router reference guide for upnp settings with hts...router which is support upnp functions, when you...
TRANSCRIPT
Router reference guide for UPnP settings with HTS
Panasonic Corporation Connected Solutions Company
Version:1.0 1st April, 2018
1. Routers list of UPnP availability
Model Get External IP Port FWD Connect WebMC
SIP EXT. SIP trunk
Max PFWD by UPnP(*1) Supplement
BELKIN F9K1004
○ ○ ○ 443
△ MAX 2channels
7 Can not confirmed port forward table in WEB screen. Max port forwarding numbers 7 ports.
D-Link DIR-825
○ ○ ○ 443
○ More than 1000 Can not confirmed port forward table in WEB screen. Need to disable SIP-ALG
D-Link DSR-500
○ ○ ○ 443
○ More than 1000 SIP-ALG Disable by Default
Linksys E1200
○ ○ ○ 443
○ 255
Can not confirmed port forward table in WEB screen. SIP-ALG Disable by Default
NetGear WNDR4300
○ ○ ○ 443
○ More than 1000 UDP123 Port of NTP can’t forward from outside. Need to disable SIP-ALG
Xiaomi Mi Wifi Mini
○ ○ ○ 1024~
○ More than 1000 Not accept TCP 443, HTS HTTPs port should be change to 1024 or more.
ASUS RT-AC68U
○ ○ ○ 1024~
▲ (*2)
256
Not accept TCP 443, HTS HTTPs port should be change to 1024 or more. Need to disable SIP-ALG
MikroTik hEXlite RB750r2
○ ○ ○ 443
○ More than 1000 Model RB750GL Also confirmed Need to disable SIP-ALG
TP-Link AC-1750
○ ○ ○ 443
○ 64 Need to disable NAT Boost Need to disable SIP-ALG
Dray Tek Vigor 2860
○ ○ ○ 443
○ 29 SIP-ALG Disable by Default
*1 Maximum port forward entry numbers confirmed by UPnP test tool. *2 We found an unstable behavior while our Lab testing, sometime second remote terminal rejected register by the router, sometime HTS couldn’t get router WAN IP address. 1
2. UPnP function of HTS
HTS is support UPnP functions by the Version 002.00022 or later. Port forwarding of SIP, RTP and Web-MC ports are automatically add into the router which is support UPnP functions, when you Enable the SIP trunk, the Remote Extension and Remote Web-MC on the HTS. Remote Web-MC available 192.168.22.99:443 Router WAN IP address : 443 One SIP trunk available 192.168.22.99 : 5060 Router WAN IP address : 5060 192.168.22.99 : 12000 Router WAN IP address : 12000 192.168.22.99 : 12001 Router WAN IP address : 12001 One Remote Extension available at the same unit. 192.168.22.99 : 12002 Router WAN IP address : 12002 192.168.22.99 : 12003 Router WAN IP address : 12003 One more Remote Extension add to the same unit 192.168.22.99 : 12004 Router WAN IP address : 12004 192.168.22.99 : 12005 Router WAN IP address : 12005
One Voice call occupied two ports for both the even port of RTP and odd port of RTCP. One Video call occupied four ports. 2
xxx.xxx
3. How to activate an UPnP functions
PBX Configuration -> 7.SIP Extension Property
NAT Traversal : UPnP@
UPnP@-Port Forward for Remote WebMC (HTTPs) : Enable
UPnP@-Port Forward for Remote SIP Extension : Enable
UPnP@-Port Forward for SIP Trunk : Enable
UPnP@ can get public IP address at Router WAN side.
3
3. HTS UPnP active port confirmation
It should be change to another port number except 443 like below when UPnP can’t make port forward to TCP443 port. (e.g.30443)
How to enable the Remote Web Maintenance Remote Web Maintenance : Check = Enable Web Maintenance Password for Remote Access : Click = Edit (Enter new password) Click = Apply *New Password (must be 8-16 characters including numeric character and alpha character)
4
3. HTS UPnP active port confirmation
How to connect to Web Maintenance console from remote site Open web browser -> Enter URL “https:// xxx.xxx.xxx.xxx:30443”
You can confirm the UPnP status after working the UPnP port forward functions like below.
xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx is public WAN IP address of near end router at HTS site.
5
4. BELKIN F9K1004
Advanced -> UPnP -> Both check box already check by default It doesn’t have conformation method for port forwarding table by UPnP.
Model : Wireless N Router with VPN Hardware version 1.1.0 Application version 1.0.4
6
4. BELKIN F9K1004
Note: BELIKN F9K1004 UPnP function has a limitation which is maximum forwarding ports up to 7 ports by UPnP functions.
Https TCP 443 SIP UDP 5060 RTP UDP 12000 RTP UDP 12001 RTP UDP 12002 RTP UDP 12003 RTP UDP 12004
7
5. D-Link DIR-825
UPnP Default = Enable ADVANCED-> ADVANCED NETWORK -> UPnP -> Enable UPnP -> Check (Default)
Firmware Version : 2.10NA
It doesn’t have conformation method for port forwarding table by UPnP.
8
5. D-Link DIR-825
ADVANCED-> FIREWALL SETTING -> APPLICATION LEVEL GATEWAY(ALG) CONFIGURATION -> SIP-ALG= Uncheck SIP
9
6. D-Link DSR-500
UPnP Default = OFF Network -> LAN -> UPnP -> Activate UPnP = ON
Firmware Version : 2.02BD02C_WW
10
6. D-Link DSR-500
You can confirm UPnP Port Map list by click on the refresh icon.
Note: DSR-500 UPnP function is not able to accept TCP 443 port forwarding therefore HTS have to change a https web server port to different port like 30443 in HTS Application server settings.
Activate UPnP = ON (Default=Off)
11
6. D-Link DSR-500
Security -> Firewall - > ALGs
SIP ALG = Off (Default)
12
7. Linksys E1200
Administration -> Management -> UPnP -> Enabled (Default) It doesn’t have conformation method for port forwarding table by UPnP.
Firmware Version: FW:2.0.09.002
SIP-ALG Disable by Default
13
8. NETGEAR WNDR4300
ADVANCED -> Advanced Setup -> UPnP -> Check Turn UPnP On(Default) Apply (You can conform the port forwarding table by UPnP.)
Firmware Version: FW:1.0.2.98
14
8. NETGEAR WNDR4300
ADVANCED -> Setup -> WAN Setup -> Check Disable SIP ALG -> Apply SIP ALG is Enable by default.
15
9. Xiaomi Mi Wifi Mini
高级设置 -> 其他 -> UPnP状态 -> ON (Default) You can confirm UPnP Port Map list
on the same screen.
Firmware Version: FW:2.18.15
Note: Xiaomi UPnP function is not able to accept TCP 443 port forwarding therefore HTS have to change https web server port to different port like 30443 in HTS Application server settings.
16
10. ASUS RT-AC68U
WAN -> Internet Connection -> Enable UPnP = Yes (Default) Firmware Version:3.0.0.4.384_20308
17
10. ASUS RT-AC68U
Advanced Settings-> System Log -> Port Forwarding (Refresh) You can confirm the Port Forwarding table.
Note: ASUS UPnP function is not able to accept TCP 443 port forwarding therefore HTS have to change https web server port to different port like 30443 in HTS Application server settings.
18
1) Select WAN from the Advanced Settings 2) Click NAT Passthrough 3) Select SIP Passthrough Mode : Disable 4) Click Apply
The RT-AC68U is enabled ALG functions by default settings, hence you should be disabled it according to SIP Passthrough.
2
4
1
3
Disable the SIP-ALG function
10. ASUS RT-AC68U
19
10. ASUS RT-AC68U
Disable SIP-ALG functions is also need to enter the CLI commands by telnet connection as below step.
1) Select Administration 2) Select System 3) Check Enable Telnet : Yes
Step1
Disable the SIP-ALG function
1
2
3
20
10. ASUS RT-AC68U
RT-AC68U login: admin Password: pana0101 admin@RT-AC68U:/tmp/home/root# admin@RT-AC68U:/tmp/home/root# nvram get fw_pt_sip 1 admin@RT-AC68U:/tmp/home/root# nvram set fw_pt_sip=0 admin@RT-AC68U:/tmp/home/root# nvram commit admin@RT-AC68U:/tmp/home/root# nvram get fw_pt_sip 0 admin@RT-AC68U:/tmp/home/root# reboot
Step2 Enter the SIP-ALG disable command by CLI mode. Open the terminal software like a “Tera Term ”.
1) Display login prompt 2) Enter login ID (Same as WEB login) : admin 3) Enter password (same as WEB login) : pana0101 4) Display : admin@RT-AC68U:/tmp/home/root# 5) Enter : nvram get fw_pt_sip 6) Display : 1 7) Enter : nvram set fw_pt_sip=0 8) Enter : nvram commit 9) Enter : nvram get fw_pt_sip 10) Display : 0 11) Enter : reboot The router will booting up after few minutes.
Disable the SIP-ALG function
21
11. Mikro Tik RB750
UPnP Enable IP -> UPnP Enable : Check Allow To Disable External Interface : Check Show Dummy Rule = Check Click Apply Click Interface
Model : Router BOARD 750 r2 Factory Firmware 3.3 3 Current Firmware 3.33 Upgrade Firmware 3.29 Package Version 6.34.2
Model : Router BOARD 750GL Factory Firmware 3.1 7 Current Firmware 3.33 Upgrade Firmware 3.33 Package Version 6.38.3
22
11. Mikro Tik RB750
Enabled = check Interface= ether1(WAN) Type= external Click Apply
Enabled = check Interface= ether2(LAN) Type= internal Click Apply Click OK
23
11. Mikro Tik RB750
IP -> Firewall -> NAT You can confirm current NAT table.
24
11. Mikro Tik RB750
SIP-ALG Disable IP -> Firewall -> Service Ports -> SIP Enable (Default) : Click D (change to E) You should disable SIP ALG as below
25
12. TP-LINK AC-1750
UPnP Enable Advanced -> NAT Forwarding -> UPnP -> UPnP = ON (Default)
You can confirm the Port Forwarding table.
Firmware Version : 1.0.5 Build 20171101 rel.37754(4A50)
26
12. TP-LINK AC-1750
SIP-ALG Disable (Default=Enable) Advanced -> NAT Forwarding -> -ALG - > Enable SIP ALG : uncheck(Disable)
27
12. TP-LINK AC-1750
NAT Boost Disable (Default=Enable) Advanced -> System Tools-> System Parameters - > NAT Boost : uncheck(Disable)
28
13. Dray Tek Vigor 2860
UPnP Enable Applications -> UPnP -> Enable UPnP Service= Check (Default : Uncheck)
29
13. Dray Tek Vigor 2860
Diagnostics -> NAT Session Table You can confirm current NAT Active Session Table which are not all forwarded ports by click Refresh.
30
13. Dray Tek Vigor 2860
SIP-ALG NAT -> ALG -> Uncheck Enable ALG (Default)
31
32