Siproxd configuration with Grandstream HT-502



  • Hello,

    I installed siproxd, and after much futsing with the settings, I got the device to work somewhat, so I have a few questions

    Inbound Interface: LAN
    Outbound Interface: WAN
    Listening Port: 5060
    Enable RTP Proxy: Enable
    RTP Port Range (lower): 5004
    RTP Range Port (upper): 5009
    Enable Fix Bogus Via Networks Plugin: checked
    Bogus Via Networks: 192.168.1.1/24

    With just this setup, I couldn't get the ATA to ring (incoming SIP was blocked).. I assumed siproxd doesn't automatically open the ports on the firewall.

    I allowed 5060 udp incoming and 5004-5009 udp incoming to pass through the firewall

    SIP comes in now… rings the ATA, but RTP is not present (after I pick up the phone, there is no sound)

    Generally, I followed what most posts about configuring siproxd.  Except for I didn't ssee my ATA on the list of "Registered Phones".

    At this point, I thought maybe, the ATA should know about siproxd, and there is a setting in my ATA I hadn't noticed before which was blank, and I pointed that to the pfsense box:

    Outbound Proxy: 192.168.1.1

    Now, my ATA is listed as a "Registered Phone" with some other details.

    I used Google voice to call my ATA and everything seems to work normally.

    When I make an outgoing call, and I capture packets at the WAN, there is SIP invite to my provider (callwithus.com), the response is a 407 Proxy Authentication Required. 
    My system sends a new SIP INVITE with a Proxy-Authorization in the message header, and callwithus responds with SIP 100 trying
    I noticed that in the new SIP INVITE it specifies RTP port 5006... but my ATA listens on 5004.

    To see if I could force siproxd to use RTP port 5004, I changed RTP Range Port (upper): 5005.  Now the second INVITE does specify udp 5004 for rtp, but for some reason, it doesn't get to my ATA... like the proxy doesn't forward the rtp packets

    Is siprxd aware that my ATA listens only on udp port 5004?

    Is there a way of sending the initial INVITE with the correct config info(Proxy-Authorization), instead of forcing the 407 Proxy Authentication Required?

    Thanks,
    Richard



  • Your ATA connects starting on 5004 (as I found on mine).

    My Siproxd has 5004-5059 as my RTP ports and the ATA works flawlessly.

    Also- Ive never added an outbound proxy.  Though I might try sometime.  I always start everything in order ending with the ATA's if I start from scratch. Siproxd should intercept. If the ATA already has a connection when you start Siproxd, locate all the existing states to your ATA and delete them. Then reboot the ata.

    Yes- you need firewall rules.



  • UDP 6x.x8.x2.x 5060 (SIP) WAN address 5060 (SIP) * none        -my provider sip server

    UDP 174.36.46.0/25  *         WAN address 5004 - 5059 * none - where my RTP connects to.


Locked