Difference between revisions of "Troubleshooting Remote SIP"

From IPitomy Wiki
Jump to navigation Jump to search
 
(30 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
__NOTITLE__
 
__NOTITLE__
 +
[[Category: Troubleshooting|Remote SIP]]
  
 
= Troubleshooting Remote SIP Connections =
 
= Troubleshooting Remote SIP Connections =
  
Things to check if a remote phone or SIP Provider is not working. This can no audio, one way audio, poor audio quality, dropped calls, or other intermittent behavior.
+
Things to check if a remote phone or SIP Provider is not working. This can no audio, one way audio, poor audio quality, dropped calls, or other intermittent behavior.
 +
 
 +
Good article on SIP and One Way Audio:
 +
https://www.think-like-a-computer.com/2011/03/14/one-way-audio-voip/
  
 
When an issue is reported, we advise to start by ensuring the following settings are correct:
 
When an issue is reported, we advise to start by ensuring the following settings are correct:
Line 12: Line 16:
 
#The appropriate port forwards are configured in the Main Site Router [[Port Forwarding]]
 
#The appropriate port forwards are configured in the Main Site Router [[Port Forwarding]]
  
*If you are troubleshooting a remote phone and you have a network available that you are certain works for registering remote phones to other systems, this network would be a good place to attempt to register the remote phone from. If it works, then the problem is most likely with the Remote Site Router as opposed to the router in front of the PBX. If it doesn't work then it's most likely an issue with the Main Site Router or and ACL issue.
+
*If you are troubleshooting a remote phone and you have a network available that you are certain works for registering remote phones to other systems, this network would be a good place to attempt to register the remote phone from. If it works, then the problem is most likely with the Remote Site Router as opposed to the router in front of the PBX. If it doesn't work then it's most likely an issue with the Main Site Router or and ACL issue.  Whichever router is the cause, the most likely issue is inconsistent NAT caused by an ALG that needs to be disabled.  Here is a link to a great article that goes over what the ALG is and why it doesn't work with SIP: http://www.voip-info.org/wiki/view/Routers+SIP+ALG
 +
 
 +
*If you are troubleshooting a SIP Provider, try registering a remote phone and ensure that it works. This will help to discern that everything we expect to work with regards to the Main Site Router and PBX settings are correct.
  
*If you are troubleshooting a SIP Provider, try registering a remote phone and ensure that it works. This will help to discern that everything we expect to work with regards to the Main Site Router and PBX settings are correct.
+
*The PBX has a TraceRoute feature you can use to check for packetloss between the Main Site and the remote SIP public IP address. 0-5% dropped packets can bee acceptable, 5-10% can lead to poor audio quality, and anything greater than 10% may lead to dropped calls. By using TraceRoute or [http://sourceforge.net/projects/winmtr/ WinMTR] you can demonstrate this loss to the end user and the ISP so they can work to resolve it. [Note] With sporadic issues you may need to test this multiple times, as there will be periods when it tests fine, other times it will show jitter. NOTE: You may need to run WinMTR in compatibility mode if you are using Win7 or Win 8 (http://www.sevenforums.com/tutorials/316-compatibility-mode.html)
  
*The PBX has a TraceRoute feature you can use to check for packetloss between the Main Site and the remote SIP public IP address. 0-5% dropped packets can bee acceptable, 5-10% can lead to poor audio quality, and anything greater than 10% may lead to dropped calls.  By using TraceRoute or [http://sourceforge.net/projects/winmtr/  WinMTR] you can demonstrate this loss to the end user and the ISP so they can work to resolve it.  [Note] With sporadic issues you may need to test this multiple times, as there will be periods when it tests fine, other times it will show jitter.
+
*You can also use the following links to verify the bandwidth as well as packetloss/jitter at the Main and Remote sites. We advise allotting 100-200k up and down per call, any less and you could run into issues.
  
*You can also use the following links to verify the bandwidth as well as packetloss/jitter at the Main and Remote sites. We advise allotting 100-200k up and down per call, any less and you could run into issues.
+
[http://myspeed.visualware.com http://myspeed.visualware.com]
  
http://www.myspeed.visualware.com
+
[http://myvoipspeed.visualware.com http://myvoipspeed.visualware.com]
  
http://www.myvoipspeed.visualware.com
+
[http://voipspsear.com Voipspear] is a great resource to check the stability of a sites internet connection.  We recommend setting up to monitor the public IP address of the site from an east, west, and central US server.  The site router will need to be set to reply to ICMP traffic. Its best to look at the 3hr window on voipspear as it will be the most accurate representation of their connection.
  
  
A great resource for checking the SIP compatibility of a router, as well as instructions for changes that may need to be done on the router such as disabling ALG or SPI.
+
=== Router Compatibility Guide ===
 +
<br/>A great resource for checking the SIP compatibility of a router, as well as instructions for changes that may need to be done on the router such as disabling ALG or SPI.
  
http://support.vocalocity.com/kb/router-compatibility-guide-and-recommended-equipment-list/
+
[https://support.vonagebusiness.com/app/answers/detail/a_id/21546 https://support.vonagebusiness.com/app/answers/detail/a_id/21546]
  
=== Phones Losing Registration every 2-5 minutes ===
+
=== Additional Router Information ===
Inconsistent NAT will cause a phone to lose registration at a specific interval, typically 2-5min.  When this occurs, the phone will not be able to receive calls, but it can still make calls.  If you are not able to replace the router with one that handles NAT more consistently, we have found that you can log into the phone and set UDP Keepalive Message to Yes.  If that does not work, you can also try to lower the Register Expire Time to stop the phone from losing registration.  Both fields are found under SIP Account=>Account 1, we would advise to set the timer to a value below the interval you are seeing the phone lose communication. (egIf the phone drops out every 2 minutes, set the value to 110 seconds, or tweak if that value does not fix the issue).
+
From time to time a dealer will provide us specific information they have learned about programming a router.   
  
[[Category: Troubleshooting|Remote SIP]]
+
[[Router Info]]
 +
 
 +
=== Phones Losing Registration every 2-5 minutes<br/> ===
 +
 
 +
Inconsistent NAT will cause a phone to lose registration at a specific interval, typically 2-5min. When this occurs, the phone will not be able to receive calls, but it can still make calls. If you are not able to replace the router with one that handles NAT more consistently, we have found that you can log into the phone and set UDP Keepalive Message to Yes. (If you are editing the Default Phone Template, the field will be called Keepalive, and needs to be set to 1 for enabled). If that does not work, you can also try to lower the Register Expire Time to stop the phone from losing registration. Both fields are found under SIP Account=>Account 1. We would advise to set the Register Expire Timer to a value below the interval you are seeing the phone lose communication. (eg. If the phone drops out every 2 minutes, set the value to 110 seconds, or tweak if that value does not fix the issue).
 +
 
 +
 
 +
 
 +
=== Hung Channels<br/> ===
 +
 
 +
In some circumstances, when signalling fails to terminate a call properly, you can end up with channels that appear to be connected.&nbsp; If you have a call limit on a sip provider or a remote phone these hung channels can cause the counter to be incremented and if you get enough channels like this equal to your call limit you might not be able to make calls.&nbsp; In order to prevent this from occurring you can set RTP Timeout and RTP Timeout On Hold under PBXSet->SIP->Advanced.&nbsp; Note there are a couple of nuances to using these settings.&nbsp; If you do not have music on hold and set RTP Timeout on Hold, then the call will drop after the specified number of seconds on hold due to lack of RTP traffic.&nbsp; It's a good idea to set these to something beyond a reasonable hold time.&nbsp; RTP Timeout itself could be set to something like 10-20 seconds and it generally won't effect anything, (except you will never have hung channels).&nbsp; RTP Timeout on hold is better at a setting like 300 seconds so that you don't hang up on people that you put on hold if you haven't properly set your music on hold.&nbsp; (Note setting music on hold to use silence file is okay, you just need a file).&nbsp;
 +
 
 +
=== Remote phone rings, answer, no one there, no audio at all. Caller continues to hear ringing ===
 +
 
 +
It has come to our attention that some routers use the default ports set in the phone for RTP (1000-1012). We have also seen this happen at sites with certain ISP modem/routers (Comcast & Time Warner for sure).  If you are having problems with audio, or a call ringing and not actually answering when you pick up, you can log into the phone via IP address and try the following:
 +
 
 +
#Navigate to Phone Settings
 +
#Click Basic
 +
#Click Call
 +
#Change the RTP Port from 1000-1012 to something else not used, perhaps 5000-5012.
 +
#Navigate to Phone Maintenance=>Advanced=>Autoprovision and uncheck Auto Download Config.
 +
 
 +
#If you want set this field in the global template (PBXSetup=>Phone Global) for all phones you need to modify the field <code>BeginPort="1000" EndPort="1012"</code> and change the ports to something unused that is not 1000-1012.  If you use this method, you don't have to disable Auto Download Config or do any manual settings in the phone.
 +
 
 +
NOTE: If you are in Canada and using Dell Canada or Videotron as your ISP, you may need to change the range to 7000-7012
 +
 
 +
=== After rebooting PBX Remote Phones do not recover quickly ===
 +
 
 +
Remote phones are able to be addressed by the PBX because they register with it.&nbsp; After registration, the NAT port on the remote phone's router stays open as long as the PBX is sending packets to the phone to ensure it is reachable.&nbsp; In some routers, when the PBX reboots, it stops sending packets for long enough for the NAT timer to elapse and the remote router closes the port down.&nbsp; The PBX is only able to reach the phone again at this point after it reopens the NAT port, which will be done when the phone re-registers.
 +
 
 +
For HD Phones:
 +
 
 +
If you have a particular remote phone that you have found has this issue, you can adjust the registration timer on the phone. It is located under SIP Account->Account 1 and it is called "Register Expire Time" the value is in seconds. As you will see the default is set to 60 minutes. This could be a long time if the router has a short NAT timer. So you could set it to 60 seconds or 120 seconds and that should recover from a PBX reboot much more quickly.
 +
 
 +
You could also change this in the global template if you using the PBX to configure remote phones. &nbsp;[[File:Phone global template edit register expire.png|File:Phone global template edit register expire.png]]
 +
 
 +
=== Phantom Calls ===
 +
 
 +
The symptoms here are a remote phone that receives calls and when answered no one is there, no audio. Many times, the CID displayed won't match up to any extensions on the PBX (we've seen calls from 100 often). What's most likely happening is that someone malicious is sending packets to 5060, and they are getting to the phone and making it ring. Here are a few things you can try to alleviate this.
 +
 
 +
*Ensure that Guest Calls is disabled in the PBX. (Found under PBX Setup=>SIP=>Advanced)
 +
*Ensure that 5060 is not forwarded in the router at the remote site
 +
*Log into the phone and under Phone Settings=>Basic=>Call there is a field Local SIP Port. Change this to something like 5092 (an unused port not typically associated with SIP) If you do this, you'll have to set AutoDL Config to No if the phone can download programming from the PBX, otherwise the field will get overwritten.​​
 +
*If you have a lot of remote phones and do not want to disable automatic configuration of the remote phones in question then you could try two additional solutions
 +
**1) Another solution could be to force the router to use 5060 for a nonexistent address. So forward 5060 on the router to an address that is not in use outside the dhcp pool, then the router will have to pick a different port to NAT.
 +
**2) You can change the local port in the global configuration. It will change all phones but it shouldn't matter.<br/><br/>Under PBXSetup->Phone Global<br/>Edit the global phone configuration template:<br/><br/>Enter 5092 where you see the highlighted text:<br/>[[File:Localport sip hd phone template.png|File:Localport sip hd phone template.png]]
 +
 
 +
Once all of this is done, the user won't get any more calls from malicious individuals sending packets to 5060.
 +
 
 +
Please note that if this issue is occurring it's a good idea to replace your router as it has a pretty big security flaw.&nbsp; This should be pretty rare. NAT should not open a port to ANY IP, only the IP that was initially contacted should be able to respond. This is the case with most routers.

Latest revision as of 16:55, 13 May 2016


Troubleshooting Remote SIP Connections

Things to check if a remote phone or SIP Provider is not working. This can no audio, one way audio, poor audio quality, dropped calls, or other intermittent behavior.

Good article on SIP and One Way Audio: https://www.think-like-a-computer.com/2011/03/14/one-way-audio-voip/

When an issue is reported, we advise to start by ensuring the following settings are correct:

  1. External IP or External Host are properly set in PBXSetup=>SIP
  2. Extension is configured as a WAN phone (Under advanced in Edit Extension page).
  3. ACL under Networking->Access Control->Access Control List make sure that the Remote IP address isn't being blocked.
  4. The appropriate port forwards are configured in the Main Site Router Port Forwarding
  • If you are troubleshooting a remote phone and you have a network available that you are certain works for registering remote phones to other systems, this network would be a good place to attempt to register the remote phone from. If it works, then the problem is most likely with the Remote Site Router as opposed to the router in front of the PBX. If it doesn't work then it's most likely an issue with the Main Site Router or and ACL issue. Whichever router is the cause, the most likely issue is inconsistent NAT caused by an ALG that needs to be disabled. Here is a link to a great article that goes over what the ALG is and why it doesn't work with SIP: http://www.voip-info.org/wiki/view/Routers+SIP+ALG
  • If you are troubleshooting a SIP Provider, try registering a remote phone and ensure that it works. This will help to discern that everything we expect to work with regards to the Main Site Router and PBX settings are correct.
  • The PBX has a TraceRoute feature you can use to check for packetloss between the Main Site and the remote SIP public IP address. 0-5% dropped packets can bee acceptable, 5-10% can lead to poor audio quality, and anything greater than 10% may lead to dropped calls. By using TraceRoute or WinMTR you can demonstrate this loss to the end user and the ISP so they can work to resolve it. [Note] With sporadic issues you may need to test this multiple times, as there will be periods when it tests fine, other times it will show jitter. NOTE: You may need to run WinMTR in compatibility mode if you are using Win7 or Win 8 (http://www.sevenforums.com/tutorials/316-compatibility-mode.html)
  • You can also use the following links to verify the bandwidth as well as packetloss/jitter at the Main and Remote sites. We advise allotting 100-200k up and down per call, any less and you could run into issues.

http://myspeed.visualware.com

http://myvoipspeed.visualware.com

Voipspear is a great resource to check the stability of a sites internet connection. We recommend setting up to monitor the public IP address of the site from an east, west, and central US server. The site router will need to be set to reply to ICMP traffic. Its best to look at the 3hr window on voipspear as it will be the most accurate representation of their connection.


Router Compatibility Guide


A great resource for checking the SIP compatibility of a router, as well as instructions for changes that may need to be done on the router such as disabling ALG or SPI.

https://support.vonagebusiness.com/app/answers/detail/a_id/21546

Additional Router Information

From time to time a dealer will provide us specific information they have learned about programming a router.

Router Info

Phones Losing Registration every 2-5 minutes

Inconsistent NAT will cause a phone to lose registration at a specific interval, typically 2-5min. When this occurs, the phone will not be able to receive calls, but it can still make calls. If you are not able to replace the router with one that handles NAT more consistently, we have found that you can log into the phone and set UDP Keepalive Message to Yes. (If you are editing the Default Phone Template, the field will be called Keepalive, and needs to be set to 1 for enabled). If that does not work, you can also try to lower the Register Expire Time to stop the phone from losing registration. Both fields are found under SIP Account=>Account 1. We would advise to set the Register Expire Timer to a value below the interval you are seeing the phone lose communication. (eg. If the phone drops out every 2 minutes, set the value to 110 seconds, or tweak if that value does not fix the issue).


Hung Channels

In some circumstances, when signalling fails to terminate a call properly, you can end up with channels that appear to be connected.  If you have a call limit on a sip provider or a remote phone these hung channels can cause the counter to be incremented and if you get enough channels like this equal to your call limit you might not be able to make calls.  In order to prevent this from occurring you can set RTP Timeout and RTP Timeout On Hold under PBXSet->SIP->Advanced.  Note there are a couple of nuances to using these settings.  If you do not have music on hold and set RTP Timeout on Hold, then the call will drop after the specified number of seconds on hold due to lack of RTP traffic.  It's a good idea to set these to something beyond a reasonable hold time.  RTP Timeout itself could be set to something like 10-20 seconds and it generally won't effect anything, (except you will never have hung channels).  RTP Timeout on hold is better at a setting like 300 seconds so that you don't hang up on people that you put on hold if you haven't properly set your music on hold.  (Note setting music on hold to use silence file is okay, you just need a file). 

Remote phone rings, answer, no one there, no audio at all. Caller continues to hear ringing

It has come to our attention that some routers use the default ports set in the phone for RTP (1000-1012). We have also seen this happen at sites with certain ISP modem/routers (Comcast & Time Warner for sure). If you are having problems with audio, or a call ringing and not actually answering when you pick up, you can log into the phone via IP address and try the following:

  1. Navigate to Phone Settings
  2. Click Basic
  3. Click Call
  4. Change the RTP Port from 1000-1012 to something else not used, perhaps 5000-5012.
  5. Navigate to Phone Maintenance=>Advanced=>Autoprovision and uncheck Auto Download Config.
  1. If you want set this field in the global template (PBXSetup=>Phone Global) for all phones you need to modify the field BeginPort="1000" EndPort="1012" and change the ports to something unused that is not 1000-1012. If you use this method, you don't have to disable Auto Download Config or do any manual settings in the phone.

NOTE: If you are in Canada and using Dell Canada or Videotron as your ISP, you may need to change the range to 7000-7012

After rebooting PBX Remote Phones do not recover quickly

Remote phones are able to be addressed by the PBX because they register with it.  After registration, the NAT port on the remote phone's router stays open as long as the PBX is sending packets to the phone to ensure it is reachable.  In some routers, when the PBX reboots, it stops sending packets for long enough for the NAT timer to elapse and the remote router closes the port down.  The PBX is only able to reach the phone again at this point after it reopens the NAT port, which will be done when the phone re-registers.

For HD Phones:

If you have a particular remote phone that you have found has this issue, you can adjust the registration timer on the phone. It is located under SIP Account->Account 1 and it is called "Register Expire Time" the value is in seconds. As you will see the default is set to 60 minutes. This could be a long time if the router has a short NAT timer. So you could set it to 60 seconds or 120 seconds and that should recover from a PBX reboot much more quickly.

You could also change this in the global template if you using the PBX to configure remote phones.  File:Phone global template edit register expire.png

Phantom Calls

The symptoms here are a remote phone that receives calls and when answered no one is there, no audio. Many times, the CID displayed won't match up to any extensions on the PBX (we've seen calls from 100 often). What's most likely happening is that someone malicious is sending packets to 5060, and they are getting to the phone and making it ring. Here are a few things you can try to alleviate this.

  • Ensure that Guest Calls is disabled in the PBX. (Found under PBX Setup=>SIP=>Advanced)
  • Ensure that 5060 is not forwarded in the router at the remote site
  • Log into the phone and under Phone Settings=>Basic=>Call there is a field Local SIP Port. Change this to something like 5092 (an unused port not typically associated with SIP) If you do this, you'll have to set AutoDL Config to No if the phone can download programming from the PBX, otherwise the field will get overwritten.​​
  • If you have a lot of remote phones and do not want to disable automatic configuration of the remote phones in question then you could try two additional solutions
    • 1) Another solution could be to force the router to use 5060 for a nonexistent address. So forward 5060 on the router to an address that is not in use outside the dhcp pool, then the router will have to pick a different port to NAT.
    • 2) You can change the local port in the global configuration. It will change all phones but it shouldn't matter.

      Under PBXSetup->Phone Global
      Edit the global phone configuration template:

      Enter 5092 where you see the highlighted text:
      File:Localport sip hd phone template.png

Once all of this is done, the user won't get any more calls from malicious individuals sending packets to 5060.

Please note that if this issue is occurring it's a good idea to replace your router as it has a pretty big security flaw.  This should be pretty rare. NAT should not open a port to ANY IP, only the IP that was initially contacted should be able to respond. This is the case with most routers.