Siproxd is a proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections work via a masquerading firewall (NAT). It allows SIP software clients or SIP hardware clients to work behind an IP masquerading firewall or NAT router.
SIP, or Session Initiation Protocol, is a standardized set of formats for communicating messages used to initiate, control, and terminate interactive Unicast or Multicast user sessions with multimedia services such as Internet telephone calls, video conferencing, chat, file transfer and online games. Originally developed in 1996 (and standardized in 2002 under the name RFC 3261 by the Internet Engineering Task Force), SIP is the most widely used communication protocol and is the protocol of choice for most VoIP phones to initiate communication. By itself, SIP does not work via masquerading firewalls, as the transferred data contains IP addresses and port numbers. Thus, using SIP over a firewall requires solutions to traverse NAT, but such solutions may have disadvantages or may not be applied in certain situations. Siproxd does not aim to be a replacement for these solutions; however, in some situations it may bring advantages.
Siproxd: Installation and Configuration
Siproxd runs on a variety of Unix variants. It is currently known to work on:
- Mac OS X
Installation of the siproxd package in pfSense is easy. Navigate to System -> Packages, scroll down to sixproxd in the packages list, and press the “plus” button (+) to install siproxd. On the next page, press the “Confirm” button to confirm installation, which should take less than two minutes.
Once siproxd is installed, you can begin configuration by navigating to Services -> siproxd. There are three tabs: “Settings“, “Users“, and “Registered Phones“. On the “Settings” tab there are several general settings. Check the “Enable siproxd” check box to enable or disable siproxd. The “Inbound interface” dropdown box allows you to select the inbound interface (usually WAN). You can also select the “Outbound interface” (usually LAN). The “Listening port” edit box allows you to enter the port on which to listen for SIP traffic (default port is 5060). The “Default expiration timeout” specifies the timeout (in seconds), provided that the REGISTER request does not contain an Expires header or an “expires=” parameter.
Under “RTP Settings“, you can configure settings for the Real-time Transport Protocol (RTP), a standardized packet format for delivering audio and video over IP networks. The “Enable RTP proxy” dropdown box allows you to enable or disable the RTP proxy (default is enabled). In the next two edit boxes, you can enter the lower and upper bounds for the RTP port range (the default is 7070 to 7079). Finally, you can enter the “RTP stream timeout”, the number of seconds after which an RTP stream will be considered dead and proxying it will stop (the default is 300 seconds).
The next section is “Dejittering Settings“, which allows you to set an artificial delay to de-jitter RTP data streams (both input and output). The default is zero (no dejittering).
Next is “SIP over TCP Settings“. Here can can configure a “TCP Inactivity timeout” to set the amount of time (in seconds) after which an idling TCP connection will be disconnected. The “TCP Connect Timeout” defines how many milliseconds siproxd will wait for a successful connect when establishing an outgoing SIP signaling connection. “TCP Keepalive” is used for TCP SIP signaling. If this parameter is greater than zero, empty SIP packets will be sent every n seconds (where n is the number specified) to keep the connection alive. The default value is zero (off).
In the next article, we will continue our look at configuring siproxd.