One way voice over VPN using inbuilt WM6 VoIP client - Windows Mobile Development and Hacking General

Hi guys
I know many people have had one way voice issues using the various cabs for enabling the WM6 VoiP client but I don't think this issue is related to that.
I'm connected to a SIP PBX over an OpenVPN connection and everything connects but I the other party cannot hear me. I've done a packet capture and although the SIP INVITE is coming from the correct source address if you drill down into the SIP packet the owner creator etc is the original IP of the device (not the VPN one).
As a result the RTP stream is being directed towards the wrong IP and I'm getting one way voice. This issue doesn't happen with 3rd party SIP clients but I haven't found a good one yet (fring doesn't work on our PBX).
Has anyone came across this issue before?

After further investigation the WM6 client works perfectly when used over a wireless access point. The problem only occurs when using OpenVPN as the original IP address of the wireless adaptor is sent in the invite packet (rather than the VPN IP address), this causes the audio to be streamed to the wrong IP and as such one way voice is experienced. If I find a workaround I'll post it up.

shippyt said:
Hi guys
I know many people have had one way voice issues using the various cabs for enabling the WM6 VoiP client but I don't think this issue is related to that.
I'm connected to a SIP PBX over an OpenVPN connection and everything connects but I the other party cannot hear me. I've done a packet capture and although the SIP INVITE is coming from the correct source address if you drill down into the SIP packet the owner creator etc is the original IP of the device (not the VPN one).
As a result the RTP stream is being directed towards the wrong IP and I'm getting one way voice. This issue doesn't happen with 3rd party SIP clients but I haven't found a good one yet (fring doesn't work on our PBX).
Has anyone came across this issue before?
Click to expand...
Click to collapse
This is a known SIP issue. As SIP had been designed to work over end-to-end connections. As SIP is a self routing protocol, the SIP server and user agents use the source IP stated in the SIP header instead of the source IP stated in the IP header for their routing
Most 3rd party SIP clients use a technique called STUN to discover their global IP (behind the NAT, or as in your case the VPN local IP) and they put that IP in the source IP in SIP header.

Tokko said:
This is a known SIP issue. As SIP had been designed to work over end-to-end connections. As SIP is a self routing protocol, the SIP server and user agents use the source IP stated in the SIP header instead of the source IP stated in the IP header for their routing
Most 3rd party SIP clients use a technique called STUN to discover their global IP (behind the NAT, or as in your case the VPN local IP) and they put that IP in the source IP in SIP header.
Click to expand...
Click to collapse
is there any workaround? I do not want to install STUN server on a local pc. I connect to my router openvpn (dd-wrt firmware). mega version has also a milkfish sip server. I have been thinking maybe I could use it as proxy to resolve this one-way voice problem?

Hey, I had the same issue recently and I have found a solution: do not enable VoIP calls over 3G/GSM when using SIP Config Tool. I was actually able to make and receive VoIP calls over an OpenVPN connection - the sound was a little choppy at the callee's side, but in general it was quite good. The only problem I have so far is that the phone unregisters itself from server when going to standby mode and registers back when turning on, so I can receive calls only in the latter case.

shurik_1 said:
is there any workaround? I do not want to install STUN server on a local pc. I connect to my router openvpn (dd-wrt firmware). mega version has also a milkfish sip server. I have been thinking maybe I could use it as proxy to resolve this one-way voice problem?
Click to expand...
Click to collapse
Not to mention native SIP client you are using probably doesn't support STUN anyway.
Proxy idea sounds doable, but then WM device is still going to use the ip of its wireless interface in the INVITE message. Unless this is fixed by the router, milkfish will still be unable to encapsulate incoming RTP traffic into the VPN.
Perhaps you can mangle SIP INVITEs with sip_conntrack available at http://www.iptel.org/sipalg/?

Related

GPRS and Static IP with VPN

HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Unfortunately there is no simple answer to your question. AFAIK you cant get a fixed ip on gprs, but if your using the right firewall and the right vpn host you dont need to.
I use and supply windows sbs 2003 servers and vpn into them regularly. I have also used citrix to achieve similar results. Might be a bit difficult to persuade your firms it dept to set up something like that for 1 person though.
PM me if youd like any advice.
BillyB said:
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Click to expand...
Click to collapse
Hello Billy,
You ask a good question, but the answer isn't simple. Most carriers do have two types of APN (Access Point Name) provision for your SIM: "private" APN (which provides a non-routable IP assignment from behind a NAT, for basic browsing and e-mail functionality) and "public" APN (that provides a routable IP assignment, which is the Minimum Requirement for a more sophisticated connection type, such as VPN, etc). However, both of them are assigned by a DHCP (Dynamic Host Configuration Protocol) Server on a GGSN (Gateway GPRS Support Node) of your particular GPRS network operator. In either case, the end result will obviously be a DYNAMIC IP address on your GPRS terminal (be it a laptop PC, a PDA, or phone)
Some carriers do offer what is called a "dedicated APN" provision, which gives the subscriber their own IP range to choose from (almost like a small subnet), but it is only available to corporate giants like Pepsi (for example).
Now, to sum it up, you must have the proper APN provisioned on your Mobile SIM account (which the provider will normally call something like a "VPN data package" in billing terms). Then, you must obviously establish a GPRS session before you can connect your VPN client (but remember that most basic VPN clients work the best). It is pretty sad to say, but Microsoft Windows-embedded VPN client on Win2k/XP Pro so far has performed the best with no quirks whatsoever. It has to be via PPTP...L2TP has also worked for me..otherwise, the fancier (and more secure) the VPN tunneling protocol, the more its likely to fail. Normally all you need for a basic MS WIndows VPN client config is the Server name (or IP address), the user name, and the password.
Hope this helps,
Let me know how it goes,
Alex
PS. PM me if you have further questions.
VPN and TS Its like pulling teeth
hi all this has got to be the most anoying problem ever. i can connect to O2 vpn access point and hence i can connect to my work vpn server. however as soon as i try to open a TS connection to my desktop (through the vpn) the VPN connection is dropped and i never connect. Can anybody tell me why? if i have a vpn connection to my work server why does TS try to make another connection and bomb out the original. Is there a fix or another way of doing this i.e. does a external IP have to be nat'd to my desktop IP on port 3389? all help greatly appreciated. Ian

One way VoIP Audio

Having spent the last 30 minutes having a search around this topic does anyone have any info on lack of audio on the Hermes for a SIP VoIP call? Is an upgrade needed?
I get feedback when I place the phones back to back so the audio is there somewhere but it doesn't seem to pass speech through the speaker of the hermes.
I am using a Movial Soft Client and an IMS Server for the SIP proxy functions and have no problems PC to PC (whether NAT or not).
If this has been answered before sorry I couldn't see the wood for the trees!!
most probably it's a sip problem when you are behind a NAT. Configure a STUN server on the SIP client and should be ok.

WM6 & VoIP | STUN support required

Hello world.
Since I can't hear the other party while placing VoIP calls through the integrated SIP client of WM6 via FON hotspots (probably due to the double NAT-routing on most hotspots), I'd like to know if there's any possibility to implement STUN support.
regards,
Inquisitor
Hi there, I think you should post your question in this blog:
http://blogs.msdn.com/cenet/Default.aspx?p=3
I'm bypassing the issue by using OpenVPN on my S710 which connects to my home gateway.
STUN Support in 6.1?
I have been searching around quite a bit.
Is there any support for a STUN server with the VOIP "Internet Calling" Feature on some of the newer ROMs. I'm on a Kaiser and it seems to register. I just can't seem to make a call to an asterisk system.
I believe this is because I am behind a NAT, so I think STUN is required for it to work properly.
doing same but no voice
jockyw2001 said:
Hi there, I think you should post your question in this blog:
http://blogs.msdn.com/cenet/Default.aspx?p=3
I'm bypassing the issue by using OpenVPN on my S710 which connects to my home gateway.
Click to expand...
Click to collapse
i m also having the same issue of no voice, could you please guide on how you accomplish this, my current setup is like this,
i have my server configure as openvpn server that is behind a router, ssh, ovpn ports are forwarded to server, ovpn client is xp and which is behind another router, xlite as softphone and working perfectly, ovpn installed on pocket, vpn tunnled is connect can connect through to server using putty, pocket pc is showing signal means registered with asterisk server (openvpn server is same) can dial also and it shows line connected as well, but no dial tone and no voice.
linux server with asterisk and openvpn
client htc universal (jasjar)
i hope i've given a clear picture of my setup, thanx in advance for any help...

New Hero can't send mail. Port 25 blocked.

I just got a HTC Hero two days ago from T-Mobile (in the Netherlands). But no matter what I try, I can't get the thing to send email. It took me a while to figure out why: either the phone or the network is blocking traffic over port 25.
This is how I tested it:
I wrote a small program that simply listens to a specific port. It would display whenever a remote host connects to the port and it would also display anything the remote is sending. I had the program listen to port 25 and setup another HTC (a Touch) to use my computer's IP address as outgoing (SMTP) mail server. Whenever I tried to send mail from the HTC Touch, the program would show a remote host was trying to connect to port 25. I could change the outgoing port to whatever I wanted and it would show in the program.
Not with the Hero. No connection attempt was displayed when the HTC Hero was set to connect to port 25 on my computer. If I set it to anything else, it would display. So the only conclusion can be that either the Hero blocks port 25, or the network.
Anyone else experience this problem? And is there a way to correct this?
Did a few more test and found out that if I connect through WiFi to the internet through my router, I am able to send mail. Disconnect from WiFi and connect through GPRS/HSDPA and I can't send email. So port 25 is blocked by the network...
having a problem with emails as well.
phone sends emails out but they dont arrive.
when contacting my service provider ("Tele2" in Estonia) they told me that network software "spam assassin" categorize my phone as spammer. so no emails from my phone through their smtp server is allowed...
At the moment only solution is to use alternative smtp provider.
I tried with gmail smtp and managed to send mails out. this is some kind of temporary solution but not final... I would still really want to know what causes this problem, as gmail changes "from" address to gmail account address and I want to use my default address.
What email server are you using? I had to change the standard setting to send out mail by hotmail UK
Right, this is a problem related to SMTP server configuration in general. Since SMTP is not typically authenticated, most ISPs (landline or wireless) won't let you send outgoing email through their servers if you are not connected directly to their network. Some also block any outgoing port 25. For example, if you normally use your DSL providers e-mail servers for POP/IMAP and SMTP and you go to your friends house who uses a different ISP, you'll be able to configure his e-mail client to retrieve your POP/IMAP but not send via you ISP SMTP. In that case you would have to send using his ISP SMTP server. This is typically done for spam prevention. Otherwise, anyone anywhere in the world could just send junk email using any ISP SMTP server as the start point.
For your situation, I think you are trying to use your ISP's SMTP server while connected to the mobile network. For the reasons above, it typically won't work. It works from your Wifi because you are then connected to the ISP network. There are a couple of solutions:
1) Set the outgoing SMTP server to the one provided by your mobile operator. No matter where you go in the world, you will send email through the mobile operator SMTP server which will be fine. The only problem is, depending on how you have everything set up, the emails won't show up in your "sent" items on your normal email.
2) Use Gmail, and maybe others. Google use authenticated SMTP that requires a username and password. Therefore, they allow you send through their SMTP servers from anywhere. Ohh, and it does not use port 25.
Hope that helps.
Just a shot in the dark here - do you have the handcent application (sms app) installed? When I installed this app I got exactly the same problem. Stopped my email going out. Removed handcent and all was ok again.
Zippy1970 said:
I just got a HTC Hero two days ago from T-Mobile (in the Netherlands). But no matter what I try, I can't get the thing to send email. It took me a while to figure out why: either the phone or the network is blocking traffic over port 25.
This is how I tested it:
I wrote a small program that simply listens to a specific port. It would display whenever a remote host connects to the port and it would also display anything the remote is sending. I had the program listen to port 25 and setup another HTC (a Touch) to use my computer's IP address as outgoing (SMTP) mail server. Whenever I tried to send mail from the HTC Touch, the program would show a remote host was trying to connect to port 25. I could change the outgoing port to whatever I wanted and it would show in the program.
Not with the Hero. No connection attempt was displayed when the HTC Hero was set to connect to port 25 on my computer. If I set it to anything else, it would display. So the only conclusion can be that either the Hero blocks port 25, or the network.
Anyone else experience this problem? And is there a way to correct this?
Click to expand...
Click to collapse
Zippy1970 said:
I just got a HTC Hero two days ago from T-Mobile (in the Netherlands). But no matter what I try, I can't get the thing to send email. It took me a while to figure out why: either the phone or the network is blocking traffic over port 25.
Anyone else experience this problem? And is there a way to correct this?
Click to expand...
Click to collapse
First note that this is not a problem with Android or HTC Hero.
The problem is that many broadband providers have their servers for outbound email set up to allow clients to connect without authentication from addresses in their own network. Word-wide open access to mail forwarding OTOH is a big no-no and would soon lead to the servers being blocked by other network operators. A client that normally connects over broadband will thus get access denied when it is trying over 3G or GPRS as the phone then appear to your broadband-provider as being connected to an "unknown" network.
There are several solutions:
1. Use a provider for mail that is independent from the one providing connectivity. Such providers offer many ways in which authorised users can send and receive their email. You've got a wide selection of free providers such as gmail and hotmail, as well as paid services from places like imap4all.com and fastmail.fm. This also gives you the flexibility of being able to change bandwith/connectivity suppliers as often as you like without having to change your email-address.
2. Check with your broadband-provider if they provide authenticated global access to their SMTP-servers, and if so what ports/protocols they support. Any half-decent provider will have such alternatives available. Encryption is strongly recommended for the email-setup (both send and receive) and the Hero support SMTP over TLS or SSL for mail delivery, the port can also be configured (to match a non-std setup if required by the server). With a decent provider it will probably be enough to enable TLS (or SSL) for the SMTP connection and configure a username and password, so you might want to try that first.
There's a little more to this; it indeed is largely T-mobile's fault. I want to connect to my own (authenticated and using TLS, so not an open relay!) SMTP server and it failed to connect consistently. I then tried to telnet the SMTP server and found the request being intercepted by a host called 'filter2-tmobile.zx.nl'. Ridiculous.
Strange thing: same SIM-card, same phone number, same everything, but using a HTC TyTN II/Kaiser: no problem whatsoever. So it's definitely partially HTC Hero's/G2 Touch's 'feature' as well.
I'm calling them tomorrow to find out more.
Terranca said:
There's a little more to this; it indeed is largely T-mobile's fault. I want to connect to my own (authenticated and using TLS, so not an open relay!) SMTP server and it failed to connect consistently. I then tried to telnet the SMTP server and found the request being intercepted by a host called 'filter2-tmobile.zx.nl'. Ridiculous.
Click to expand...
Click to collapse
Sounds like your provider using outbound filters. That's also fairly common for port 25. Have you tried with SSL, which by default use port 465. That is usually combined with authentication so it is not so common to filter port 465.
I forgot an important detail in my previous post. Using anything over port 25 for outbound email is generally nothing but trouble. Always use SSMTP (port 465) instead of plain SMTP over port 25 if possible.
Email-providers such as fastmail.fm and imap4all.com provide SNMP-services on a number of nonstandard ports to get around these provider filters. Some even put proxies in front of their SMTP-servers that enable connection through any port. When combined with SSL that makes it virtually impossible for other providers to filter.
T-Mobile (my mobile provider) is blocking anything over port 25. I've tried their own SMTP server (smtp.gprs.t-mobile.nl) and like I said, I wrote an application myself that listens to traffic over port 25. Not even a connection request arrived.
I solved my problem by setting up my own mailserver to also accept incoming connections over port 587 while forcing authentication and TLS.
But it's pretty stupid that T-Mobile sold me this phone (including a mobile internet subscription) while not even allowing me to send emails over the default port and their own mailserver.
I have had the same problem, i have an ntlworld email account, which does not let you use their smtp server unless connected to their network. So to get round this i have used gmails smtp server on the hero, its the only way it lets me send mail.
Have you tried authenticating and using port 26? I do this on T-Mobile NL, however I use the SMTP sevrer of my own domain e-mail account (hosted).

VOIP Behind NAT/Firewall

Hi,
From Internate search I found this forum which is having very useful research and Discussion. I have one question and need solution and reply setp by step for the following issue:-
That I am trying to send voip call by using IP 192.168.0.20 using Port:6800 as SIP port to the Gateway from VPS (softswitch). At the destination we are using a Router (Dlink) for connectivity of internate and Gateway.
When I configure GW with IP 192.168.0.20 SIP port 6800 with username and password, and tried to connect Gateway as SIP client from Softswitch, the messages comes "The GW/Registrar Client does not register as SIP client". Thats means switch is not reaching to Gateway.
As I understand from some study that SIP-based communications cannot reach LAN users behind firewalls and NATs automatically because firewalls are designed to prevent inbound unknown communications.
I would much appreciate if any colleague from this forum may guide me step by step and let me know how this scenario can works.
Thanks
Sameel
I've Googled it and there are two ranges of ports you need open for it to work. Usually though ICE/Stun can get past that. Have you tried that?

Categories

Resources