SIP ALG on TP-Link


  • Service Provider

    It you have a TP-Link router, you likely have SIP-ALG on by default. You can turn it off but for at least some hardware it is not accessible from the GUI. Had to look this up today and here is a reference guide on how to turn it off via telnet.

    Disable SIP ALG on TP-Link



  • telnet

    Holy crap


  • Service Provider

    @stacksofplates said in SIP ALG on TP-Link:

    telnet

    Holy crap

    Yeah, not the best hardware.



  • @scottalanmiller said in SIP ALG on TP-Link:

    @stacksofplates said in SIP ALG on TP-Link:

    telnet

    Holy crap

    Yeah, not the best hardware.

    Well, at least it's not giving the entire world access to the private VPN like a certain vendor announcement yesterday.


  • Service Provider

    @travisdh1 said in SIP ALG on TP-Link:

    @scottalanmiller said in SIP ALG on TP-Link:

    @stacksofplates said in SIP ALG on TP-Link:

    telnet

    Holy crap

    Yeah, not the best hardware.

    Well, at least it's not giving the entire world access to the private VPN like a certain vendor announcement yesterday.

    Oh yeah, TP-Link is bad, but no one is saying it is like Cisco.



  • Don’t you need to do that on Ubiquiti EdgeRouter as well?


  • Service Provider

    @dbeato said in SIP ALG on TP-Link:

    Don’t you need to do that on Ubiquiti EdgeRouter as well?

    Yeah, but via the GUI or SSH, no need for telnet.

    0_1517466027134_DeepinScreenshot_select-area_20180201002012.png



  • @scottalanmiller said in SIP ALG on TP-Link:

    @dbeato said in SIP ALG on TP-Link:

    Don’t you need to do that on Ubiquiti EdgeRouter as well?

    Yeah, but via the GUI or SSH, no need for telnet.

    0_1517466027134_DeepinScreenshot_select-area_20180201002012.png

    Right, I saw that. The Cmd run screen on that KB is using Windows XP and then uses a CMD of Windows 7, very confusing



  • @scottalanmiller here was the guide I was using after it came to my attention.

    Youtube Video



  • Just FYI I'm using the EdgeRouter PoE v1.9.1 and when I disabled the ALG, all my phones quit working. Thank God for NTG & Scott we are back up and running but for the most part we turned ALG back on. I'm not 100% sure but it appears UBNT is the first vendor I've come across where ALG for SIP actually works. I've always used Linksys, DLink, Sonicwall etc and ALG/SIP is ALWAYS the first thing support wants you to disable.

    Has anyone ran across any issues with the Edge Router yet?


  • Service Provider

    config
    set system conntrack modules sip disable
    commit
    save
    exit

  • Service Provider

    @krisleslie said in SIP ALG on TP-Link:

    Just FYI I'm using the EdgeRouter PoE v1.9.1 and when I disabled the ALG, all my phones quit working. Thank God for NTG & Scott we are back up and running but for the most part we turned ALG back on. I'm not 100% sure but it appears UBNT is the first vendor I've come across where ALG for SIP actually works. I've always used Linksys, DLink, Sonicwall etc and ALG/SIP is ALWAYS the first thing support wants you to disable.

    Has anyone ran across any issues with the Edge Router yet?

    I always disable it.

    You said it works. But did it really? or did it not jsut not break something?

    I have 20 something EdgeRouters in the wild at clints and almos tall sites have SIP phones and I have this settign off.



  • @jaredbusch said in SIP ALG on TP-Link:

    You said it works. But did it really? or did it not jsut not break something?
    I have 20 something EdgeRouters in the wild at clints and almos tall sites have SIP phones and I have this settign off

    Great question.

    I use Yealink phones. For the most part, Scott made sense in that STUN servers can be hit or miss at times. There have been times I can go register a phone without STUN enabled and it works, and randomly another phone may not be able to register until I enable it.

    Today, I want to say 99% of every phone today at one office has it enabled and working and registered successfully. Again I'm not a VoIP Engineer, I've only had to be a guy to deploy it back in the day when I worked in telcos. So I've deployed phones, cabling, networks and done some of the config from a customer point of view but never from the NOC side.

    I have sat with the engineers 1000's of times and at that time in my life I just knew VoIP worked. However after the last 3-5 years of dealing with VoIP/PBX I come to respect it more and more but I also come to scratch my head more and more when what logically shouldn't work, works 🙂



  • @krisleslie said in SIP ALG on TP-Link:

    @jaredbusch said in SIP ALG on TP-Link:

    You said it works. But did it really? or did it not jsut not break something?
    I have 20 something EdgeRouters in the wild at clints and almos tall sites have SIP phones and I have this settign off

    Great question.

    I use Yealink phones. For the most part, Scott made sense in that STUN servers can be hit or miss at times. There have been times I can go register a phone without STUN enabled and it works, and randomly another phone may not be able to register until I enable it.

    Today, I want to say 99% of every phone today at one office has it enabled and working and registered successfully. Again I'm not a VoIP Engineer, I've only had to be a guy to deploy it back in the day when I worked in telcos. So I've deployed phones, cabling, networks and done some of the config from a customer point of view but never from the NOC side.

    I have sat with the engineers 1000's of times and at that time in my life I just knew VoIP worked. However after the last 3-5 years of dealing with VoIP/PBX I come to respect it more and more but I also come to scratch my head more and more when what logically shouldn't work, works 🙂

    All my systems have SIP ALG disabled and I don’t use STUn. SIP ALG needs to be disabled even for Obihai, Ooma and VOIP devices I know.



  • For another site I manage, I don't use stun and I also have ALG/SIP disabled on SonicWall but it is vlaned.



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.