SIP ALG is not your friend, especially with NAPTR + SRV

Cristian Livadaru
Jul 24, 2017 · 3 min read

So, I finally had my two FusionPBX (freeswitch) setup in two data centers, solved the problem regarding how to register to the freeswitch with NAPTR + SRV Records which is quite awesome. I won’t get into the topic of NAPTR, if that’s what you’re looking for you should probably read this

The first tests

Setup an old Yealink I had laying around, registering via NAPTR DNS works, calls work, failover to the other data center if one goes down, all works great. So it’s time to switch my phones over to the new setup so I can do more detailed tests. I didn’t think that the fact that I use SNOM instead of yealink could yield any other results but here the first surprise, once I hang up the call keeps on ringing which didn’t happen in the first tests with the Yealink. I retried with my favorite Mac OS soft phone (Blink) as I wasn’t in the office and couldn’t test with the Yealink and the issue persisted which leads me to my first false conclusion.

It’s a freeswitch issue

Photo by Jakob Owens on Unsplash

Next day in the office retested with Yealink and the issue is gone, retest with SNOM and the Issue is Back. Well, this sucks … Let’s try this with my Smartphone VoIP App, oh wait … media5fone doesn’t handle NAPTR which was a great moment to search for something new and I ended up with Bria for iOS (awesome softphone!) It handles NAPTR and guess what, same as with yealink, no issue. Back to SNOM and issue once again occurs.

So what’s the SIP Trace saying?

SIP/2.0 481 Call/Transaction Does Not Exist

What the ????

A lot of google searches later I came across this older Mailinglist entry. This was describing my issue exactly, after the Proxy Authentication response my phone as well changed to the internal IP addresses.

is this a SNOM issue?

That was my first thought and I opened a support ticket with SNOM but I couldn’t wait until I got a response so I tested further.

On the FusionPBX IRC channel, someone with the same setup gave me an account where I could test with my phone and guess what, everything is working. So wait, is it freeswitch again?

Let’s confirm by connecting the phone directly to one datacenter without NAPTR and SRV so we now have the same phone, the same server, the same everything, except the NAPTR setup and guess what, once again it’s working.

So back to pointing the finger at SNOM but still made no sense. Then thanks to some input from the IRC channel regarding SIP ALG the issue was found.

SIP ALG you nasty piece of ….

I always disable SIP ALG, never liked it, never trusted it, it never helped me but always fucked me over … so I thought …
For some reason, I always though Mikrotik doesn’t have SIP ALG, but guess what? turns out they do, it’s just called SIP helper. Which also means, I was using it all these years and it did even work without issues until now.

/ip firewall service-port disable sip

This one little line solved my issue instantly! Everything works as expected with SNOM and other phones as well.

Cristian Livadaru

Written by

all kinds of IT Stuff

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade