Most residential VoIP services work perfectly without any additional configuration by the end-user.  They just plug in a Linksys PAP2T-NA (or similar device, referred to as adapter going forward) that's been pre-configured by the provider, and it handles the typical home network without any issues.

However, for those users who experience no dial tone or missed incoming calls, there is always one culprit: the home router.

Why You're Using a Router

For most end-users, the purpose of having a router is simple. They are assigned a single IP address from their ISP, but they have multiple devices. In order to share that IP, you need a router to perform the network address translation (NAT) between your private network and the public network (Internet). Let's assume the adapter's private IP is 192.168.1.101 and your public IP is 222.222.222.222.

When you plug your adapter into the router, it usually gets an IP address via DHCP. For example, the adapter will get IP address 192.168.1.101.

Tip: If you have manually set a static IP on the adapter, then you must also set the default gateway, network mask and a DNS server.

Next, the adapter will use DNS to lookup the IP address associated with the VoIP gateway that has been configured. For example, if your adapter has been configured with gateway.provider.com, and a DNS server of 8.8.8.8 (Google's public DNS server), the adapter will ask 8.8.8.8 for the IP address that is associated with gateway.provider.com. Let's assume the response is 74.63.41.218.

How Your Router is Supposed to Behave

Now your adapter will attempt to register to 74.63.41.218 using a SIP REGISTER packet. The packet will originate from 192.168.1.101 (your adapter) on UDP port 5060 (you can change this) and will be destined for 74.63.41.218 (your provider's gateway) on UDP port 5060 (you can't change this unless your provider says so). Your router will receive this packet, select a random public port for this conversation and forward the packet on to your provider. To your provider, this packet will look like it's coming from 222.222.222.222 (your public IP) on a random UDP port (43211), not the private IP and port that it originated from. If everything works properly, this packet will make it from the adapter, to the router, to the Internet, to the provider and the response will make it all the way back. Your router will remember that it used UDP port 43211 for this conversation and will continue to forward anything that comes into that port to the adapter's IP address (192.168.1.101) and UDP port (5060).

Tip: You can verify if it's working by looking at the status page of your adapter and confirming that the SIP Messages Sent and SIP Messages Received counters are both increasing.

Since routers typically "clean up" connections that aren't being used, the mapping between the adapter and random UDP port 43211 will be forgotten at some point. Typically, your adapter will register and then be inactive until you make or receive a call.  Since this could be a long time, it's likely that the router will determine the connection is inactive and the port mapping will be forgotten after a few minutes. Now when your provider attempts to send you an incoming call on UDP port 43211, the router will have closed the port and your caller will hear a busy signal or be sent to voicemail. To prevent this, your adapter will most likely be configured to send a NAT Keep-Alive message periodically.  This message will keep the conversation going during periods of inactivity, prevent the router from forgetting the port mapping, and ensure incoming calls will ring.

Troublesome Routers

However, sometimes there is a NAT configuration problem and packets make it from your adapter to the provider, but they never make it back. This is either because your provider is not properly detecting your public/private IP addresses (unlikely) or because your router is blocking the replies. Some routers remember the port mapping for a very short period of time or have some advanced firewall-type features (SIP ALG) which will always cause problems.

Tip: You should always shut off any VOIP or SIP-aware functionality in your router, because it is unlikely that the router engineers have implemented 100% SIP-compatible features.

Port Forwarding

The easiest solution is to purchase a router that is known for being SIP compliant. If purchasing a new router is not an option, then you can try port forwarding. When you configure port forwarding, you are hard-coding the mapping between the private IP:port and the public IP:port. This is a common solution because most routers can properly handle port forwarding, since it's a much simpler feature to implement.

Tip: If you're going to setup port forwarding, then you should set a static IP on your adapter. Otherwise, your adapter's IP could change via DHCP, making the hard-coded port forward rule invalid.

One of the problems with port forwarding is that it will forward all traffic, from any source (trusted or not) to the adapter. Remember, without port forwarding, the router assigned a random port and kept the established connection open between the two endpoints. There is a strong possibility that someone could use this vulnerability to compromise your VoIP client, especially if it's a PBX (Asterisk, Freeswitch, Trixbox, etc).

Warning: You should NEVER configure port forwarding if you are using a software PBX (Asterisk, Freeswitch, Trixbox, etc) or place the PBX in the DMZ. Your PBX will be compromised.

Another snag you may run into with port forwarding is if you have multiple adapters. Without port forwarding, each adapter will be assigned a random port on the public IP address by the router, even if they all are listening to UDP port 5060 on their private IP addresses. However, if you decide to use port forwarding, all inbound traffic to UDP port 5060 will only redirect to one adapter. This is where things start to get messy so you'll probably want to create a diagram so you can make sure every device is configured properly. Set each line on each adapter to use a different UDP port (5060, 5061, 5062, etc) and then setup port forwarding to forward the corresponding public UDP ports (5060, 5061, 5062, etc) to the adapter that's listening on that port.

Placing your adapter in the DMZ, which is effectively forwarding all ports to the device, is not recommended. Any malicious user that has access to every port on your adapter will be able to compromise it.

Before You Spend Hours Troubleshooting

The first thing you should do before tinkering with your setup is to open a ticket with your provider. They have the ability to see exactly what is causing you to not have a dial tone or miss incoming calls. They will be able to recommend settings for your router that will ensure your service will work properly. Remember, even if you tweak your adapter and router to work with one provider, there's no guarantee it will work with another provider. Your first step should always be to contact them -- it could save you hours of time.