SIP and RTP ports range ?

Have a question or problem with your Fongo application? This forum is the place to get help from both staff and fellow community members.
Fongo recommends Fongo Home Phone for a fully supported Home Phone system for only $4.95/mo

SIP and RTP ports range ?

Postby jenom » 07/26/2022

I want to stop FPL working at night, which can be done on my router's Network Services Filter page to setup the day/time to blacklist the IP address and port range the ATA device.
FPL online Setting page only says "RANDOM" for used both SIP & RTP ports.
Can somebody tell me what port ranges FPL using for SIP & RTP?
Thanks!
jenom
Active Poster
 
Posts: 57
Joined: 01/03/2012
Location: Mississauga, Ontario, Canada
SIP Device Name: VDV21
Firmware Version: 3.2.11-na.bin
ISP Name: Acanac ADSL
Computer OS: Windows 7 Ultimate
Router: Linksys-EA6900-XWRT-VORTEX

Re: SIP and RTP ports range ?

Postby Liptonbrisk » 07/26/2022

Local (LAN) SIP and RTP ports are defined by the ATA or SIP device/app being used, and, unfortunately, you're using an unlocked Vonage ATA, which I'm unfamiliar with (I can't find a manual for it, and, consequently, won't be able to assist with finding the local SIP and RTP ports it uses).You may be able to figure this out by observing your router's system log (if it produces one) when your ATA communicates with an FPL proxy server. Chances are the default local SIP Port is UDP 5060 (which isn't advisable, but that's another conversation involving SIP scanners) since most devices use UDP 5060 by default.

For example, with an Obihai ATA, the local SIP port is defined by X_UserAgentPort (Voice Services-->SP Service).
In Linksys ATAs, local SIP Port is sip port (Voice-->Line-->SIP Settings).
In Grandstream ATAs, local sip port is defined by Local SIP Port (when Use Random SIP Port is set to No) and found by navigating to the Profile tab. When Use Random SIP Port is set to yes (which is the recommended setting when using Freephoneline), a randomly generated sip port is chosen by the device.
As far as I know, only Grandstream devices have the option to select random SIP ports, so the recommendation that you're reading or referring to only applies to them.

Similarly, local RTP ports are defined by the ATA, SIP device, or SIP app being used.
For Obihai ATAs, the local RTP port range is defined by LocalPortMin and LocalPortMax (Service Providers-->ITSP Profile-->RTP).
For Linksys ATAs, the local RTP range is defined by RTP Port Min and RTP Port Max (SIP-->RTP Parameters).
For Grandstream ATAs, the local RTP port is defined by Local RTP Port (Profile tab), when Use Random RTP Port is set to No. When Use Random SIP Port is set to yes (which is the recommended setting when using Freephoneline), the ATA chooses random RTP port.

When a call connects, a random RTP port defined by the RTP range in each device is used at that time.

SIP Ports (not local/LAN) used by Freephoneline is UDP 5060 for voip.freephoneline.ca and voip2.freephoneline.ca.
UDP 6060 is used for voip4.freephoneline.ca.

RTP IPs for FPL are 208.85.218.149 and 208.85.218.150 at this time (that may change in the future). That's where the audio stream comes from.

If you block the Proxy server IP being used (voip.freephoneline.ca, voip2.freephoneline.ca, or voip4.freephoneline.ca), SIP signalling shouldn't be possible at all, making blocking RTP IPs and RTP ports pointless.You can find those FPL proxy server IPs easily by pinging each one (ping voip.freephoneline.ca). The problem with using IPs is that they can change: viewtopic.php?f=15&t=19702.

Lastly, it seems to me that blocking the appropriate server IP address based on UDP protocol (all UDP ports) should be sufficient, but I thought you might be interested in the other information in this post as well. All ports mentioned in this post use UDP protocol.
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2334
Joined: 04/26/2010
SIP Device Name: OBi202
Firmware Version: 3.2.2 (Build:8680EX)
ISP Name: Cable
Computer OS: Windows 10 x64 Pro
Router: Asuswrt-Merlin

Re: SIP and RTP ports range ?

Postby jenom » 07/27/2022

Thank you for the detailed information. The needed settings for the ATA device are located in an editable local "brcmMACADDRESS.xml" file, which is then uploaded from a small local http server to ATA (the same process as Provisioning )
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<proxyAddress>voip.freephoneline.ca</proxyAddress>
<proxyPort>5060</proxyPort>
<regAddress>voip.freephoneline.ca</regAddress>
<regPort>5060</regPort>
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<localPort>5060</localPort>
<minimumSessionExpirationTimer>0</minimumSessionExpirationTimer>
<registrationTimer>180</registrationTimer>
<rtpPacketTOS>184</rtpPacketTOS>
<rtpPort>10050</rtpPort>

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Already tried in router to block ranges of SIP 5060:5082 and RTP 10000:3000 and this seems like worked as supposed to be.
You are saying "UDP 5060 isn't advisable" , what other SIP UDP port could be used instead which works with FPL ?
jenom
Active Poster
 
Posts: 57
Joined: 01/03/2012
Location: Mississauga, Ontario, Canada
SIP Device Name: VDV21
Firmware Version: 3.2.11-na.bin
ISP Name: Acanac ADSL
Computer OS: Windows 7 Ultimate
Router: Linksys-EA6900-XWRT-VORTEX

Re: SIP and RTP ports range ?

Postby Liptonbrisk » 07/27/2022

jenom wrote:You are saying "UDP 5060 isn't advisable" , what other SIP UDP port could be used instead which works with FPL ?


Change local SIP Port (not proxy port) to a random number between 30000 and 60000. Just pick a number in that range. Do this for security reasons (to help avoid SIP Scanners/hackers). Also, this step may help to temporarily address a corrupted NAT association that's developed between a router and ATA (if you're having registration issues, try selecting a new random port number in this range, and then reboot the ATA. If that works, you were dealing with a corrupted/stale NAT association in your router).

UDP 5060 is frequently targeted for attacks or port scanning.

Also, since I’m not familiar with your ATA, I’m not positive what the value for registrationtimer is supposed to represent, but if that’s the expiration timeout value for Freephoneline (registration period) it should be 3600 seconds. If I’m correct, you run the risk of being temporarily IP banned by the proxy server if you use 180 seconds instead.

By the way, in the example you provided, your ATA is only using UDP 5060 (local SIP port) and 10050 (RTP port) for FPL.
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2334
Joined: 04/26/2010
SIP Device Name: OBi202
Firmware Version: 3.2.2 (Build:8680EX)
ISP Name: Cable
Computer OS: Windows 10 x64 Pro
Router: Asuswrt-Merlin

Re: SIP and RTP ports range ?

Postby Jake » 07/27/2022

Would blocking your ATA's IP rather than the ports be another way to stop FPL from working at certain times?

Maybe going basic and just putting the adapter on a timed/smart plug might be an option also. If the ATA isn't powered up then the phones can't ring.
User avatar
Jake
Technical Support
 
Posts: 2783
Joined: 10/18/2009

Re: SIP and RTP ports range ?

Postby Liptonbrisk » 07/27/2022

Jake wrote:Would blocking your ATA's IP rather than the ports be another way to stop FPL from working at certain times?


Yes, you don't need to know the UDP ports. Not specifying them at all is the same as entering all UDP ports, provided the protocol is set to UDP. Blocking an IP is enough.

To do what you're suggesting, source IP would be the LAN IP of the ATA.
Leave source port range blank. Don’t enter anything for Destination IP. Leave Destination Port blank. Set Protocol to UDP.
Set Filter table type to "Deny List" (in the latest Merlin firmware) or "blacklist".
The router will now block all UDP traffic from the ATA to WAN.
https://www.asus.com/ca-en/support/FAQ/1013636/

Actually, I am wondering why jenom doesn’t use Time Management under Parental Controls instead, unless the option doesn’t exist in the router firmware version being used.
You can just do what Jake says there: block the ATA (based on device MAC address) at any given time. Take a look at https://www.groovypost.com/howto/asus-r ... cheduling/.
This has an advantage of not requiring a static IP for the ATA.


jenom appears to be using Vortex, which is, basically, Merlin.


Maybe going basic and just putting the adapter on a timed/smart plug might be an option also. If the ATA isn't powered up then the phones can't ring.


Yeah, I don’t know whether the router owner wants to simply restrict all ATA users as opposed to permitting someone to simply plug the ATA in elsewhere.
Also, a timer or a smartplug is an added expense, but that is a scenario I considered yesterday before responding.
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2334
Joined: 04/26/2010
SIP Device Name: OBi202
Firmware Version: 3.2.2 (Build:8680EX)
ISP Name: Cable
Computer OS: Windows 10 x64 Pro
Router: Asuswrt-Merlin

Re: SIP and RTP ports range ?

Postby jenom » 07/28/2022

I am using XWRT-Vortex EA6900_386.7_2 (same as latest AsusWRT-Merlin).
In previous versions, I was able to use the Parential Blocking Timer and it worked great, however this option is removed from menu.
In the actual file I used for device , going to verify, that regTimerValue is the correct 3600.
Since I should not use SIP UDP 5060, what others are the safest ? 50xx ?
Thanks!
jenom
Active Poster
 
Posts: 57
Joined: 01/03/2012
Location: Mississauga, Ontario, Canada
SIP Device Name: VDV21
Firmware Version: 3.2.11-na.bin
ISP Name: Acanac ADSL
Computer OS: Windows 7 Ultimate
Router: Linksys-EA6900-XWRT-VORTEX

Re: SIP and RTP ports range ?

Postby Liptonbrisk » 07/28/2022

jenom wrote:I am using XWRT-Vortex EA6900_386.7_2 (same as latest AsusWRT-Merlin).
In previous versions, I was able to use the Parential Blocking Timer and it worked great, however this option is removed from menu.


Strange. I'm using 386.7_2 in Asuswrt-Merlin (not Vortex), and I still have Parental Controls-->Time Scheduling.

In the actual file I used for device , going to verify, that regTimerValue is the correct 3600.


I think so, but I'm not positive because there's no manual or anything I can refer to that verifies what the setting does.

SIP registrations have a timeout value. With Freephoneline, it's supposed to be 3600 seconds, and the ATA needs to re-register before the 3600 second registration period expires.
https://support.freephoneline.ca/hc/en- ... redentials

"Registration Interval: 3600 seconds (1 hour)

Registration Expiry: 3600 seconds (1 hour)"


If the ATA keeps sending registration requests every 180 seconds after registering successfully, you run the risk of being temporarily IP banned by the proxy server (particularly if you start making setting changes and rebooting the ATA).

Since I should not use SIP UDP 5060, what others are the safest ? 50xx ?


I want to clarify that I'm referring to the local or LAN SIP port and not the proxy sever port on the WAN side. Don't change proxyport.
By the way, there shouldn't be any need to specify a registration server or reg port either. Regardless, the local sip port is not the proxy server port, and it's not the registration port.
So, it seems very likely that <localPort>5060</localPort> is the local SIP port that should be changed.

Again, change local (LAN) SIP Port (not proxy port) to a random number between 30000 and 60000. Just pick a number in that range.
Do this for security reasons (to help avoid SIP Scanners/hackers).
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2334
Joined: 04/26/2010
SIP Device Name: OBi202
Firmware Version: 3.2.2 (Build:8680EX)
ISP Name: Cable
Computer OS: Windows 10 x64 Pro
Router: Asuswrt-Merlin

Re: SIP and RTP ports range ?

Postby jenom » 07/28/2022

As far as I remember, they removed Parental Control, maybe am I wrong ?
I am not home at this time, so can not check router's menu
But here is the menu picture from "https://www.asuswrt-merlin.net/" , and there is no Parental Control there.
Unless it is in "USB Applications" ?
Attachments
main_page_sm_2.png
main_page_sm_2.png (39.1 KiB) Viewed 1577 times
jenom
Active Poster
 
Posts: 57
Joined: 01/03/2012
Location: Mississauga, Ontario, Canada
SIP Device Name: VDV21
Firmware Version: 3.2.11-na.bin
ISP Name: Acanac ADSL
Computer OS: Windows 7 Ultimate
Router: Linksys-EA6900-XWRT-VORTEX

Re: SIP and RTP ports range ?

Postby jenom » 07/28/2022

just did a Google search for Asus-WRT parental controls......maybe it is still hiding in "AIProtection" menu ?
this was a screenshot from v384_810_39
will check it out tonight, and if it is still there I am definitely going to use it
Attachments
parental-controls-asus-3-570x345.jpg
parental-controls-asus-3-570x345.jpg (27.23 KiB) Viewed 1576 times
jenom
Active Poster
 
Posts: 57
Joined: 01/03/2012
Location: Mississauga, Ontario, Canada
SIP Device Name: VDV21
Firmware Version: 3.2.11-na.bin
ISP Name: Acanac ADSL
Computer OS: Windows 7 Ultimate
Router: Linksys-EA6900-XWRT-VORTEX

Re: SIP and RTP ports range ?

Postby Liptonbrisk » 07/28/2022

386.7_2 Asuswrt-Merlin

General-->Parental Controls-->Time Scheduling

Image
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2334
Joined: 04/26/2010
SIP Device Name: OBi202
Firmware Version: 3.2.2 (Build:8680EX)
ISP Name: Cable
Computer OS: Windows 10 x64 Pro
Router: Asuswrt-Merlin

Re: SIP and RTP ports range ?

Postby jenom » 07/28/2022

here is a screenshot I found of XWRT-Vortex 386.1.2...R7000....this menu has some different items .....Game + Open Nat
will check it out once at home and will post my finding
Thanks
Attachments
XWRT-Vortex.jpg
XWRT-Vortex.jpg (75.59 KiB) Viewed 1569 times
jenom
Active Poster
 
Posts: 57
Joined: 01/03/2012
Location: Mississauga, Ontario, Canada
SIP Device Name: VDV21
Firmware Version: 3.2.11-na.bin
ISP Name: Acanac ADSL
Computer OS: Windows 7 Ultimate
Router: Linksys-EA6900-XWRT-VORTEX

Re: SIP and RTP ports range ?

Postby Liptonbrisk » 07/28/2022

The previous pic I posted was just cropped.
Some feature/menu options change depending on the router model.

Image
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2334
Joined: 04/26/2010
SIP Device Name: OBi202
Firmware Version: 3.2.2 (Build:8680EX)
ISP Name: Cable
Computer OS: Windows 10 x64 Pro
Router: Asuswrt-Merlin

Re: SIP and RTP ports range ?

Postby jenom » 07/28/2022

yes, menu on my EA6900 is different , and there is a Parental Control in main menu.
Now the question is if it is working, I recall in some earlier version it was broken.
If not, I can stay with Network Services Filter blacklist, which is now called "deny" list
I am going to set it up tonight and see what happens.
Thank you for all the replies received.
Attachments
Parential-Control.jpg
Parential-Control.jpg (195.46 KiB) Viewed 1550 times
jenom
Active Poster
 
Posts: 57
Joined: 01/03/2012
Location: Mississauga, Ontario, Canada
SIP Device Name: VDV21
Firmware Version: 3.2.11-na.bin
ISP Name: Acanac ADSL
Computer OS: Windows 7 Ultimate
Router: Linksys-EA6900-XWRT-VORTEX

Re: SIP and RTP ports range ?

Postby Liptonbrisk » 07/29/2022

You’re welcome. Parental Control should be universally available across all routers supporting Merlin 386.7_2. I used to use it in older firmware versions to block HomeKit devices I didn't trust before getting rid of them.
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/en-us/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at viewforum.php?f=15.
User avatar
Liptonbrisk
Technical Support
 
Posts: 2334
Joined: 04/26/2010
SIP Device Name: OBi202
Firmware Version: 3.2.2 (Build:8680EX)
ISP Name: Cable
Computer OS: Windows 10 x64 Pro
Router: Asuswrt-Merlin


Return to Community Support

Who is online

Users browsing this forum: No registered users and 23 guests