With respect to security and proper networking, is it considered best to use a stun server or is it best to port forward?
My understanding is that if you port forward, you're potentially opening up risks for the device you're port forwarding to.
If you're using a stun server on your ata device, isn't your public IP being broadcast?
I'm not a networking admin and am generally new to the concept of stun servers, so I'm pretty interested in what is considered
to be the best and most secure method between using stun servers and port forwarding.
Thanks in advance
Stun or Port Forwarding
-
Liptonbrisk
- Technical Support
- Posts: 3329
- Joined: 04/26/2010
- SIP Device Name: Obihai 202/2182, Groundwire
- Firmware Version: various
- ISP Name: FTTH
- Computer OS: Windows 64 bit
- Router: Asuswrt-Merlin & others
Stun or Port Forwarding
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at http://forum.fongo.com/viewforum.php?f=15.
-
dibsmft
- *Go-To Guy*
- Posts: 651
- Joined: 05/11/2011
- SIP Device Name: Yealink T22 (SPA3102 GS286)
- Firmware Version: 7.60.0.110
- ISP Name: Bell-Aliant DSL
- Computer OS: Linux Mint
- Router: Speedstream 6520
- Smartphone Model: Google Nexus 5
- Android Version: 3.2.1
- Location: St. John's NL
Re: Stun or Port Forwarding
What you need to do for STUN and forwarding depends very much on your router/firewall and also the voip provider that you are using. For some voip providers who use sophisticated NAT traversal method you may not need to use STUN or port forward if you only use an ATA with one voip line. However, that would be quite unusual and with my SPA3102 I forward ports and use STUN. I am using STUN more to make sure that the ATA is getting the external IP correctly as the SPA3102 seems to be a bit difficult in that area sometimes. Your external public IP is generally available to anyone you communicate with but your insternal addresses are hidden. If you have a router with a good firewall then there should be almost nothing visible to the outside world.
-
Liptonbrisk
- Technical Support
- Posts: 3329
- Joined: 04/26/2010
- SIP Device Name: Obihai 202/2182, Groundwire
- Firmware Version: various
- ISP Name: FTTH
- Computer OS: Windows 64 bit
- Router: Asuswrt-Merlin & others
Re: Stun or Port Forwarding
Okay, thank you.
Please do not send me emails; I do not work for nor represent Freephoneline or Fongo. Post questions on the forums so that others may learn from responses or assist you. Thank you. If you have an issue with your account or have a billing issue, submit a ticket here: https://support.fongo.com/hc/requests/new. Visit http://status.fongo.com/ to check FPL/Fongo service status. Freephoneline setup guides can be found at http://forum.fongo.com/viewforum.php?f=15.
-
bigg3522
- Just Passing Thru
- Posts: 17
- Joined: 10/03/2010
- SIP Device Name: Grandstream GXP2120
- Firmware Version: 1.0.3.30
- ISP Name: TELUS
- Computer OS: OSX 10.8.2
- Router: E4200
- Smartphone Model: iPhone 5
- iOS Version: 6.0.2
- Location: BC - Canada
Re: Stun or Port Forwarding
I am curious, what do you use for a STUN server?
I have a phone that works great for any and all outgoing calls, but it can't take an incoming call at all. The ports in my firewall are forwarded correctly, but I've long suspected that the culprit is this STUN server/
I have a phone that works great for any and all outgoing calls, but it can't take an incoming call at all. The ports in my firewall are forwarded correctly, but I've long suspected that the culprit is this STUN server/
-
dibsmft
- *Go-To Guy*
- Posts: 651
- Joined: 05/11/2011
- SIP Device Name: Yealink T22 (SPA3102 GS286)
- Firmware Version: 7.60.0.110
- ISP Name: Bell-Aliant DSL
- Computer OS: Linux Mint
- Router: Speedstream 6520
- Smartphone Model: Google Nexus 5
- Android Version: 3.2.1
- Location: St. John's NL
Re: Stun or Port Forwarding
In most cases the STUN server does nothing much more than enable the ATA to get the external (public) IP address and is often not needed. Often, STUN will usually allow you to get two way sound. The old Sipura ATA boxes (eg. Linkys SPA3102 and PAP2) are often quite fussy about this and with some NATs only work with ports forwarded and STUN enabled as well as Nat Mapping Enable and Nat Mapping Keep Alive. If this works OK then you should see your external (public) IP in the "External IP" . The required configuration needed can also depend on what NAT negotiation (circumvention) methods your voip providers uses and what your router attempts to do for you!