This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sip module only works for a short time

Hello all,

I use a Fritzbox behind the XG with PhonerLite or LinPhone as SIP client. My provider is 1&1.

Unfortunately, I have noticed that the SIP module crashes after a short time and that I only hear the ringing on new calls, but not the person I am talking to.

I have now searched through the logs and found that the telephony works until I find the following in the log:

localhost kernel: [266259.312048] ip_nat_sip_expected: doing self nating: <212.227.124.5>
localhost kernel: [266261.783797] ip_nat_sip_expected: doing self nating: <212.227.124.5>

Does anyone have any idea what the problem is here?

Regards
Marc

This thread was automatically locked due to age.

Top Replies

initB10r over 2 years ago in reply to initB10r +3 verified

It seems that I found a solution now. I have set in the Fritzbox "Keep port forwarding of the Internet router active for telephony" from 5 minutes to 30 seconds. Many thanks to all for the support…

Parents

0 NM_1987 over 2 years ago

Hello initB10r

Good day!!

Kindly disable the UDP Flood from the DoS & spoof protection or bypass SIP Communication ports (TCPor UDP) from DOS bypass rules.

Navigate to Administrator > >Intrusion prevention >> DoS & spoof protection

https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/IPSDoSAndSpoofProtection.html

For more information about "Sophos Firewall: Turn on or off the Session Initiation Protocol (SIP) module", please check this link also : https://support.sophos.com/support/s/article/KB-000035917

Hope this helps!

-----------------------

Thank & Regards,

Nilesh Mojidra

If a post solves your question, use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 initB10r over 2 years ago in reply to NM_1987

Hello NM_1987 ,

Here is a screenshot of the overview page:

It doesn't look like something is being blocked.

This is the current configuration:

If I understand correctly, spoof protection is disabled and nothing has been blocked in DoS.

Or am I misunderstanding this?

Regards
Marc
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 2 years ago in reply to initB10r

I would make a voip policy that does not use the dpi function.

ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 initB10r over 2 years ago in reply to rfcat_vk

I have now deactivated everything as a test. Nevertheless, it does not work.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 2 years ago in reply to initB10r

Thank you for trying. What does logviewer show for the attempts?
ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 initB10r over 2 years ago in reply to rfcat_vk

I got this error at 13:52:06 and 13:52:08 in /var/tslog/syslog.log

Sep 17 13:52:06 localhost kernel: [629954.088001] ip_nat_sip_expected: doing self nating: <212.227.124.70>
Sep 17 13:52:08 localhost kernel: [629956.539844] ip_nat_sip_expected: doing self nating: <212.227.124.70>

But I can't find anything in the log viewer at this time:
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 2 years ago in reply to initB10r

Hi,

how many Nat rules do you have in place and are any of them linked?
ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 initB10r over 2 years ago in reply to rfcat_vk

Hier sind alle meine NAT rules:

The 4th is connected to the Default Firewall Rule from above
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 2 years ago in reply to initB10r

Hi,

this might not be the answer, but linked Nat rules take precedence regardless of where they sit in the Nat order. Also why do you have linked rules, they are really only needed if you have multiple wan links?

ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 initB10r over 2 years ago in reply to rfcat_vk

There is no specific reason for this. It came with the basic installation of XG.

I have unlinked everything, but unfortunately the problem persists. :-(
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 2 years ago in reply to initB10r

Maybe I am missing something, but your error message is from your voip device not the XG, correct? So maybe you need to disable Nat on your voip device?

the error message would imply that you have the voip device wan interface connected to the XG, not the lan interface.
ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

0 initB10r over 2 years ago in reply to rfcat_vk

No, the log is from the XG itself:

SFVH_SO01_SFOS 18.5.1 MR-1-Build326# tail -f /var/tslog/syslog.log
Sep 19 10:00:01 localhost kernel: [788829.597191] 750:appdev_open:dev open 3
Sep 19 10:00:01 localhost kernel: [788829.597214] 703:appdev_write:ptr U 8,ACCEPT
Sep 19 10:00:01 localhost kernel: [788829.597215] 75:appfiltermap_adt_parser: buff U 8,ACCEPT
Sep 19 10:00:01 localhost kernel: [788829.597219] 711:appdev_write:count 10
Sep 19 10:00:01 localhost kernel: [788829.597222] 758:appdev_release:dev open 3
Sep 19 10:00:01 localhost kernel: [788829.597223] 771:appdev_release:counter 8 size 128
Sep 19 10:00:01 localhost kernel: [788829.597224] 774:appdev_release:dev open 0
Sep 19 10:58:27 localhost nsgsig-verify: /sdisk/u2d/downloads/avira_4.00_1.0.417524_immdiff.tar.gz.gpg: not an NSGSIG file
Sep 19 11:16:23 localhost kernel: [793411.148074] ip_nat_sip_expected: doing self nating: <212.227.124.6>
Sep 19 11:16:25 localhost kernel: [793413.607723] ip_nat_sip_expected: doing self nating: <212.227.124.6>

Reply

0 initB10r over 2 years ago in reply to rfcat_vk

No, the log is from the XG itself:

SFVH_SO01_SFOS 18.5.1 MR-1-Build326# tail -f /var/tslog/syslog.log
Sep 19 10:00:01 localhost kernel: [788829.597191] 750:appdev_open:dev open 3
Sep 19 10:00:01 localhost kernel: [788829.597214] 703:appdev_write:ptr U 8,ACCEPT
Sep 19 10:00:01 localhost kernel: [788829.597215] 75:appfiltermap_adt_parser: buff U 8,ACCEPT
Sep 19 10:00:01 localhost kernel: [788829.597219] 711:appdev_write:count 10
Sep 19 10:00:01 localhost kernel: [788829.597222] 758:appdev_release:dev open 3
Sep 19 10:00:01 localhost kernel: [788829.597223] 771:appdev_release:counter 8 size 128
Sep 19 10:00:01 localhost kernel: [788829.597224] 774:appdev_release:dev open 0
Sep 19 10:58:27 localhost nsgsig-verify: /sdisk/u2d/downloads/avira_4.00_1.0.417524_immdiff.tar.gz.gpg: not an NSGSIG file
Sep 19 11:16:23 localhost kernel: [793411.148074] ip_nat_sip_expected: doing self nating: <212.227.124.6>
Sep 19 11:16:25 localhost kernel: [793413.607723] ip_nat_sip_expected: doing self nating: <212.227.124.6>

Children

+1 initB10r over 2 years ago in reply to initB10r

It seems that I found a solution now.

I have set in the Fritzbox "Keep port forwarding of the Internet router active for telephony" from 5 minutes to 30 seconds.

Many thanks to all for the support.
Cancel
Vote Up +3 Vote Down

Cancel