Siproxd: Part One

SiproxdSiproxd is a proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections work via a masquerading firewall (NAT). It allows SIP software clients or SIP hardware clients to work behind an IP masquerading firewall or NAT router.

SIP, or Session Initiation Protocol, is a standardized set of formats for communicating messages used to initiate, control, and terminate interactive Unicast or Multicast user sessions with multimedia services such as Internet telephone calls, video conferencing, chat, file transfer and online games. Originally developed in 1996 (and standardized in 2002 under the name RFC 3261 by the Internet Engineering Task Force), SIP is the most widely used communication protocol and is the protocol of choice for most VoIP phones to initiate communication. By itself, SIP does not work via masquerading firewalls, as the transferred data contains IP addresses and port numbers. Thus, using SIP over a firewall requires solutions to traverse NAT, but such solutions may have disadvantages or may not be applied in certain situations. Siproxd does not aim to be a replacement for these solutions; however, in some situations it may bring advantages.

Siproxd: Installation and Configuration

Siproxd runs on a variety of Unix variants. It is currently known to work on:

  • Linux
  • FreeBSD
  • OpenBSD
  • SunOS
  • Mac OS X

Installation of the siproxd package in pfSense is easy. Navigate to System -> Packages, scroll down to sixproxd in the packages list, and press the “plus” button (+) to install siproxd. On the next page, press the “Confirm” button to confirm installation, which should take less than two minutes.

Once siproxd is installed, you can begin configuration by navigating to Services -> siproxd. There are three tabs: “Settings“, “Users“, and “Registered Phones“. On the “Settings” tab there are several general settings. Check the “Enable siproxd” check box to enable or disable siproxd. The “Inbound interface” dropdown box allows you to select the inbound interface (usually WAN). You can also select the “Outbound interface” (usually LAN). The “Listening port” edit box allows you to enter the port on which to listen for SIP traffic (default port is 5060). The “Default expiration timeout” specifies the timeout (in seconds), provided that the REGISTER request does not contain an Expires header or an “expires=” parameter.

Under “RTP Settings“, you can configure settings for the Real-time Transport Protocol (RTP), a standardized packet format for delivering audio and video over IP networks. The “Enable RTP proxy” dropdown box allows you to enable or disable the RTP proxy (default is enabled). In the next two edit boxes, you can enter the lower and upper bounds for the RTP port range (the default is 7070 to 7079). Finally, you can enter the “RTP stream timeout”, the number of seconds after which an RTP stream will be considered dead and proxying it will stop (the default is 300 seconds).

The next section is “Dejittering Settings“, which allows you to set an artificial delay to de-jitter RTP data streams (both input and output). The default is zero (no dejittering).

Next is “SIP over TCP Settings“. Here can can configure a “TCP Inactivity timeout” to set the amount of time (in seconds) after which an idling TCP connection will be disconnected. The “TCP Connect Timeout” defines how many milliseconds siproxd will wait for a successful connect when establishing an outgoing SIP signaling connection. “TCP Keepalive” is used for TCP SIP signaling. If this parameter is greater than zero, empty SIP packets will be sent every n seconds (where n is the number specified) to keep the connection alive. The default value is zero (off).

In the next article, we will continue our look at configuring siproxd.

External Links:

The official Siproxd site.

Siproxd on SourceForge.

Real-time Transport Protocol on Wikipedia

Reader’s Mailbag: 1-7-2015

I received an e-mail from a reader stating that even though he had an internet connection, he could not access the internet through his pfSense firewall. It occurred to me that there might be several reasons why this might be the case: pfSense's … [Continue reading]

Nagios Installation and Configuration: Part Two

In the previous article, we introduced Nagios and began covering installation. In this article, we will continue our look at Nagios, covering configuration and installation of plugins. Nagios Configuration Now that Nagios has been installed, … [Continue reading]

Nagios Installation and Configuration: Part One


Nagios is an open source computer system monitoring, network monitoring and infrastructure monitoring software application. It enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes, … [Continue reading]

netio: A Network Benchmark Tool


netio is a network benchmark utility for OS/2 2.x, Windows, Linux and Unix. It measures the net throughput of a network via TCP and UDP protocols using various different packet sizes. For netio to run a benchmark, one instance has to be run on one … [Continue reading]

HAProxy Load Balancing: Part Three


In the previous two articles in this series, we introduced HAProxy and began looking at configuration of HAProxy under pfSense. In this article, we conclude our look at HAProxy configuration. In the HAProxy Listener configuration tab, we had … [Continue reading]

Amazon Affiliate Purchases: October 2014

Here are some of the items readers bought through my Amazon affiliate links: Coolerguys Programmable Thermal Fan Controller with LED Display EnGenius Technologies Dual Band 2.4/5 GHz Wireless AC1200 Router with Gigabit and USB (ESR1200) Fan … [Continue reading]

HAProxy Load Balancing: Part Two


In the previous article, we introduced HAProxy as a load balancing solution for TCP and HTTP-based applications. In this article, we will continue our look at HAProxy configuration. The next setting in the "Settings" tab is "Global Advanced pass … [Continue reading]

New Python Site Launched

Anyone who has an interest in the Python programming language might want to take a look at my latest site, I only have a few articles posted so far, but I am setting a goal of posting at least two articles a week. As someone whose … [Continue reading]

HAProxy Load Balancing: Part One


HAProxy is an application offering high-availability, load balancing and proxying for TCP and HTTP-based applications. It is particularly suited for high traffic web sites, and is used by a number of high-profile websites including GitHub, Stack … [Continue reading]

© 2013 David Zientara. All rights reserved. Privacy Policy