Hi there all,

as mentioned in another thread,
the SIP proxy has been replaced by a true statefull SIP connection tracking helper.

In V6, the SIP Proxy had limitations, as it was only possible to do outbound calls, which means that a Sip client behind the firewall could connect to a SIP server on the internet.

But there were three limitations:
1) no inbound support for SIP calls to your own sip server
2) all SIP RTP packets where proxied by the applications, which created a higher latency and we were forced to open a big udp range for incoming packets.
3) QoS was not abler to properly determain the RTP connections, therefor VoIP prioritization was poor.

This has all been addressed by a helper similar to FTP, which parses the SIP traffic and detects when a calls takes place and opens the matching ports to only allow this specific flow and only for the duration of the call.

Also it is now possible to simply mark the SIP TCP connection (tcp/5060) with a specific number, which gets automatically inheritet to the RTP call packets. This we can easily prioritize the VoIP traffic.

On top of that, the whole handling is now handled in the kernel and not in userspace anymore, which reduces the latency dramatically.

In order to use the new SIP functions, just add:
Internal Network to 'SIP Client'
and
Any to 'SIP Server'.

Than configure your phone to not use a SIP proxy of the firewall, but to directly connect the SIP Servers, as there were no firewall.

Than the ASG will do the magic and handle everything.

On top of that, you can create a DNAT rule to FORWARD port tcp/5060 to you own SIP server, to handle incoming SIP calls.

I hope that was understandable and helps.

best regards
Gert