Tech

SIP Gateway Behind NAT

Published on:

October 4, 2013

Network Address Translation (NAT) was a workaround for the limited IPv4 addresses, and SIP was designed to be NAT-unfriendly to encourage IPv6 adoption. However, as IPv6 remains far from mainstream, NAT is still a challenge. The Vodia PBX addresses this with a "mini-session border controller," which detects non-routable IPs and ignores SIP routing information. This solution works well with endpoints but faces issues with gateways behind NAT. The upcoming version 5.1.3 introduces a trunk flag to prevent the PBX from updating the SIP route, allowing for better communication. This also simplifies gateway registration, offering a more stable NAT workaround until IPv6 becomes common.

Network Address Translation (NAT) was a hack to deal with the fact that the most of us just get one IPv4 IP address from our provider. SIP was purposely defined NAT unfriendly to promote the use of IPv6 networks. While we are still waiting for IPv6 to become mainstream for more than a decade now we have to deal with this reality.

For the SIP phones the Vodia PBX has a logic that we call a “mini-session border controller”. It detects when a device runs on a network address that is not routable and then ignores the SIP routing information in it. While that makes our life easier with endpoints, we recently found out that life is not so simple with gateways if they are behind NAT. Here is the setup:

A PSTN gateway runs on a private IP address. On the firewall, the SIP port was forwarded to the private IP address of the gateway, so that the PBX can send SIP INVITE to the gateway. On the gateway, the outbound proxy is set to the PBX, which is running on a public IP (e.g. on a hosted PBX like the one on our http://hostedi.am).

The problem is this: When the PBX sends an INVITE to the gateway, the gateway responds with its private IP address in the routing headers. In SIP, the UAC (the PBX) is supposed to update the routing information and there the communication breaks. The PBX cannot send the ACK request to the gateway, and the call setup eventually times out.The solution that we will introduce in version 5.1.3 is another trunk flag. It will have the name “Don't accept SIP routing changes in dialog” and it does what is name says: When the PBX receives a response, it sticks to the original destination and does not update the route. This way the PBX can continue talking to the PBX. Because the PBX advertises an address for the media that is routable for the gateway, it will start receiving media from the gateway and that’s where it sends the media back. Fortunately, most gateways did not follow the IETF proposal to use different ports for sending and receiving, so that this works also when the gateway is behind NAT.

This new setting has the potential to render the feature of the dial plan to send calls to a registered extension obsolete. Instead of registering the gateway to the PBX, the firewall just needs to forward the requests to UDP port 5060 to the gateway. Of course, other ports than 5060 can also be easily used. If the public IP address of the local network keeps changing, services like dyndns can help directing the PBX to the right location.

Another workaround for NAT. I can’t wait until IPv6 becomes widely available.

Latest Articles

View All

Webinar | Real-Time Media Streaming in Vodia PBX: AI, Call Transcription, and Security in V69.5.6

Join Vodia Networks on April 8 for a live, in-depth webinar on how real-time media streaming is powering the future of voice communication. Discover how Vodia PBX version 69.5.6 enables seamless AI integration, live call transcription using the Whisper API, and secure voice data handling. Hosted by Sales Engineer Eric Altman and VoIP Engineer Hamlet Collado, this session will walk you through real-world use cases, including OpenAI and Google Speech-to-Text integrations, MS Teams support, and new security features. You’ll also get a first look at Vodia’s AI roadmap and have the opportunity to ask your questions during a live Q&A.

March 28, 2025

The Vodia PBX On-Premise Whisper AI Deployment​

Whisper, OpenAI’s Automatic Speech Recognition system, delivers multilingual, noise-tolerant, and technical-language-ready transcription through a streamlined encoder-decoder architecture. With Vodia PBX’s integration, organizations can choose between using OpenAI’s service or hosting Whisper AI locally for complete data sovereignty and control. This on-premise option ensures that sensitive call data stays within your infrastructure while still benefiting from powerful transcription capabilities. To explore deployment options, see our Whisper AI on-premise setup documentation, review a self-hosted integration example, or follow our cloud-based call transcription guide.

March 27, 2025

Vodia at Enterprise Connect 2025: Embracing AI and Advancing Communications

Vodia Sales Engineer Eric Altman attended Enterprise Connect 2025 on March 18 and 19, where he connected with partners and gained insight into the future of enterprise communications. AI was the clear focus of the event, with discussions centered on agentic systems, chatbots, and generative technologies. “It was certainly the main element in the atmosphere,” Eric noted. He also shared his excitement about Vodia PBX version 69.5.6, which includes real-time AI integration with OpenAI and call transcription using the Whisper API. The event confirmed that AI is rapidly becoming a core component of modern communication platforms—and Vodia is well-positioned to lead the way.

March 26, 2025