Add TCP SIP ALG beside already existing UDP SIP ALG


#1

The Peplink Balance 300 (BA300) running latest firmware (v4.8.1 build 1259) only supports UDP SIP ALG and not SIP ALG over TCP connection.

Feature requests:

  1. improve documentation regarding VoIP and SIP ALG, to specify for which transport protocols (udp,tcp,tls) SIP ALG is supported on which Balance model.
  2. please add TCP SIP ALG for Balance 300 devices
  3. documentation that explains how to “fix” BA300 for VoIP providers that error out with “SIP/2.0 479 Please don’t use private IP addresses”; the solution is to create an outbound firewall rule that blocks TCP traffic to the SIP port (default: 5060) of the VoIP provider.

Evidence that Peplink Balance 300 (BA300) only supports UDP SIP ALG and not SIP ALG over TCP connections gathered using sip-alg-detector:

Test Results:
- SIP UDP ALG: TRUE
- SIP TCP ALG: FALSE

INFO: There are differences between sent request and received mirrored request:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
--2c2--
Sent from this host :  Via: SIP/2.0/UDP 192.168.254.11:5065;rport;branch=z9hG4bKxuxt8fr8
Received by server  :  Via: SIP/2.0/UDP 8.1.2.1:5065;rport;branch=z9hG4bKxuxt8fr8
--8c8--
Sent from this host :  Contact: <sip:0123@192.168.254.11:5065;transport=udp>
Received by server  :  Contact: <sip:0123@8.1.2.1:5065;transport=udp>
--16c16--
Sent from this host :  c=IN IP4 192.168.254.11
Received by server  :  c=IN IP4 8.1.2.1
----------------------------------------------------------

$ ruby sip-alg-detector.rb -n -si 9.1.1.5 -lp 5065                       (23-11-11 00:04)


Settings:
- Test UDP: true
- Test TCP: true
- Server IP: 9.1.1.5
- Server port: 5060
- Local port: 5065

INFO: Starting the SIP UDP ALG test...

DEBUG: Connecting to the server (UDP:9.1.1.5:5060) ...

DEBUG: Sending the SIP request to the server ...

DEBUG: Sent from 192.168.254.11:5065 to 9.1.1.5:5060:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
INVITE sip:sip-alg-detector-daemon@9.1.1.5:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.254.11:5065;rport;branch=z9hG4bKxuxt8fr8
Max-Forwards: 5
To: <sip:sip-alg-detector-daemon@9.1.1.5:5060>
From: "SIP ALG Detector" <sip:sip-alg-detector@killing-alg-routers.war>;tag=npvdd1qe
Call-ID: jc3r1z3vec@192.168.254.11
CSeq: 76 INVITE
Contact: <sip:0123@192.168.254.11:5065;transport=udp>
Allow: INVITE
Content-Type: application/sdp
Content-Length: 254

v=1
o=dykh4e87 26185007 8583724 IN IP4 192.168.254.11
s=-
c=IN IP4 192.168.254.11
t=0 0
m=audio 2656 RTP/AVP 8 0 3 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
----------------------------------------------------------

DEBUG: Waiting for the responses from the server ...

DEBUG: 1/2 responses received

DEBUG: 2/2 responses received

DEBUG: Mirrored request sent in the response from the server:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
INVITE sip:sip-alg-detector-daemon@9.1.1.5:5060 SIP/2.0
Via: SIP/2.0/UDP 8.1.2.1:5065;rport;branch=z9hG4bKxuxt8fr8
Max-Forwards: 5
To: <sip:sip-alg-detector-daemon@9.1.1.5:5060>
From: "SIP ALG Detector" <sip:sip-alg-detector@killing-alg-routers.war>;tag=npvdd1qe
Call-ID: jc3r1z3vec@192.168.254.11
CSeq: 76 INVITE
Contact: <sip:0123@8.1.2.1:5065;transport=udp>
Allow: INVITE
Content-Type: application/sdp
Content-Length: 254

v=1
o=dykh4e87 26185007 8583724 IN IP4 192.168.254.11
s=-
c=IN IP4 8.1.2.1
t=0 0
m=audio 2656 RTP/AVP 8 0 3 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
----------------------------------------------------------

INFO: There are differences between sent request and received mirrored request:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
--2c2--
Sent from this host :  Via: SIP/2.0/UDP 192.168.254.11:5065;rport;branch=z9hG4bKxuxt8fr8
Received by server  :  Via: SIP/2.0/UDP 8.1.2.1:5065;rport;branch=z9hG4bKxuxt8fr8
--8c8--
Sent from this host :  Contact: <sip:0123@192.168.254.11:5065;transport=udp>
Received by server  :  Contact: <sip:0123@8.1.2.1:5065;transport=udp>
--16c16--
Sent from this host :  c=IN IP4 192.168.254.11
Received by server  :  c=IN IP4 8.1.2.1
----------------------------------------------------------

__________________________________________________________________
INFO: SIP UDP ALG test result: TRUE
INFO: It seems that your router is performing ALG for SIP UDP
__________________________________________________________________

INFO: Starting the SIP TCP ALG test...

DEBUG: Connecting to the server (TCP:9.1.1.5:5060) ...

DEBUG: Sending the SIP request to the server ...

DEBUG: Sent from 192.168.254.11:56624 to 9.1.1.5:5060:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
INVITE sip:sip-alg-detector-daemon@9.1.1.5:5060 SIP/2.0
Via: SIP/2.0/TCP 192.168.254.11:5065;rport;branch=z9hG4bKrhmmc7hh
Max-Forwards: 5
To: <sip:sip-alg-detector-daemon@9.1.1.5:5060>
From: "SIP ALG Detector" <sip:sip-alg-detector@killing-alg-routers.war>;tag=ycghjnag
Call-ID: xt733uq3vv@192.168.254.11
CSeq: 424 INVITE
Contact: <sip:0123@192.168.254.11:5065;transport=tcp>
Allow: INVITE
Content-Type: application/sdp
Content-Length: 254

v=0
o=yydggxnx 33525472 3332642 IN IP4 192.168.254.11
s=-
c=IN IP4 192.168.254.11
t=0 0
m=audio 3356 RTP/AVP 8 0 3 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
----------------------------------------------------------

DEBUG: Waiting for the responses from the server ...

DEBUG: 1/2 responses received

DEBUG: 2/2 responses received

DEBUG: Mirrored request sent in the response from the server:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
INVITE sip:sip-alg-detector-daemon@9.1.1.5:5060 SIP/2.0
Via: SIP/2.0/TCP 192.168.254.11:5065;rport;branch=z9hG4bKrhmmc7hh
Max-Forwards: 5
To: <sip:sip-alg-detector-daemon@9.1.1.5:5060>
From: "SIP ALG Detector" <sip:sip-alg-detector@killing-alg-routers.war>;tag=ycghjnag
Call-ID: xt733uq3vv@192.168.254.11
CSeq: 424 INVITE
Contact: <sip:0123@192.168.254.11:5065;transport=tcp>
Allow: INVITE
Content-Type: application/sdp
Content-Length: 254

v=0
o=yydggxnx 33525472 3332642 IN IP4 192.168.254.11
s=-
c=IN IP4 192.168.254.11
t=0 0
m=audio 3356 RTP/AVP 8 0 3 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
----------------------------------------------------------

INFO: No differences between sent request and received mirrored request

__________________________________________________________________
INFO: SIP TCP ALG test result: FALSE
INFO: It seems that your router is not performing ALG for SIP TCP
__________________________________________________________________


##################################################################
#     Test Results:
##    - SIP UDP ALG: TRUE
###   - SIP TCP ALG: FALSE
##################################################################


Return code: 21


#2

Thank you for the features requests. We will look into supporting TCP SIP ALG on our current models.

In fact I think you will be amazed by the new features available our firmware 5 - firmware 5 is not available on your Balance 300 but we could definitely work out a favourable trade-up option for you as our loyal customer and supporter. Feel free to initiate a dialogue if you are interested.


#3

The trade-up offer was acceptable, but later on adding € 50 for Fedex shipping costs per device are communication skills that might need some improvement too.