I finally decided to give up my Apple AirPort Extreme base station. This device has performed fabulously for over ten years. However it is starting to drop from the LAN occasionally.

Over the holidays I purchased an Ubiquiti Edgerouter ER-X to take over routing duties from the Airport Extreme. However I can no longer receive VoIP calls!

I have a typical home/SMB LAN setup. NAT allows my private internal devices to communicate with the Internet, so I shouldn’t need to have any custom firewall rules or port forwarding. Turned out my problem was SIP ALG.

An ALG, or Application Layer Gateway, helps traffic move across a NAT. But most SIP traffic doesn’t need help, and ironically, SIP ALG can end up corrupting SIP traffic routing instead of helping it route properly.

My AirPort Extreme didn’t support SIP ALG, because that’s a fairly advanced NAT function for some very specific setups (like STUN with symmetric NAT).

A quick look at my Edgerouter’s configuration confirmed that SIP ALG is enabled:

Linux ubnt 4.14.54-UBNT #1 SMP Wed Oct 28 16:53:18 UTC 2020 mips
Welcome to EdgeOS
ubnt@ubnt:~$ lsmod | grep sip
nf_nat_sip              7152  0
nf_conntrack_sip       17597  1 nf_nat_sip
nf_nat                 14044  8 nf_nat_pptp,nf_nat_proto_gre,nf_nat_h323,nf_nat_sip,nf_nat_ftp,nf_nat_masquerade_ipv4,nf_nat_ipv4,nf_nat_tftp
nf_conntrack           62887  18 nf_nat_pptp,nf_conntrack_sip,nf_nat_h323,nf_conntrack_ftp,nf_nat_sip,nf_conntrack_ipv4,nf_conntrack_tftp,ipt_MASQUERADE,nf_conntrack_pptp,nf_nat_ftp,nf_conntrack_proto_gre,xt_CT,nf_nat_masquerade_ipv4,nf_conntrack_h323,xt_conntrack,nf_nat_ipv4,nf_nat_tftp,nf_nat

That’s easy enough to disable

ubnt@ubnt:~$ configure
[edit]
ubnt@ubnt# set system conntrack modules sip disable
[edit]
ubnt@ubnt# commit
[edit]
ubnt@ubnt# save
Saving configuration to '/config/config.boot'...
Done
[edit]
ubnt@ubnt# exit
exit
ubnt@ubnt:~$ lsmod | grep sip
ubnt@ubnt:~$ 

Hey!! 🙂 The phone’s ringing.

If you want some quiet-time again 😉 just re-enable:

ubnt@ubnt:~$ configure
[edit]
ubnt@ubnt# set system conntrack modules sip enable-indirect-media
[edit]
ubnt@ubnt# set system conntrack modules sip enable-indirect-signalling
[edit]
ubnt@ubnt# commit
[edit]
ubnt@ubnt# save
Saving configuration to '/config/config.boot'...
Done
[edit]
ubnt@ubnt# exit