Discussion stats
  • 5 replies
  • 843 views
  • 0 kudos
  • 3 in conversation
Announcements

Top Contributors
Reply
Highlighted
Aspirant

STUN issues with the Nighthawk

From what I'm seeing on packet captures it looks like a new Nighthawk R9000 is stripping STUN requests to the point that a cloud based 3cx server isn't recieving enough information to even reply to. SIP ALG is turned off, but without usable STUN packets coming from the phones on the LAN I cannot correctly register phones with the Public IP.

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 1 of 6
Highlighted
Guru

Re: STUN issues with the Nighthawk

What happens if SIP is enabled? 

 

What is the Mfr and model# of the ISP modem? Built in router here by chance? 

 

 

 


My Setup (Cable 900Mbps/50Mbps)>CAX80>Orbi RBK853 v3.2.15.2#(Router Mode)
Additional NG HW: C7800/CM1100/CM1200, Orbi CBK40, Orbi RBK50/RBK853, R7800, R7960P, EX7500/EX7700, XR450 and WNHDE111
Message 2 of 6
Highlighted
Guru

Re: STUN issues with the Nighthawk

Can you run the checker client (Windows one might guess) from https://www.3cx.com/docs/firewall-checker-client/ ?

 

Firmware version on the R9000?

 

You might also show us on how you suspect the R9000 does interfere with the STUN traffic.

 

I'm a little bit confused reading this https://www.3cx.com/docs/disable-sip-alg-on-netgear/ ... especially - after disabling the SIP ALG - the note that STUN should not be configured on the phones either.

Message 3 of 6
Highlighted
Aspirant

Re: STUN issues with the Nighthawk

In this case, I'm actually a 3cx specialist, all the correct settings are on the phones, and phone system. The PBX is a cloud install on the Amazon AWS platform. The phones are on a LAN environment that prior to changing routers to the Netgear were getting the public IP provided to them by the STUN server. So the only difference is the Netgear. As a rule SIP ALG is poorly programmed on 95% of router companies, and the 5% the do work correctly are specifically VOIP routers, so this will remain turned off.

When the Netgear is in place SIP messaging is sent just fine, as shown by packet captures. The problem arises due to the Netgear somehow stripping information from the STUN packet. They retain all the correct port information, but it will strip the application layer of the STUN packets to the point that the STUN server (which is also the PBX) gets no valid information to respond to. This does not happen with the prior router. SIP traffic is unhindered/untouched.
Message 4 of 6
Highlighted
Guru

Re: STUN issues with the Nighthawk

You might try loading a prior version of this on the router and see if an older version does the same thing. 

Also might try this 3rd party FW as well:

https://www.voxel-firmware.com/Downloads/Voxel/html/index.html

 

Same UI, packages are managed differently...

 

If none of these work, then I would contact NG support and get more help and information on this. Maybe and issue that NG needs to review. 

 

 


@ppickenswrote:

From what I'm seeing on packet captures it looks like a new Nighthawk R9000 is stripping STUN requests to the point that a cloud based 3cx server isn't recieving enough information to even reply to. SIP ALG is turned off, but without usable STUN packets coming from the phones on the LAN I cannot correctly register phones with the Public IP.


 


My Setup (Cable 900Mbps/50Mbps)>CAX80>Orbi RBK853 v3.2.15.2#(Router Mode)
Additional NG HW: C7800/CM1100/CM1200, Orbi CBK40, Orbi RBK50/RBK853, R7800, R7960P, EX7500/EX7700, XR450 and WNHDE111
Message 5 of 6
Highlighted
Guru

Re: STUN issues with the Nighthawk


@ppickenswrote:
As a rule SIP ALG is poorly programmed on 95% of router companies, and the 5% the do work correctly are specifically VOIP routers, so this will remain turned off.

95% must be a little bit low, haven't seen (m)any.

 

@ppickens wrote:
When the Netgear is in place SIP messaging is sent just fine, as shown by packet captures. The problem arises due to the Netgear somehow stripping information from the STUN packet. They retain all the correct port information, but it will strip the application layer of the STUN packets to the point that the STUN server (which is also the PBX) gets no valid information to respond to. This does not happen with the prior router. SIP traffic is unhindered/untouched.

So you imply that the R9000 does either still have some ALG functionality for STUN, or does randomly or systematically crop simple UDP traffic - and this is what STUN is from a routing prospective.

Without a proper test case, debug information, and the like - I'm a little bit at a loss on how the community should help, or what information we should forward to our Netgear contacts for escalating things. 

 

Message 6 of 6