SIP Links Scenario STUN
STUN is a network protocol that recognizes the existence and type of firewalls and NAT routers and takes this information into consideration. It enables the uncomplicated use of devices (e.g. SIP telephones) and programs in networks that should receive information from the Internet.
STUN helps to identify the current public IP address of the line. This is necessary in order for the opposite terminal to correctly address and return your call data.
See RFC Standard (RFC 3489).
Fig. 14-2: STUN
STUN messages are sent by the LinkManager at least every 10 seconds as long as there is no other data traffic circulating via the corresponding port. This ensures that the NAT router's NAT table (masquerading) cannot be destroyed again and that changes to the external IP address of the NAT router can be transmitted. This means that SwyxWare SIP trunks can also be operated with a DSL connection that is terminated every 24 hours by the IP provider and thus receives a new IP address.
Therefore, STUN messages, SIP logon, the SIP connection creation, and the voice data are sent via the NAT router.
If a firewall exists, it must be disabled for this type of communication. The rules required are described below and must be configured in the appropriate syntax in your firewall.
* Sending STUN messages
The LinkManager sends STUN messages from port 65002 to the configured STUN server. The destination port for STUN messages is usually port 3478, but there are exceptions, e.g., SIPGate uses port 10000.
* Receiving STUN messages
STUN response messages should also be permitted.
* SIP messages
SIP messages are sent by the LinkManager from port 65002 to the SIP port of the SIP provider. The SIP port is usually the well-known port 5060. The return route for the responses should also be cleared.
Please note that when using a NAT router, port forwarding must be configured so that the SIP messages, which are received on the public IP address of the NAT router on port 5060 are also forwarded to the LinkManager on port 65002 in the internal network.