I finally decided to give up my Apple AirPort Extreme base station. This device has performed fabulously for over ten years. However it is starting to drop from the LAN occasionally.
Over the holidays I purchased an Ubiquiti Edgerouter ER-X to take over routing duties from the Airport Extreme. However I can no longer receive VoIP calls!
I have a typical home/SMB LAN setup. NAT allows my private internal devices to communicate with the Internet, so I shouldn’t need to have any custom firewall rules or port forwarding. Turned out my problem was SIP ALG.
An ALG, or Application Layer Gateway, helps traffic move across a NAT. But most SIP traffic doesn’t need help, and ironically, SIP ALG can end up corrupting SIP traffic routing instead of helping it route properly.
My AirPort Extreme didn’t support SIP ALG, because that’s a fairly advanced NAT function for some very specific setups (like STUN with symmetric NAT).
A quick look at my Edgerouter’s configuration confirmed that SIP ALG is enabled:
Linux ubnt 4.14.54-UBNT #1 SMP Wed Oct 28 16:53:18 UTC 2020 mips Welcome to EdgeOS ubnt@ubnt:~$ lsmod | grep sip nf_nat_sip 7152 0 nf_conntrack_sip 17597 1 nf_nat_sip nf_nat 14044 8 nf_nat_pptp,nf_nat_proto_gre,nf_nat_h323,nf_nat_sip,nf_nat_ftp,nf_nat_masquerade_ipv4,nf_nat_ipv4,nf_nat_tftp nf_conntrack 62887 18 nf_nat_pptp,nf_conntrack_sip,nf_nat_h323,nf_conntrack_ftp,nf_nat_sip,nf_conntrack_ipv4,nf_conntrack_tftp,ipt_MASQUERADE,nf_conntrack_pptp,nf_nat_ftp,nf_conntrack_proto_gre,xt_CT,nf_nat_masquerade_ipv4,nf_conntrack_h323,xt_conntrack,nf_nat_ipv4,nf_nat_tftp,nf_nat
That’s easy enough to disable
ubnt@ubnt:~$ configure  ubnt@ubnt# set system conntrack modules sip disable  ubnt@ubnt# commit  ubnt@ubnt# save Saving configuration to '/config/config.boot'... Done  ubnt@ubnt# exit exit ubnt@ubnt:~$ lsmod | grep sip ubnt@ubnt:~$
Hey!! 🙂 The phone’s ringing.
If you want some quiet-time again 😉 just re-enable:
ubnt@ubnt:~$ configure  ubnt@ubnt# set system conntrack modules sip enable-indirect-media  ubnt@ubnt# set system conntrack modules sip enable-indirect-signalling  ubnt@ubnt# commit  ubnt@ubnt# save Saving configuration to '/config/config.boot'... Done  ubnt@ubnt# exit