[Ekiga-list] Problem receiving calls... and a solution.

Gustavo Maciel Dias Vieira gustavo at sagui.org
Thu Feb 1 11:13:41 UTC 2007 

Hi all,

First of all, thank you for the nice work bringing Ekiga to the world.
It's one of the best softphones out there, and it's free!

I've run into a problem trying to set up Ekiga and luckily was able to
fix it. As I didn't find a (specific) mention of it in the FAQ and it
seems to me to be fairly common, I'm sending it to you in hope of
helping someone else. Maybe it should go to the FAQ?

Here is the problem: I've got a simple setup, Linux (Fedora 6), no NAT,
a direct connection to the net, but I've got a strict firewall
(iptables, stateful). Concerning UDP, only ESTABLISHED,RELATED packets
are allowed in, all packets are allowed out. Pretty simple, pretty
common, I suppose. The problem is, with this setup Ekiga (as configured
by the wizard, with STUN) only receives calls just after connecting to
ekiga.net (or any other SIP provider). I can make calls, but if I let
Ekiga running after some time I can't receive any calls.

Here is the cause: Ekiga (probably following SIP) registers with a
service using UDP and the service (probably following SIP) expects to
find Ekiga at the port it sent the registration (I guess :)). Well, in
Linux with IP iptables, this port is only accessible for 180 seconds
after the registration. After this time, the firewall will block the
packets coming from the SIP service, as it considers the "session" to be
over.

Here is the solution: There are two ways of coping with that. If you can
control your host (root), you can set the UDP iptables timeout to one
hour:
 # echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
The FAQ hints at this buried in the script of section 6.2, but it points
to the wrong variable ip_conntrack_udp_timeout instead of
ip_conntrack_udp_timeout_stream. See
http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN730 for
more details. You can use the sysctl utility to set kernel variables
more easily. If you don't have control of your host, you can configure
each account to refresh the registration every 180 seconds.

That's it. Hope I've got it right and that it is useful. :)

Abraços,
Gustavo

More information about the ekiga-list mailing list