SIP2SIP

Since Groundwire (iPhone SIP client) has many SIP account configuration options, I would wish to receive comments on my configured advanced settings.

Goals: security, low network traffic, reliability for receiving calls

Areas for improvement: Registration while in background mode (communication errors) --> to many re-registrations which can cause errors. The log file in the Groundwire application is that long, that copying and pasting "12 hours of log lines while the phone is in background mode" makes the iOS mail app crash.

Advanced settings
Incoming Calls: On with Backgrounding

Backgrounding Options
Host: <empty>
Leave empty to use proxy settings from your current account definition. It overrides your standard Outbound Proxy settings.
Transport Protocol: tls (sips) , tls (sip), tcp, auto
Expires: 3600
Track Errors: On , Off

NAT Traversal
Media: ICE , Auto, Off, STUN, TURN Always
Send Media Back: Off , On
Ensures that media streams are sent to the IP:port they are received from.
STUN Server: <empty>
TURN Username: <empty>
TURN Password: <empty>
Ignore Symmetric NAT: Off , On

Signaling:: Discover Global IP: Internal , External, Static
For providers requiring global IP discovery use External. For others you should be safe with Static or Internal. Static uses a faked private IP:port pair to solve issues when you are behind NAT and your provider groups registrations based on the full Contact URI. This option prevents changes in Contact header when network conditions change. To specify your own IP:port pair go to the Hacks section.
Signaling:: Send keepalives: Off , On
Send keepalive packets to keep the NAT ports open. Set if you have troubles getting incoming calls.
Outbound Proxy Enabled: Off , On
Optionally set to a proxy that performs some traffic manipulation e.g. TLS to UDP translation. This proxy is usually not related to the SIP provider. If regular proxy is specified as well, the SIP traffic will be routed to the proxy on the second hop.
Use the Outbound Proxy to route all SIP traffic through one server.
Proxy: proxy.sipthor.net:443

Codecs for WiFi: iLBC, G.711 u-Law, G.711 a-Law, G.722, Opus Wideband, Opus Narrowband, G.729a, GSM
Codecs for WiFi:: Packet Time: 20ms , 10ms, 30ms, 40ms, 50ms, 60ms
Codecs for WiFi:: Force Packet Time: Off , On
Higher packet times save bandwidth, but make the call quality more sensitive to packet loss. Bigger lost packets will make longer, more audible dropouts.
Codecs for WiFi:: Honor Remote Codecs: On , Off
If set, local codec order will be ignored and the first supported codec from the list sent by remote will be used.

Codecs for 3G: iLBC, Opus Narrowband, GSM, G.729a, G.711 u-Law, G.711 a-Law, Opus Wideband, G.722
Codecs for 3G:: Packet Time: 20ms , 10ms, 30ms, 40ms, 50ms, 60ms
Codecs for 3G:: Force Packet Time: Off , On
Codecs for 3G:: Honor Remote Codecs: Off , On

Auth User Name: <empty>
Transport Protocol: tls (sips) , udp, tcp, tls (sip)
VoiceMail Number: <empty>

DTMF Mode
Enabled DTMF Modes: RFC 2833, SIP INFO, audio
Send All Enabled: Off , On
When turned on all enabled DTMF methods are sent simultaneously. If pressing a single digit results in multiple presses on the receiver side, just turn this switch off.

Secure Calls :: SDES (RFC 4568)
Incoming Calls: Enabled , Disabled, Required
Outgoing Calls: Best Effort , Disabled, Required
A secure signaling channel is required for SDES. I.e. the protocol needs to be set to TLS. Due to security concerns it's also disabled for pushed calls. Please note SDES is prone to man0in-the-middle attacks and is largely dependant on the behavior of proxies along the SIP path. There may be hops between which the keys are transfered in clear text. If you would like to use SRTP over an insecure signaling channel you should try ZRTP instead.

Secure Calls :: ZRTP
Incoming Calls: Enabled , Disabled, Required
Outgoing Calls: Disabled
ZRTP is a media path key exchange method for SRTP. It can be used to secure calls even over insecure signaling channel (e.g. UDP). As opposed to SDES, it prevents eavesdropping opportunities at proxies. You will be able to accept ZRTP encrypted calls, however to initiate them you need to purchase the ZRTP add-on.

Expires: 3600
Registration period. The server may ask to increase this value.

Caller ID: <empty>
Caller Id Method: From Username , P-Preferred-Identity, P-Asserted-Identity, Remote-Party-ID
Sets caller ID headers of outgoing INVITE messages. Most VoIP providers will ignore these headers though.

Messaging
SIMPLE: Off , On
Enables SIP/SIMPLE messages to be sent and received.

Hacks
RTP Port Start: 10000
RTP Port End: 65535

SIP Port: <empty>
The listening port for SIP.

Forced Contact
Contact IP:port: <empty>
Fake fixed local IP and port can help if you are behind NAT and your provider groups registrations based on the full Contact URI. This setting prevents changes in Contact header when network conditions change. You should pick an IP from RFC 1918 range. E.g. 192.168.1.100:44444. Make sure to set Discover Global IP to Static to use this field.

Authorization
Send On Request: Off , On
Some providers do not like getting the Authorization header unless requested.
URI Scheme: sip: , tel:
The default scheme for numerical URIs is sip: or sips:. You can select tel: to enable support for RFC 3966 tel: URIs.

Nortelnetworks
Proxy-Require: Off , On
Some setups need Proxy-Require: com.nortelnetworks.firewall header to successfully traverse NAT.

SRTP
Prefer 80-bit Tags: Off , On
Prefer 80-bit authentication tags over 32-bit tags.

Registration State
Reuse: On , Off
Adjust Via: Off , On
The new registration will reuse the same Call-ID, CSeq sequence and rinstance as the previous one. We try to unregister stale contacts when network change. It's possible to alter Via headers to reflect Contact being unregistered.

Well-known codecs
Use rtpmap: Off , On
It's not necessary to include rtpmap attributes for well known codecs, but some providers erroneously require it.