ISP blocking port


#1

Hi all,

Really this main issues for all VoIP provider, if some ISPs are blocking the standard VoIP ports including RTP port range. And if we are going to change with another non-standard VoIP ports, they start to capturing SIP packets and blocking also the non-standard ports.

So please let us create some logics to avoid such kinds of problem.


#2

If your ISP is actively blocking known ports as well as identified SIP traffic you do have a problem. You might try a provider that uses IAX2 as maybe your ISP is not smart enough to recognize those ports/traffic. If not, then you may need to go with something like (gulp) Skype that encrypts its traffic and becomes more difficult for the ISP to block.

Not sure how to get around this with SIP if the ISP is determined.


#3

the other option is, ha ha, to call George Bush and have him export democracy to where ever you are. (Not that democracy will necessarily keep ports open, but there’s a better chance.)

of course this post is a joke and i’m not serious about exporting democracy.

but the problem you describe is a classic. upstart telecoms create new technology that incumbet carriers attempt to block whenever possible. it’s a cat and mouse game. say you switch to a non-standard port to avoid blocking. as soon as the nepalese carrier(s) figure it out, they will block that port and you’ll need to change again.


#4

Hello,

I think IAX2 is new technologies and lot of IP Phones are not supporting.

And about (gulp) Skype, i do not have any information about. Please if possible provide some usefull links, So i can get it properly.


#5

[quote=“abdulzu”]Hello,

I think IAX2 is new technologies and lot of IP Phones are not supporting.

And about (gulp) Skype, i do not have any information about. Please if possible provide some usefull links, So i can get it properly.[/quote]

skype.com

Skype is a P2P app that is closed and proprietary so I am no real fan, but for your specific case it may be best. Skype encrypts all traffic in the P2P cloud and does a great job of evading firewalls: your own, your ISP’s and your government’s. They also offer SkypeIn/SkypeOut which provide SIP interconnection to the PSTN, this is a paid service but allows you to make calls to and from the PSTN world (keep in mind once these calls hit the Skype SIP proxies they are no longer encrypted, but you are past your firewalls by that point).

You need a computer to run Skype (Windows, OSX or Linux). None of your SIP compliant hardware will work with Skype, but all you need is a headset that either plugs into your audio card or USB.

Good luck. Skype has their own forums, so if you need more I recommend visiting them at their site:

forum.skype.com


#6

the scary thing about skype is the EULA. article 4 means you give permission for your computer and bandwidth to be used to facilitate communications between skype users, i.e. your PC can be used to let others use skype.

i’ve seen this in action too !


#7

Hi,

Our ISP they blocked the domain of skype.com :angry:

It is not able to open here…


#8

[quote=“abdulzu”]Hi,

Our ISP they blocked the domain of skype.com :angry:

It is not able to open here…[/quote]

That is one way to block Skype, not allow any access to the central servers for the website or initial connections.

Your only choice really is to leave the country.


#9

A slightly less drastic solution would be to find a service provider who would allow you to set up a VPN or a tunnel to their server and do your SIP connection through that.

A simple way to do it is to use ssh and forward the relevant SIP and RTP ports over the ssh connection (trivial). This way, your link is encrypted and can be over any port you like - standard ssh is port 22, but you can use anything.

The hard part is finding a service provider that will allow you to do this (or someone else, of course).


#10

[quote=“WillKemp”]A slightly less drastic solution would be to find a service provider who would allow you to set up a VPN or a tunnel to their server and do your SIP connection through that.

A simple way to do it is to use ssh and forward the relevant SIP and RTP ports over the ssh connection (trivial). This way, your link is encrypted and can be over any port you like - standard ssh is port 22, but you can use anything.

The hard part is finding a service provider that will allow you to do this (or someone else, of course).[/quote]

That is a great idea, similar to using an anonymous proxy, but in this case allowing one to encrypt all of their traffic out of an offending ISP/country and then run whatever they like.

The issue may be, that adding the VPN service may negate the cost-benefit of using VoIP in the first place, bringing you back to square one.


#11

Maybe. But an ssh “tunnel” is free.


#12

can ssh tunnel udp? i thought it only did tcp.


#13

But someone has to “serve” the tunnel. Not a bad feature for a VoIP provider to provide a VPN for a myriad of purposes. But, this may still not solve the problem above, as they may just block domains if they catch wind, like they have with Skype.

There are ways to get UDP through an SSH/TCP tunnel:

zarb.org/~gc/html/udp-in-ssh-tunneling.html
tunnel.mrq3.com/explain/

As best I know it is not useable with RTP.


#14

Yeah, the problem with tunnelling, of course (as pointed out in the second of those articles you quoted), is that the audio stream gets sent over a TCP connection - which introduces a lot of lag. This, of course, is why UDP is used in the first place.

It’s certainly not an easy problem to find a useable solution to, is it!


#15

I was reading some information about to do with VPN connection.
My server’s Firewall is PIX 515E-R and hosted by RackSpace. I want to tell my administrator to make VPN configuration, But before starting to configuration i need some more information.

Is Asterisk need some special configuration for this VPN?

Is Client, i means IP Phones also required some Configurations to connect via VPN?

Is it possible for dynamic IP Phones which are using dialup connection?

Because VPN sending encrypted traffic so it means we have to do some configuration in IP Phones and I checked lot of dialup IP Phones like D-link, Telimax etc but they don’t have any special configuration for VPN.

I hope it will be more clear to get how to setup VPN connection.


#16

where is this PIX hosted by RackSpace? in nepal? probably not, i guess.

to summarize, you need access to a server in a country that does not block ports or domains. you set up a VPN between your network in nepal and the network outside nepal, maybe this RackSpace server. you will need Asterisk to be located outside nepal.

ip phone (in nepal) ==> router (in nepal) =(vpn)=> router (PIX outside nepal) ==> Asterisk (outside nepal) ==> VoIP Carrier

you need to configure the VPN on your router in nepal and the router outside nepal. the only “special configurations” should be necessary on the two routers that create the VPN. a VPN will make all the computers appear to be on the same private network. you should not need any special configuration on the Asterisk server.

the client IP phones do not need any special configuration. they simply point to the Asterisk’s private network address created by the VPN.

the VPN does create encrypted traffic but you do not need to worry about this on your ip phones because this encryption is only between the two VPN routers. your ip phones are not encrypting traffic between themselves and your local router.

the scenario for the dynamic dial-up phones might be more complex. i assume these dynamic phones are soft phones on laptops. you may need to have a VPN client on the laptops. so, the laptop user dials into the internet. then the laptop user opens the VPN client and logs into the router outside nepal, thereby placing the laptop on the same private network as the Asterisk server. or the VPN client could log into your router in nepal. then you configure the soft phone to point to Asterisk.

all of this will probably add some lag to your conversations since traffic must be routed out of the country before it can actually start a call. and using a dial-up connection for VoIP is never really the best solution, broadband offers much better voice quality.

btw, what is the purpose of this set-up? just looking for cheaper long distance rates?


#17

hi gtcleaves,

I am appriciated for your use full information, really i got what i have to do for VPN connection.

But the hard logic is for dialup IP Phones, where they have the modem and connected to ISP without and PC. and most of our customers are using dialup IP Phones.


#18

There’s no way a phone can do this stuff on its own. At least, i doubt very much if such a phone exists… Yet. But i wouldn’t be surprised if someone brings one out before too long, as there would probably be a market for them among corporate users.

If they can’t connect through the net to your server with SIP, then there’s no alternative except to have some piece of equipment between the phone and the internet which takes the phone connection and routes is over a VPN or something similar.


#19

There are phones that will encrypt the audio stream, such as with Avaya, but not the entire session via a VPN, at least not that I am aware of.

You will need to route over a VPN, you may think about either a router to do this at your gateway or a Linux box at the gateway.