SIP information & settings
The SIP setup includes the SIP server (registrar/proxy), the ports used and IPv6; signaling runs via TCP and TLS if required. Below you can see the basic or default settings that must be entered in each SIP device, in addition to the user details (user name and password). You can also find information about this in the customer center under the respective help section. A little further down you will also find general information about TCP and TLS/SRTP encryption.
Please note that we have officially supported IPv6 since 2014. This means that you no longer need any NAT or tunnel services if you have a native IPv6 connection (e.g. Deutsche Glasfaser customers) and use the corresponding FQDNʼs of the servers.
The procedures for determining the IP addresses of our SIP servers are DNS A Record, DNS NAPTR Record and DNS SRV Record.
General setup information
Values for registrar, encryption, STUN and auxiliary fields
| Setting | Value |
|---|---|
| IPv4 / IPv6 / DualStack | |
| Default settings | |
| SIP registrar (also for SIP proxy/outbound) Server address (FQDN) | proxy.dus.net |
| SIP registrar (also for SIP proxy/outbound) Server port | 5060 |
| ATTENTION: Only with encryption (must be supported by your end device) | |
| SIP registrar/outbound proxy TLS+SRTP (FQDN) | secure.dus.net |
| SIP registrar/outbound proxy TLS+SRTP server port | 5061 |
| Further settings | |
| STUN server address (FQDN) | stun.dus.net (not necessary for IPv6) |
| STUN server port | 3478 |
| STUN server port alternative | 10000 |
| Please only enter further details if you know what you are changing | |
| DTMF payload | 101 |
| NTP server (time server, FQDN) | ntp.dus.net |
Firewall info
Approvals for SIP server and RTP media relay - IPv4 and IPv6.
| Server service | Server IPv4 | Server IPv6 | Protocol | Ports from-to |
|---|---|---|---|---|
| SIP Registrar | 83.125.8.71 | 2a04:2100:0:100::71 | TCP+UDP+TLS | TCP+UDP+TLS: 5060-5061 TCP+TLS: 32768-60999 |
| SIP Proxy/Outbound | 83.125.8.71 | 2a04:2100:0:100::71 | TCP+UDP+TLS | TCP+UDP+TLS: 5060-5061 TCP+TLS: 32768-60999 |
| RTP Media-Relay | 83.125.8.156 | 2a04:2100:0:300::/56 | UDP | 10000-65535 |
| RTP Media-Relay | 83.125.8.157 | 2a04:2100:0:300::/56 | UDP | 10000-65535 |
| RTP Media-Relay | 83.125.8.158 | 2a04:2100:0:300::/56 | UDP | 10000-65535 |
| RTP Media-Relay | 83.125.8.159 | 2a04:2100:0:300::/56 | UDP | 10000-65535 |
| RTP Media-Relay | 83.125.8.160 | 2a04:2100:0:300::/56 | UDP | 10000-65535 |
Service codes
Special numbers for dus.net customers are listed here.
The service codes always apply to the SIP connection from which you dial the codes. Please dial the numbers as listed, without the area code or other numbers:
| Special numbers |
|---|
| Internal number of the mailbox: 00038711111 |
| External number of the mailbox: 0211-23706687 |
| DTMF test module if there are problems with waiting loops: 00038799998 |
| Echo test for playback of your audio signals to your phone: 00038799999 |
| Code | Function |
|---|---|
| *01 | Mailbox menu |
| *02 | Credit announcement in EUR/cents |
| *10 | Switch number transfer on/off |
| *11 | Switch mailbox on/off |
| *12 | Switch charge announcement on/off |
| *20 | Switch redirection on/off if no response |
| *21 | Switch detour on/off when busy |
| *22 | Switch redirection on/off if unavailable |
| *30 | Pause queue agent |
| *31 | Queue agent resume |
| *40 | Call forwarding - switch on/off immediately |
Wake-up call
You can order a simple wake-up call by using the key codes from the table below.
| Input | Description |
|---|---|
| *55*HHMM# | Order wake-up call HH = hours (24h format) MM=minutes |
| Example Alarm clock at 7:30 am | *55*0730# 2 calls are made at 7:30 a.m. at intervals of 5 minutes |
| #55*HHMM# | Cancel wake-up call HHMM previously set time e.g. 0730 |
| *#55# | Query for active wake-up calls. All active wake-up calls are announced |
IPv4, IPv6, DualStack & DS-lite
Your SIP end devices are usually connected to the dus.net servers via an IPv4 address. Since IPv4 addresses have become very scarce due to the large number of modern applications, the new IPv6 protocol was introduced a few years ago. Of course, dus.net has also supported IPv6 for many, many years. So you have an unlimited choice.
However, IPv4 now exists in a large number of "different versions". This refers to how IPv4 is used differently by the respective internet providers. Many providers no longer assign public IPv4 addresses to their customers, but only internal IPv4 addresses. If a public IPv4 address is assigned, it can also be reached from outside, i.e. your end device, e.g. a FritzBox, is assigned this public IPv4 address and can therefore be reached directly from outside via this address. An internal IPv4 address, on the other hand, is not, i.e. the Internet provider connects a router between its customers and the Internet and makes several of its customers accessible under the same IP address from a public IPv4 address. However, this only works if the ports are different from each other, as this is the only way to differentiate between customers.
The problem here is that connections without a public IP address can only be reached to a limited extent. In this case, the SIP end device usually has to ensure that the connection to our SIP server is always kept open so that continuous accessibility is guaranteed. This is realized by the end devices with the so-called "Keep-Alive" function, which you usually have to activate and/or slightly adjust yourself.
In addition to the classic IPv4 and IPv6 solutions, dus.net also offers the option of connecting so-called DualStack connections. In the table at the top of this page you will find the different forms of connection. Sometimes you have to try a bit with these if it is not quite clear on your side how you are connected.
SIP connections & SIP trunks
At dus.net, all SIP end devices (IP telephones, softphones, FritzBoxes, etc.) are connected via their own SIP connections (also called SIP accounts, extensions, sub-accounts). This means that each of these end devices is connected to our server via a unique IP address and port, making it accessible to us. If two different end devices are connected with the same SIP access data, they alternate with the registration, i.e. sometimes one device is registered, sometimes the other and therefore never both can be reached at the same time.
This means that if you want to manage several phone numbers and make them accessible independently of each other, this must be realized via the same number of SIP connections. Accordingly, several SIP connections can also be entered in a FritzBox, for example, to ensure the use of different phone numbers independently of each other.
The SIP trunk is nothing more than a normal SIP connection, but is only associated with the right telecommunications systems. In contrast to conventional SIP end devices, the PBX also requires the number information of the dialed number in the incoming SIP packet in order to enable routing to the correct extension. With dus.net, this is realized via the DDI function and is automatically available to all SIP connections created in DUStel business flex.
SIP via TCP and UDP
The Session Initiation Protocol (SIP) is a network protocol for establishing, controlling and terminating a communication session between two or more participants (source: Wikipedia). The signaling of the SIP packets of a telephone call is usually handled via UDP (User Datagram Protocol). Data is divided into packets with a theoretical maximum size of up to 1500 bytes. However, despite additional and further logical information, this size is reduced or optimized to a usable size of approx. 1300 bytes. If such a package is sent, it contains both the sender and recipient addresses. Unfortunately, however, there is no feedback to the sender as to whether the package has actually reached the recipient. As a result, when using UDP, additional care must be taken to ensure and check whether a packet has actually reached the recipient. This is done in the SIP protocol by means of acknowledgement responses. In this case, an "INVITE" (call from A to B) is followed by a "TRYING", then a "PROGRESS" and so on. If there is no acknowledgement, the last parcel is sent again at intervals according to defined timers until an acknowledgement is received. If there is still no acknowledgement, the session runs into a predefined timeout and is aborted.
With SIP via TCP (Transmission Control Protocol), the transport is fundamentally different. Comparable to a "registered letter with return receipt". Due to its concept, TCP is "more robust" than UDP in many respects, but in contrast to UDP it also has a certain amount of additional data (overhead) and requires more bandwidth than UDP for the same amount of user data. However, this is largely negligible in the case of SIP. The advantage of TCP is the architecture of the protocol itself. It contains built-in mechanisms to automatically recognize and resend "lost packets". A TCP connection is also established in a dedicated form. This means that before data is transmitted, the recipient already knows that it is coming. There are even more advantages of TCP, which are also easier to handle for NAT (Network Address Translation) and accordingly for firewalls than in comparison to UDP. It doesn't really matter which protocol is the "better" one. It must meet the requirements for you as a customer. dus.net GmbH offers you the option of using either UDP or TCP as the transmission protocol for SIP. The settings for this must be made exclusively in your respective end device. No setting is required on the part of dus.net.
Incidentally, UDP is generally used for the audio data, i.e. the actual telephone call. One of the reasons for this is the significantly lower "overhead", i.e. the large amount of user data and the less time-consuming checks. Any forwarding of packets makes less sense in a real-time application.
Encryption with TLS & SRTP
Anyone who is concerned about the security of their data transmitted over the Internet has been familiar with SSL (Secure Socket Layer) for decades. This is a certificate-based security system.
TLS stands for "Transport Layer Security". As with SSL, any transport path (HTTP, email, FTP or SIP) is secured via the TCP protocol. For telephony, this means that the packets responsible for setting up and terminating a call, i.e. the SIP protocol, can be secured via TLS. However, the call (voice packets) itself is not encrypted with TLS (!!!). By default, this runs via the unencrypted RTP stream. If the call is also to be encrypted, SRTP comes into play.
SRTP is possible in many different variants and stands for "Secure Real Time Protocol". Only SRTP encrypts the voice data, i.e. the actual conversation. However, if no other mechanisms such as MIKEY are used, the key comparison for the SRTP stream is normally carried out via the SDP header of the SIP protocol, but in plain text. Even if a secure key exchange is guaranteed with SRTP, this is still not completely sufficient, as the telephone numbers, i.e. your CLIP and the number of the called party, are still transmitted unencrypted. This means that a potential attacker does not know what you are talking about, but they do know who you are talking to.
Finally, it should be noted that an encrypted RTP stream in conjunction with unencrypted SIP packets increases the risk of accessing the master and the two session keys that enable the SRTP stream to be decrypted.
The bottom line is that only a SIP session secured with TLS/SSL in conjunction with SRTP offers comprehensive protection, as access to the crypto keys for SRTP in the SDP part of the SIP session is no longer readily visible.
Of course, dus.net GmbH also offers SRTP in combination with TLS, via IPv4 and IPv6.