Menu Close

Author: palo73

Statefull NAT64 – simple configuration example on Cisco routers

The example shows a simplified configuration of a Statefull NAT64 demo, without DNS64. I instruct the stateful NAT64 router (CSR-1 – CSR100v) to translate IPv6 packets into IPv4 packets (and vice versa) using algorithmic mapping (defined by RFC 6052) of IPv4 addresses of IPv4 routers to and from IPv6 addresses by using manually defined IPv6 prefix 2001:db8::/96). In a similar manner, the IPv6 addresses of IPv6 routes are translated to and from IPv4 addresses.

Topology

R1/R2 run 7200 IOS image., R1 is pure IPv4 router, on the other site, R2 is IPv6 only.

VLC – SAP problem – the playlist is empty

Our ISP provider (SANET) offers an IPTV service, where the list of TV/radio programs is offered using SAP multicast at IPv4 address of 233.10.47.10. However, my PC (with Win 10 OS installed) stopped receiving the SAP announcements, and the playlist was just empty. All works fine but once it stopped. Even better, it works for some of my colleagues, but not for others

My PC runs dual-stack, i.e. my network works with IPv4/IPv6. My PC has several network adapters as I’m running some virtualization software.

Installing full Linux from Windows on USB with persistent storage

This guide will describe how to install a full Linux OS on an USB flash disk with permanent storage feature, i.e. the system does not lost your files after a reboot as usual live distribution does. The system is fully operable OS and transferable to any PC with all your installed and saved stuff.

There are several ways how to do it, for example using two usb keys, or making a bootable live USB key and then performing the installation (as is for example decribed here How to Install Linux OS on USB Drive and Run it On Any PC ).

Tools for a quick SIP diagnostics – ngrep, sipgrep and sngrep

Sometimes there is a need for simple and quick analysis of a SIP server and its call functions. Of course, we should use the well-known tcpdump, mentioned in the article Using tcpdump for SIP diagnostics. However, for some occasional Linux users this may be too difficult and unclear. But actually there exist some simpler utilities, that could work fine, as ngrep, and for me newer, sipgrep and sngrep (love at first sight).

All utils are directly available and can be installed online from Debian repo using apt-get install ngrep sipgrep sngrep.

SIP clients – security features analysis

Table provides the overview of security features of nine analysed open-source SIP clients (some sources call them the RTC communicator).

Source: P. Segeč, M. Moravčík, J. Hrabovský, J. Papán and J. Uramová, “Securing SIP infrastructures with PKI — The analysis,” 2017 15th International Conference on Emerging eLearning Technologies and Applications (ICETA), Stary Smokovec, 2017, pp. 1-8.
doi: 10.1109/ICETA.2017.8102525
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?rp=&arnumber=8102525&isnumber=8102457

Problem with a VoIP phone behind NAT – disabling FortiGate SIP ALG

Initial state and observed problems

Observed problems

We had observed a problem, where a SIP phone is registering, but the AOR record indicates, that as a Contact IP address the incorrect and strange private IP address is used. As is shown on following listing:

voip*CLI> pjsip show aor 1765
   Aor:  <Aor..............................................>  <MaxContact>
     Contact:     
   Aor:  1765                                                 1 Contact:  1765/sip:1765@10.16.42.46:65476              f123d14d1c NonQual         nan
 ParameterName        : ParameterValue
  =================================================
  authenticate_qualify : false
  contact              : sip:1765@10.16.42.46:65476
  default_expiration   : 7200
  mailboxes            :
  max_contacts         : 1
  maximum_expiration   : 7200
  minimum_expiration   : 60
  outbound_proxy       :
  qualify_frequency    : 0
  qualify_timeout      : 3.000000
  remove_existing      : true
  support_path         : false
  voicemail_extension  :

This cause a problem, where incoming phone calls (call on 1765 number) are not reaching the SIP phone. We had tried to solve the situations on the phone only modifying its NAT configuration and using STUN, but with no success. Then we setup the lab with two Cisco NAT to simulate the topo. It works perfectly. This indicate on a problem with the Fortigate firewall. Several posts indicates that it could be the SIP ALG problem, which is on Fortigate devices turned on by default and it modifies SIP messages.