DD-WRT:Siproxd

This article describes different approaches for making sip devices work behind a DD-WRT enabled router.

=Issues= VOIP has become quite popular for private and company use. So has the use of private class ip addresses (e.g. 192.168., 10.0.,...) for networks shielded from the internet by routers doing network address translation of different sorts.

Using a sip device behind a home Router usually causes quit a lot of trouble. This trouble can be related to

- no firewall support (STUN etc.) in SIP Device - no Outbound Proxy Support available in SIP Device - using multiple SIP Devices behind one Router

The usual approach is to to configure the SIP Device to use STUN to discover the external address the router is using and then sending it with it's sip messages. This approach works quite often, but quite often also ends up with no registration with sip provider oder no audio in on or both ways during a conversation. Especially dd-wrt's nat/firewall implementation doesn't seem to be super sip friendly (non technically speaking :-). Using two devices, or eg. ata adapters with two analog ports behind one router using STUN or direct port forwards almost never works as to my experience.

=Solutions= a) dd-wrt v23sp1voip - upgrade your dd-wrt compatible router to dd-wrt v23sp1 (didn't test sp2 yet) VOIP version

START the Milkfish SIP Router first.

This software release includes a special version of the ser (sip express router) software, which is able to act as an outbound proxy for sip devices (almost like an http proxy does for webbrowsers). ser and the second component rtpproxy takes care of registering clients on the private network and forwards all traffic between the sip service provider and the internal client (sip messages and rtp media streams).

This solution works fine for any device that has "outbound proxy" support as many ata (e.g. linksys-sipura spa 2001, grandstream budgetone etc.) do.

Just enter the ip adress and sip port (see dd-wrt administration interface for ip/port) of your dd-wrt router as outbound proxy in your phone's configuration screen. Restart the phone, and voila, you can talk. This works for an unlimited number of phones, as long as each phone uses a different sip username. Using the same sip username e.g. on a two analog port sipura ata for both analog ports causes the second port to get registered to not work for incoming calls (not 100 % verified - please let me know if you tested it).

b) transparent proxy

Me myself having trouble using sip devices without "outbound proxy" support behind my dd-wrt routers, I was searching for a more simple solution. My motivation was to have booth my asterisk box behind the router as well as my nokia e61 sip smartphone being able to register to out companies public sip server. This was not possible as both asterisk as well as the current nokia sip client don't support outbound proxy nor stun.

Having used transparent proxies for hhtp for a while, the question was, why not do the same for sip messages and the rtp media streams? Well, it's possible. I didn't actually figure it out using dd-wrt voip's built in ser/rtpproxy package (maybe it's possible too with them), but relied on the instructions i found for the software "sipproxd" which is luckily available for the mips based broadcom plattform (openwrt package).

What you basically need is:

- dd-wrt/openwrt (non voip firmeware version - tested with v23sp1) with jffs enabled (and enough spare memory - this solution does not work for 8mb and maybe also not for 16 MB broadcom based router models). I myself us a 32mb Linksys WRT54GS v1.1. You need JFFS as a filesystem to download, install and configure additional software packages useing ipkg. - ssh/telnet access to your router - the information available on http://siproxd.sourceforge.net/siproxd_guide/siproxd_guide_c6s4.html

First enable jffs and initialize ipkg (see other dd-wrt/openwrt faqs/howtos on how to do this in detail). Once you've done this log onto your router using telnet or better ssh (root/ ).

Then download the siproxd package using the command "ipkg install siproxd". Then follow the instructions on this manual page http://siproxd.sourceforge.net/siproxd_guide/siproxd_guide_c6s4.html

You've to create the config file using the editor "vi" on while being looged onto your router. Copying the Text from the webrowser to the console vi using putty can be quite a hassle as for some reason characters seem to move to other places whil in reality they are still on their old place in the textfile. To be sure, save the file often, then open it again to get a clean view and then copy the next part of the file.

Then start siproxd by calling it from the command line cd ... then ./siproxd -c .

Finally copy the iptables commands one after each other to the console. Then fire up your sip client with it being configures as if it had a public ip address (e.g. xxxxxx@sipgate.at etc.) and voila you can talk and you be reachable if someone is calling you.

Currently the solution is not 100 % stable, as my nokia e61 is registering with my public asterisk server sucessfully the first time, but not the second time once I lost wlan connectivity. I did not determine yet if it is a problem on the router/siproxd or if it was the due to nokia e61 software problems (I then had the www.one.at branded april/2006 software version in the phone. I have not tried it with the generic nokia 07/2006 version yet as I found an even better solution for my nokia which I'll describe below.

Mobile IPv4/Birdstep SmartRoaming

The sipproxd solution works fine for clients within a fixed wlan/lan network. But what about poor me using my nokia outside my home/office network. It's nearly impossible to have all routers's equipped with siproxd transparent proxy solution.

After searching for a long time and having spent hours with Nokias incomplete SIP/Network Group Roaming implementation, I found a software supporting the Mobile IPv4 RFC on symbian operating systems. Great, what it basically does is having a client installed on your mobile phone, which makes a new connection available to all applications. It works like a vpn/tunnel. Thus once any network connection is available, the software signs up and creates a tunnel to Birdstel/Smartroaming and your phone gets a public IP from them.

Now it also takes care of you allways using the best connection, thus it's scanning for the wlan networks you've defined, and once you enter the office, it automatically sends all traffic via the wlan, or grps/umts vice versa when you leave the office. The applications are ALLWAYS ONLLINE and don't notice the connection change which is taking place in the background.

The best thing, there's no NAT, all applications are using the phones public ip via the tunnel. Thus your SIP client works flawlessly being able to register with my asterisk, sipgate and probably many other sip providers without any problem. Works like a charm.

The only drawback: after 1 month free trial, you've to pay a yearly fee of ~30 eur if you're using their Mobile IPv4 service. The say you can use the software (once you buy a licence) with other providers too. Too bad all open source software in regard to Mobile IPv4 is completely outdated and so to my knowledge no alternative option of being your own Mobile IPv4 Provider exists (apart from commercial software from hp/cisco etc.).

Please add your experiences, this is a first draft of the howto I was planning to write and I'm glad to share the knowledge with the dd-wrt community - as I see so many people searching for a solution to this problem!