my 3G operator blocked my SIP calls, now its not even registering

[GoogleCodeExporter]

Im new here, pleas help me. Im im using CSIPsimple on my Galaxy Note as a 
remote extension of my own PBX system, it worked well for few days, but 
suddenly it disconnected and cant register to my SIP account anymore. I 
switched to Wifi (ADSL internet) and now t works only on Wifi but not on 3G, so 
my 3G provider confirmed they dont allow voip calls. is there any possibility 
to overcome my 3G operator's restriction?

Original issue reported on code.google.com by 7778...@gmail.com on 29 Mar 2013 at 5:33

[GoogleCodeExporter]

I encountered the same on one of my SIMs - the only satisfactory workaround I 
found was to use a VPN.

Original comment by soru...@gmail.com on 31 Mar 2013 at 8:37

[GoogleCodeExporter]

Well in pure theory as soon as your 3G carrier prohibit to use VoIP on their 
data channel by contract it's theoretically not allowed. So I don't encourage 
you to break their controls because by contract they will always get the last 
world if it comes they decide to be annoying with you.

Personally I think these carrier are not very fair and users should push to 
refuse such contracts. 
Net neutrality is important and if they start blocking some usage it can goes 
in very bad ways and they can start blocking service they don't want you to use 
and finally totally handcuff their users to the service they choose.

So... some things you might find interesting :
These 3G carrier base their filtering usually on pretty simple things : the 
port used to connect the remote server and/or some deep packet inspection they 
do on what goes on the network (BTW, not very good for your privacy if they do 
so too).

If it's only a filtering on the port, changing the listening port of your pbx 
system will bypass such kind of check made on the network. 
If it's deep packet inspection, you then need to encrypt stuff. 
BTW, if they do deep packet inspection, I do recommend you to always use 
encryption to connect internet service (even for http, use https, for mail use 
imaps/pop+tls)... who knows what they could do with your packets if they start 
listening and inspecting everything on their network.
So to encrypt SIP, there is SIPS (sip+tls). It's the equivalent of https for 
http. It usually run on port 5061 and everything transmitted is encrypted and 
it's impossible for somebody in the middle to tell what is transmitted. You 
will also need to encrypt audio if you want to be 100% safe. To do so you can 
use SRTP or ZRTP (zrtp is the more recent and promising one).
Else, you can of course use the big hammer which is VPN. The disavantage of VPN 
is that the channel is always connected and active and it might drain battery 
faster. The advantage (if configured to do so) is that it will encrypt 
everything and your carrier will not see anything more than one connection to 
your vpn server (but you can fear they detect you use only one channel and use 
vpn ;) ).

If it's your own pbx system (whatever if you decide or not to overcome your 
operator restriction and potentially break the contract), I advise you to have 
a look on the TLS solution. It's good to encrypt sip even if you use wifi 
access point.

Original comment by r3gis...@gmail.com on 31 Mar 2013 at 10:36

• Changed state: Done

[GoogleCodeExporter]

Hi, thanks a lot for your kind response. since its my own PBX (grandstream 
GXE5024) located in my ofc. I have tried to use TLS solution, but on the 
CSIPSimple, i still unable to use it in TLS mode. I have set on PBX 5061 as TLS 
port and media port starting from 6000. on router (6000-65535 rtp opened) and 
both 5060 and 5061 in udp/tcp opened on router. but still my android is not 
registering on it. can u pls help me to know the typical configuration (on both 
ends) for a TLS method in this scenario.

Original comment by 7778...@gmail.com on 1 Apr 2013 at 3:24

[GoogleCodeExporter]

If SIP is being blocked on 5060, then it's quite possible your provider is also 
blocking 5061 (and 4569 for IAX2) - certainly this was the case for one of my 
mobile lines. You may need to set up a different port (and I'd suggest not 
using one close to these numbers). Changing the port for unencrypted SIP seemed 
to work for me, but I then had trouble with one-way audio...

I also found trying to configure SIPS and encrypted RTP a right pain in the @$$ 
and never got it to work, but got both StrongSWAN and PPTP VPNs working - so 
configured CSipSimple on that handset to use the RFC1918 address of my localnet 
VoIP server thus only reachable on my home WiFi or via the VPN.

Original comment by soru...@gmail.com on 1 Apr 2013 at 9:15