I recently switched ISP from Rogers to Carrytel.   Carrytel provided a CGN3 modem which does not allow the cusadmin account to see the ALG SIP setting to disable it.   I have contacted Carrytel who are saying they do not have remote access to the modem and cannot disable.
Has anyone had this issue with Carrytel or any other provider ?   Is there another way to disable SIP ALG on a CGN3 modem ?
thanks.
			
			
									
						
										
						Carrytel CGN3 SIP ALG
- 
				linsteadslacker
- Just Passing Thru
- Posts: 3
- Joined: 12/18/2018
- SIP Device Name: Grandstream701
- ISP Name: Carrytel
- Computer OS: Windows 10
- Router: CGN3
- 
				bridonca  
- Technical Support
- Posts: 1225
- Joined: 11/16/2009
- SIP Device Name: Netgear WGR615V
- Firmware Version: latest
- ISP Name: Eastlink
- Computer OS: XP
Re: Carrytel CGN3 SIP ALG
Probably not.  Freephoneline has a fix specific to this modem though,  Take a look.  https://support.freephoneline.ca/hc/en- ... redentials
			
			
									
						
										
						- 
				Liptonbrisk  
- Technical Support
- Posts: 3513
- Joined: 04/26/2010
- SIP Device Name: Obihai 202/2182, Groundwire
- Firmware Version: various
- ISP Name: FTTH
- Computer OS: Windows 11 Pro (25H2)
- Router: Asuswrt-Merlin & others
Re: Carrytel CGN3 SIP ALG
You don't need to worry about disabling SIP ALG unless you're experiencing problems with dropped calls after 32 seconds, 1-way audio (incoming calls don't ring; audio only works in one direction), etc. That is, if you're not experiencing problems, don't worry about it.
I'm not sure if you're using Fongo Home Phone or Freephoneline. I suspect you're using Fongo Home Phone given that you have a Grandstream ATA and have posted in the Fongo Home Phone forum. Freephoneline users that can't disable a buggy SIP ALG feature in their routers should be using voip4.freephoneline.ca:6060 for the proxy server. The purpose of voip4.freephoneline.ca:6060 is to circumvent SIP ALG features that typically listen to traffic passing through UDP ports 5060 and 5061 and, in turn, mangle SIP headers, which causes all sorts of problems. SIP ALGs don't monitor traffic on UDP port 6060. Another alternative is to stick your ISP's modem/router combo or gateway (CGN3 isn't just a modem; it's the router features in that device that are of concern) into bridge mode and use your own router. Refer below.
I'm not a Fongo Home Phone user, but I'd be very much surprised if Fongo Home Phone doesn't offer an alternate server for Fongo Home Phone users to use (similar to voip4.freephoneline.ca:6060) who are experiencing SIP ALG issues. I strongly suspect that they do since Fongo Mobile users have access to an "Alternate Fongo Connection" setting in the smartphone app, which does the same thing. It wouldn't make any sense to offer alternate servers to FPL and Fongo Mobile users but not to Fongo Home Phone customers. If you are having SIP ALG related problems, open a ticket: https://support.fongo.com/hc/en-us/requests/new. Ask if they can put you onto an alternate proxy server for customers with SIP ALG problems.
(Generic info)
Typically, for VoIP SIP services, especially for freephoneline, you want
1) a router that does not have a full cone NAT,
Visit https://www.think-like-a-computer.com/2 ... es-of-nat/.
Mango from the Obitalk.com forums writes,
“Use a restricted cone NAT router, and do not use port forwarding or DMZ. Restricted cone NAT will only permit
inbound traffic from the service provider you're registered to. If you have a full cone NAT router, it will allow traffic
from any source. This is probably not what you intend.
If you have a Windows computer, you can test your router using the utility here:
http://www.dslreports.com/forum/remark,22292023. To run it, use stun stun.ekiga.net from a command prompt.”
Essentially, you download the stun-test.zip file; extract the stun.exe file from within the zip file to an easily
accessible location; use an elevated command prompt (visit
http://www.thewindowsclub.com/how-to-ru ... inistrator); change directory (cd) to the
directory or location where you extracted stun.exe (visit
http://www.digitalcitizen.life/command- ... c-commands); and type “stun stun.ekiga.net” without
the quotation marks followed by the enter/return button on your keyboard.
Asus routers, at the time of this writing, produce port restricted cone NAT routers, for example and are fine,
provided you’re using one with Asuswrt-Merlin, third party firmware installed.
2) a router that lets you disable SIP ALG if it's buggy,
To understand why SIP ALG often causes horrible problems, please visit
http://www.voip-info.org/wiki/view/Routers+SIP+ALG (scroll down to the section on SIP ALG problems).
If you're dealing with a modem/router combo issued by an ISP or a router with SIP ALG forced on, you may have
to use voip4.freephoneline.ca:6060 for the Proxy Server. The purpose of voip4.freephoneline.ca:6060 is to circumvent
faulty SIP ALG features in routers.
3) a router that allows you to set QoS or assign highest priority to your ATA or IP Phone over all other devices on your LAN (local area network),
For a very general description of what QoS can do for you, visit https://www.voipmechanic.com/qos-for-voip.htm.
The basic idea is if you're torrenting or have a bunch of other computers, smartphones, tablets, etc. downloading and uploading (hogging all your available bandwidth), you don't want
your ATA not to have access to enough bandwidth to make or receive calls properly. So QoS or a Bandwidth Monitor feature (which is just another form of QoS) is a really good idea for VoIP users.
I often get an occasional relative complaining to me, "Hey my calls sound choppy." And then when I go visit, some kids are playing MMOs on a computer, while another person is downloading a huge file,
and another person is backing up files to a cloud service all at the same time someone else is trying to talk on the phone. All those devices, without QoS enabled, are fighting over available bandwidth along with the ATA.
and 4) A router that lets you adjust both Unreplied and Assured UDP timeouts.
Thanks to Mango, many of us now understand that in order for ATAs to remain registered and working properly with a VoIP SIP provider like Freephoneline, in particular after power failures, the following conditions must be met:
UDP Unreplied Timeout (in your router) < NAT Keep-alive Interval (in your ATA; for Obihai ATAs this is X_KeepAliveExpires) < UDP Assured Timeout (in your router) < SIP Registration Failure Retry Wait Time (or RegisterRetryInterval in Obihai ATAs)
“<“ means less than.
When a modem leases a new IP address, a problem can arise where prior associations using the old IP address are maintained in the router. When the ATA attempts to communicate using the old IP address, the response is unreplied, and then if the UDP Unreplied timeout is greater than the Keep Alive Interval (and UDP Unreplied timeout is often set to 30 by default in consumer routers) a problem arises where the corrupted connection persists. If UDP Unreplied timeout is, for example, 10, and the NAT Keep Alive Interval is 20, then the corrupted connection will timeout or close. A new connection will be created, and everything will work fine.
Another problem can occur when the Keep-Alive interval is greater than UDP Assured Timeout (often 180 by default in consumer routers): the NAT hole will close due to the ATA not communicating frequently enough with the SIP server. In turn, incoming calls may, intermittently, not reach the ATA. Again, X_KeepaliveExpires (NAT Keep Alive interval) is supposed to be 20 with FPL.
(the above settings are making reference to those in Obihai ATAs, but they can be applied generally to all ATAs with FPL)
Getting access to both UDP Unreplied Timeout and UDP Assured Timeout settings in consumer routers may be difficult, if not impossible. Asuswrt-Merlin (I would avoid any model below/less powerful than an RT-AC68U), third party firmware for Asus routers, does offer easy access to these two settings, which are found under General–>Tools-->Other settings. My understanding is that third party Tomato firmware has these two settings as well. So if your router supports Tomato firmware, that may be another option. Note that I will not be held accountable any damage resulting from failed firmware updates. Apparently, Mikrotik routers also allow users to change both Assured and Unreplied UDP timeout settings as well.
The keep alive interval for FPL is 20. The SIP Registration Failure Retry Wait Time is 120. I use 10 for UDP Unreplied Timeout and 117 for UDP Assured Timeout.
ISPs do not issue customers routers that can do all four things I just listed. Typically it's far better to have your own router with strong QoS functions and a restricted cone NAT firewall,
disable whatever SIP ALG feature is enabled in the router, and stick whatever modem/router combo your ISP gives you into bridge mode. For Bell Hubs, visit http://forums.redflagdeals.com/please-s ... r-1993629/. For Rogers, visit https://www.rogers.com/customer/support ... ridgemodem.
			
			
									
						
							I'm not sure if you're using Fongo Home Phone or Freephoneline. I suspect you're using Fongo Home Phone given that you have a Grandstream ATA and have posted in the Fongo Home Phone forum. Freephoneline users that can't disable a buggy SIP ALG feature in their routers should be using voip4.freephoneline.ca:6060 for the proxy server. The purpose of voip4.freephoneline.ca:6060 is to circumvent SIP ALG features that typically listen to traffic passing through UDP ports 5060 and 5061 and, in turn, mangle SIP headers, which causes all sorts of problems. SIP ALGs don't monitor traffic on UDP port 6060. Another alternative is to stick your ISP's modem/router combo or gateway (CGN3 isn't just a modem; it's the router features in that device that are of concern) into bridge mode and use your own router. Refer below.
I'm not a Fongo Home Phone user, but I'd be very much surprised if Fongo Home Phone doesn't offer an alternate server for Fongo Home Phone users to use (similar to voip4.freephoneline.ca:6060) who are experiencing SIP ALG issues. I strongly suspect that they do since Fongo Mobile users have access to an "Alternate Fongo Connection" setting in the smartphone app, which does the same thing. It wouldn't make any sense to offer alternate servers to FPL and Fongo Mobile users but not to Fongo Home Phone customers. If you are having SIP ALG related problems, open a ticket: https://support.fongo.com/hc/en-us/requests/new. Ask if they can put you onto an alternate proxy server for customers with SIP ALG problems.
(Generic info)
Typically, for VoIP SIP services, especially for freephoneline, you want
1) a router that does not have a full cone NAT,
Visit https://www.think-like-a-computer.com/2 ... es-of-nat/.
Mango from the Obitalk.com forums writes,
“Use a restricted cone NAT router, and do not use port forwarding or DMZ. Restricted cone NAT will only permit
inbound traffic from the service provider you're registered to. If you have a full cone NAT router, it will allow traffic
from any source. This is probably not what you intend.
If you have a Windows computer, you can test your router using the utility here:
http://www.dslreports.com/forum/remark,22292023. To run it, use stun stun.ekiga.net from a command prompt.”
Essentially, you download the stun-test.zip file; extract the stun.exe file from within the zip file to an easily
accessible location; use an elevated command prompt (visit
http://www.thewindowsclub.com/how-to-ru ... inistrator); change directory (cd) to the
directory or location where you extracted stun.exe (visit
http://www.digitalcitizen.life/command- ... c-commands); and type “stun stun.ekiga.net” without
the quotation marks followed by the enter/return button on your keyboard.
Asus routers, at the time of this writing, produce port restricted cone NAT routers, for example and are fine,
provided you’re using one with Asuswrt-Merlin, third party firmware installed.
2) a router that lets you disable SIP ALG if it's buggy,
To understand why SIP ALG often causes horrible problems, please visit
http://www.voip-info.org/wiki/view/Routers+SIP+ALG (scroll down to the section on SIP ALG problems).
If you're dealing with a modem/router combo issued by an ISP or a router with SIP ALG forced on, you may have
to use voip4.freephoneline.ca:6060 for the Proxy Server. The purpose of voip4.freephoneline.ca:6060 is to circumvent
faulty SIP ALG features in routers.
3) a router that allows you to set QoS or assign highest priority to your ATA or IP Phone over all other devices on your LAN (local area network),
For a very general description of what QoS can do for you, visit https://www.voipmechanic.com/qos-for-voip.htm.
The basic idea is if you're torrenting or have a bunch of other computers, smartphones, tablets, etc. downloading and uploading (hogging all your available bandwidth), you don't want
your ATA not to have access to enough bandwidth to make or receive calls properly. So QoS or a Bandwidth Monitor feature (which is just another form of QoS) is a really good idea for VoIP users.
I often get an occasional relative complaining to me, "Hey my calls sound choppy." And then when I go visit, some kids are playing MMOs on a computer, while another person is downloading a huge file,
and another person is backing up files to a cloud service all at the same time someone else is trying to talk on the phone. All those devices, without QoS enabled, are fighting over available bandwidth along with the ATA.
and 4) A router that lets you adjust both Unreplied and Assured UDP timeouts.
Thanks to Mango, many of us now understand that in order for ATAs to remain registered and working properly with a VoIP SIP provider like Freephoneline, in particular after power failures, the following conditions must be met:
UDP Unreplied Timeout (in your router) < NAT Keep-alive Interval (in your ATA; for Obihai ATAs this is X_KeepAliveExpires) < UDP Assured Timeout (in your router) < SIP Registration Failure Retry Wait Time (or RegisterRetryInterval in Obihai ATAs)
“<“ means less than.
When a modem leases a new IP address, a problem can arise where prior associations using the old IP address are maintained in the router. When the ATA attempts to communicate using the old IP address, the response is unreplied, and then if the UDP Unreplied timeout is greater than the Keep Alive Interval (and UDP Unreplied timeout is often set to 30 by default in consumer routers) a problem arises where the corrupted connection persists. If UDP Unreplied timeout is, for example, 10, and the NAT Keep Alive Interval is 20, then the corrupted connection will timeout or close. A new connection will be created, and everything will work fine.
Another problem can occur when the Keep-Alive interval is greater than UDP Assured Timeout (often 180 by default in consumer routers): the NAT hole will close due to the ATA not communicating frequently enough with the SIP server. In turn, incoming calls may, intermittently, not reach the ATA. Again, X_KeepaliveExpires (NAT Keep Alive interval) is supposed to be 20 with FPL.
(the above settings are making reference to those in Obihai ATAs, but they can be applied generally to all ATAs with FPL)
Getting access to both UDP Unreplied Timeout and UDP Assured Timeout settings in consumer routers may be difficult, if not impossible. Asuswrt-Merlin (I would avoid any model below/less powerful than an RT-AC68U), third party firmware for Asus routers, does offer easy access to these two settings, which are found under General–>Tools-->Other settings. My understanding is that third party Tomato firmware has these two settings as well. So if your router supports Tomato firmware, that may be another option. Note that I will not be held accountable any damage resulting from failed firmware updates. Apparently, Mikrotik routers also allow users to change both Assured and Unreplied UDP timeout settings as well.
The keep alive interval for FPL is 20. The SIP Registration Failure Retry Wait Time is 120. I use 10 for UDP Unreplied Timeout and 117 for UDP Assured Timeout.
ISPs do not issue customers routers that can do all four things I just listed. Typically it's far better to have your own router with strong QoS functions and a restricted cone NAT firewall,
disable whatever SIP ALG feature is enabled in the router, and stick whatever modem/router combo your ISP gives you into bridge mode. For Bell Hubs, visit http://forums.redflagdeals.com/please-s ... r-1993629/. For Rogers, visit https://www.rogers.com/customer/support ... ridgemodem.
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at http://forum.fongo.com/viewforum.php?f=15.
			
						- 
				linsteadslacker
- Just Passing Thru
- Posts: 3
- Joined: 12/18/2018
- SIP Device Name: Grandstream701
- ISP Name: Carrytel
- Computer OS: Windows 10
- Router: CGN3
Re: Carrytel CGN3 SIP ALG
Thanks.   I am getting the 32 second call drop for outgoing calls only.  Incoming calls are fine.
			
			
									
						
										
						- 
				Liptonbrisk  
- Technical Support
- Posts: 3513
- Joined: 04/26/2010
- SIP Device Name: Obihai 202/2182, Groundwire
- Firmware Version: various
- ISP Name: FTTH
- Computer OS: Windows 11 Pro (25H2)
- Router: Asuswrt-Merlin & others
Re: Carrytel CGN3 SIP ALG
Then your options arelinsteadslacker wrote:Thanks. I am getting the 32 second call drop for outgoing calls only. Incoming calls are fine.
1. open a ticket at https://support.fongo.com/hc/en-us/requests/new, and ask if they can put you onto an alternate proxy server for customers with SIP ALG problems (mention that you have a Hitron gateway), or
(Fongo's business hours are 9AM-4PM EST, Monday to Friday excluding holidays)
2. stick the CGN3 in bridge mode, and use your own router.
When calls drop after 32 seconds, the problem is the ACK (acknowledgement) response isn't being received after the 200 OK status.

200 OK is sent to your ATA by Fongo's server. Your ATA is supposed to send ACK (acknowledge) back. If the ACK response is not received by Fongo's server, then
Fongo's server eventually stops waiting for ACK and replies with BYE (likely at 32 seconds), ending the call. SIP signalling can be completely broken by faulty SIP ALG features in routers or
modem/router combos.
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at http://forum.fongo.com/viewforum.php?f=15.
			
						- 
				linsteadslacker
- Just Passing Thru
- Posts: 3
- Joined: 12/18/2018
- SIP Device Name: Grandstream701
- ISP Name: Carrytel
- Computer OS: Windows 10
- Router: CGN3
Re: Carrytel CGN3 SIP ALG
Thanks. Fongo pushed an update to the Grandstream and the problem is resolved.