This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Skype call quality suffering from UDP blocking


I'm having an issue with Skype and call quality because of UDP blocking.
A forum/Google search did not turn up anything relevant.

Using ASG home licence 8.202 - (haven't updated in awhile)

In the Skype Call Technical Info window, I have consistently bad local UDP.

Skype Call Technical Info dialog
Packet loss=0.0% (5)
Send packet loss=0.0%/0.0%
Recv packet loss=0.1%/0.1%

UDP status=local:Bad remote:Good

From O'Reilly Skype Hacks: "If either end of a Skype call has poor UDP, call quality will suffer"

I use the SOCKS5 proxy /w authentication for Skype, and have no problems making/receiving calls.
I have an allow all firewall rule for the port I'm using for incoming connections.
and a DNAT rule:  Allow - Any->Skype->WAN - Dest: MYPC - Auto Firewall rule

I tried turning off IPS or making an allow all for ICMP/UDP in IPS exceptions as a test - no good
Also tried turning of ICMP and UDP flood protection.

All tests with the Skype Echo Call Test Service consistently show bad local UDP,
in the Call Technical Info dialog.

IPS log shows
severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth0" srcip="MYPC" dstip="ASG" 

Anyone have an idea what I can do about this?

This thread was automatically locked due to age.
  • Hi Sascha and William.

    Thank You for your response.

    Sascha, I've already tried turning off icmp and udp flood protection, and turning off IPS, adding exclusion rules, etc.

    I forgot the more relevant firewall log in my first post...
    There are dropped udp packets.

    William, I've now applied all updates up to 8.303, and the DNAT rule is off.
    I have only four packet filter rules for wireless device access.

    I get Good local UDP when I connect the XP/Win 7 box (same issue with Skype on both OS) directly to the cable modem.
    So that eliminates software as an issue (Avast AV only on both XP/Win7 - no software firewalls) 

    I also tried connecting the XP/Win 7 box directly to the ASG (eliminating a switch and wireless router access point), still have bad local udp.

    The ASG box is an old Dell OptiPlex GX280 (unreliable onboard NIC disabled) with a 2.8ghz Pentium 4 /w 1gb ram (yes, I know it's underpowered, but I have only two pc boxes and phone/ipod using it, with mem use about 70-80%) 
    The NIC is an HP Compaq NC7170 Dual Port Gigabit (Intel 82546EB)

    I already have setup Skype to use the SOCKS5 proxy with authentication.
    Use port 33000 for incoming connections (was originally using same port for torrent with a port forwarding rule)
    SOCKS5 Host 192.168.x.***:1080 (address of ASG)
    Enable proxy authentication
    Username: *** Password: ***

    I have changed the XP/Win7 box Host network definition to Any instead of Internal.

    Skype is not using the SOCKS5 proxy for UDP, I'm getting Default Drop UDP messages in the Firewall log,
    even if I add an any-udp-any rule as first rule.

    I get dropped packets between remote IP and ASGWAN, PC and ASGLAN and PC and MYWANIP on ASGLAN

    name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="REMOTE" dstmac="ASGWAN" srcip="REMOTE" dstip="MYIP" proto="17" 

    length="56" tos="0x00" prec="0x00" ttl="49" srcport="41390" dstport="33000" 

    name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="MYPC" dstmac="ASGLAN" srcip="MYPC" dstip="ASGLAN" proto="17" length="98" 

    tos="0x00" prec="0x00" ttl="64" srcport="6655" dstport="56429" 

    name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="MYPC" dstmac="ASGLAN" srcip="MYPC" dstip="MYIP" proto="17" length="56" 

    tos="0x00" prec="0x00" ttl="64" srcport="10841" dstport="54100"
  • Hi orangealert,


    Did you find a solution for this?

    We are using UTM 9 (9.411-3) and i have the same issue. Audio Quality is bad with breaks.

    Did you have a working config now?





Reply Children
  • Hi,, Stephan, and welcome to the UTM Community!

    What do you learn from doing #1 in Rulz?

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob

    Thanks, very good Post!

    I have checked #1

    - Firewall Log shows  dropping  udp 35xxx to 443 if i analyze the skype connection

    - UDP Flood Protection is off

    Checking also #3 - #5. Found some direct bindings.

    I will check skype again tomorrow.

    Cheers Stephan