to figure out the problem.

lpneblett · 2023-02-16 13:05:12 UTC

In addition to what Damiano has indicated, there are a couple of other items to think about -

The phones know how to reach the UCM as you programmed the phones with its address or FQDN. How does the UCM know where to respond back to a remote phone? You need to setup STUN if your home router does not have a static public IP and if it does have a static public IP, then you can enter the public IP into the phones’ NAT IP field setting. In this manner the phones will tell the UCM what IP to use when responding back.
2, The use of a home router is certainly not ideal as they are typically more attuned to WiFi, streaming and gaming and not as focused in identifying and preventing those that may wish to do harm. It’s is simply that they lack the feature by which you can selectively put up barriers to prevent intrusions. As you have now forwarded ports, you have created holes in the firewall by which anyone can make an attempt to see what is there. Once they find out there are phones, they will try an attack same which may cause you to have phones ringing and when answered, no one is there. While I urge you to reassess your security needs, you need to enable accept messaging from SIP proxy only in each phone. This setting will cause the phones to only respond to messages as seen from the UCM.