VoIP with m0n0wall

Let me give some details about how I (finally) got VoIP working with multiple phones behind m0n0wall, which is a popular, open-source firewall appliance.

My setup here at home is quite normal: Cable modem for internet access, providing a single, changing internet IP address. Behind that, I’ve placed an ALIX-based m0n0wall version 1.34 with a private network (let’s say it is

We have three physical IP phones, two Grandstream GXP2200 and one
DP715. Also, there are two separate sipgate.de accounts with multiple phone numbers each to route. For clarity’s sake, lets call the accounts SIP1 and SIP2.

Configuration information for sipgate.de, especially in respect to routers, is very sparse and sometimes unnervingly opposing. You’ll find infos on how to use STUN, you’ll find infos recommending not to use STUN.

You’ll find lots of people asking for help with setting up VoIP, with very few answers. A couple of really good content is linked to at the end.

We had a very strange issue with an older Grandstream (GXP2000) dropping calls after a few minutes (consistently!) - I’m still not certain wether the phone itself has a defect or what the problem is.

In any case, the setup I ended up using was to assign different RTP and SIP Ports for each phone and line that is configured.

Some basics:

GXP2200-1: (only SIP1 numbers)
GXP2200-2: (mixed SIP1 and SIP2 numbers)
DP715: (only one SIP1 number)

I assigned the following ports:

GXP2200-1 RTP / SIP:
Account 1: 5004 / 5060
Account 2: 5008 / 5062
Account 3: 5012 / 5064

GXP2200-2 RTP / SIP:
GXP2200-1 RTP / SIP:
Account 1: 5104 / 5160
Account 2: 5108 / 5162
Account 3: 5112 / 5164

DP715 RTP / SIP:
Account 1: 5204 / 5260

The ports you choose are somewhat irrelevant, as long as you set them up for NAT and in the firewall rules.

All RTP/SIP traffic is via UDP, so when setting up NAT and the firewall rules, restrict yourself to this protocol (it makes the firewall a tad more secure and uses a tick less resources).

Since there is no real point in creating single entries for each individual port (remember that RTP may use odd-numbered ports for additional communication), I added NAT and firewall rules for port blocks in regard to the protocol and the phone.

I.e.: for GXP2200-1 I opened ports 5004-5059 for RTP and 5060-5099 for SIP.

The most important part in the config is to point the NAT entry to the right IP address; i.e. NAT for 5004-5059 needs to go to and so on.

Once both NAT and firewall rules are set up, IP service works like a charm. I read several blogs that seemed to state that sipgate has issues with multiple IP phones behind a NAT firewall, but this simply doesn’t seem to be the case.

Since sipgate also has a proxy as part of their offering (sipgate.de), there is no need for a local proxy such as
siproxd. m0n0wall doesn’t offer “plugin” installation anyway, so if a local proxy was necessary, I’d probably have to switch to pfsense.

A really good article on VoIP over m0n0wall is
this one.

Review Grandstream DP715 DECT VoIP Phone

Because of severe functional issues with a FritzBox 7270 and connected MT-F DECT Handsets, I looked for an alternative DECT handset that I could use with our VoIP telephony account.
Besides the ominous Gigaset options, there isn't that much to choose from. After a complete disaster with a no-frills Gigaset DECT handset, I swore I would never buy Gigaset again, so the only alternative - at least at the time - seemed to be the Grandstream DP715.

The specs sound pretty okay, and we've had very good results with a Grandstream wired VoIP phone. On top of all that, the price was quite okay (I paid €60), so I purchased the phone. 

All in all, though, the phone isn't really to be recommended. The display is a complete loss; it reminds me of early 90's Nokia mobile phones. Bizarre looking symbols (there is one that flashes at me constantly, and I still don't know what it means), crappy contrast. Number keys are not lit. There is no way to provision the phone with a phonebook. None. At all.  What a pain in the butt, to be punching in names using that clunky "alphabet on the number buttons" method!  That, too, makes me feel like I've warped back to the "good ol' days" of the GSM heyday.

The rechargeable batteries are two NiMH AAA Jobbers with 500 mAh of "life". Yikes. That is supposed to power the phone for 80h standby, according to the spec sheet. I don't buy it, and that brings me to the absolute no-go of this phone: when the battery is low, it starts beeping, perhaps once per minute. That's fine - let me know ahead of time if I'm about to drop a connection. Unfortunately, the beep is extremely loud and will knock your eardrum a couple of mm down the hole. Apparently to compensate the infinitesimal warning beep, the volume of the person talking to you is increased beyond the envelope you would ever expect the earpiece of such a phone to be able to reach. If your eardrum didn't pop from the beep, it will do so from the person now screaming into your ear.

OK, I'm exaggerating, but only a little. My eardrum didn't pop, but I ended up - after getting over the initial shock - holding the phone a ways away from my ear, which made the conversation difficult to say the least.

Grandstream does some phones really well, but this little guy is not one I would recommend to anyone!