VOIP Configuration

A bit like the early days of DSL lines I'm now trying to find my way with VOIP.

Many of the VOIP suppliers expect you to purchase pre-configured hardware from them, but is there any (fairly) standard procedure for those who already have suitable hardware?

Simplest would be a web page of instructions but a better way might be to supply a config file which you import and then set a supplied password. Another example might be remote config via something like the TR-069 used for routers, or possible a .exe (or Applescript/Unix exec file for Macs) that sets up the config, possibly including security certificates for the base station.

I suspect every supplier does it differently, but with the security risks there might be a move to only supplying configured hardware.

It’s really not particularly onerous or difficult.

A soft-phone client is a good way to test a basic VoIP (SIP) account.

You only need three bits of information;
1. SIP username
2. SIP password
3. SIP registrar/domain address or IP.

Most else can be left vanilla really.

In reply to a post by Pheasant:

It’s really not particularly onerous or difficult.
...[SNIP...]
Most else can be left vanilla really.

Thanks for the reply. I was thinking more of security measures EG: the N300 allows you to set certificates, although a lot of security stuff could be done in the router firewall.

As an aside, what's the function of a stun server? Is it more for security or convenience? Looking at the explanation here it seems more like a version of UPnP for VOIP.

Basic authentication doesn’t require certificates, unless the provider insists on using them. That’s a whole other realm which 99% of domestic user won’t honestly need. If this is a definite requirement, the provider is typically going to insist on using their own (preconfigured) endpoint devices anyway.

STUN severs are for NAT traversal, but again in most domestic setups aren’t really required.

In reply to a post by Pheasant:

STUN severs are for NAT traversal, but again in most domestic setups aren’t really required.

Thanks for the help.

My Zyxel router offers SIP ALG, depending on whether it is selected. How does a stun server fit with that? Can both be used or is it either/or?

On my Sipgate Basic Voip there is no Stun Server configured and SIP ALG is bad and should never be enabled, it basically opens ports to incomers.

SIP ALG is supposed to help. More often than not the router implementation is poor. As said best to leave it disabled. Ditto STUN. As said not necessary.

Less is more. 😅

In reply to a post by Realalemadrid:

On my Sipgate Basic Voip there is no Stun Server configured and SIP ALG is bad and should never be enabled, it basically opens ports to incomers.

Thanks for that- good to know. I think, although I could be wrong, the A&A knowledge base deprecates it in favour of using the firewall to only allow contact to/from port 5060 to a specified set of addresses.

IPv6 is the answer here I would have thought. With Sipgate it just requires the firewall set up to allow incoming from Sipgates IPv6 range of 2001:ab7::/32 and all works perfectly, no NAT to get in the way or worries about SIP or stun servers. It's what IPv6 was invented for

Of course you need a SIP phone that supports IPv6, but anything of any worth should these days, and your ISP needs to offer IPv6, again any decent ISP should be doing so now.

Edited by E300 (Wed 21-Sep-22 14:52:42)