Ineen versus Paltalk for Audio/Video communication

I always use Skype for PC to PC audio communication and I don't think
there is any better system to use, do you agree? But for Video plus
Audio chat, how does Ineen compare with PalTalk?
--
Derrick Fawsitt

Not used PalTalk but it looks like another closed system to me. Ineen is
based on SIP and should be open. In fact you can upgrade to Xten's eyeBeam
which is a commercial version of Ineen and use any SIP provider.

PalTalk also doesn't support Macs (which my in-laws use) so no use to me.

See my other post about Ineen and Firewalls/NATs though. Can't comment on
Ineen quality since I can't get it to work, yet!

Paul DS

"Derrick Fawsitt" <(E-Mail Removed)> wrote in message
news:Ry7UPzAt$(E-Mail Removed)...
> I always use Skype for PC to PC audio communication and I don't think
> there is any better system to use, do you agree? But for Video plus
> Audio chat, how does Ineen compare with PalTalk?
> --
> Derrick Fawsitt

Paul D.Smith wrote:
> Not used PalTalk but it looks like another closed system to me. Ineen is
> based on SIP and should be open. In fact you can upgrade to Xten's eyeBeam
> which is a commercial version of Ineen and use any SIP provider.
>
> PalTalk also doesn't support Macs (which my in-laws use) so no use to me.
>
> See my other post about Ineen and Firewalls/NATs though. Can't comment on
> Ineen quality since I can't get it to work, yet!
>
> Paul DS
>
According to the FAQ's PalTalk will work on mac's using "Virtual PC" for
mac's.
Also worth a read
http://www.paltalk.com/PalTalkSite/s...etworksup.html

Pinched from another page:
Because SIP and RTP are emerging protocols, most firewalls do not allow
SIP and RTP traffic to pass through them.

SIP provides significant challenges to firewalls:

* SIP uses UDP (and sometimes TCP) on port 5060.
* The voice streams setup by SIP are transported using RTP (another
UDP-based protocol).
* The IP addresses and ports for each end of the RTP stream are
negotiated within the SIP messages, using Session Description Protocol
(SDP). Since the IP addresses and ports are embedded within the SIP
payload, firewalls that use Network Address Translation (NAT) must read
the SIP messages, and perform NAT on the embedded SDP. Very few existing
NAT implementations support this today.


There are several ways to solve issues with your firewall:

* To continue using your existing firewall:
o Allow SIP and RTP traffic to pass through it by opening
port 5060 for UDP and TCP packets.
o Open a range of UDP ports for RTP. Configure your SIP
clients to use the range of ports you have configured.
o Disable NAT.
* Put SIP phones outside the firewall.
* Replace your firewall with one that is SIP-aware.

To follow up...

> According to the FAQ's PalTalk will work on mac's using "Virtual PC" for
> mac's.
> Also worth a read
> http://www.paltalk.com/PalTalkSite/s...etworksup.html

I read all that before I posted. My in-laws don't have virutal PC, don't
want virtual PC and much prefer to have a native MAC products since they
know how to install MAC products. Virtual PC does not make a PC product
into a native MAC product and and I'm not aware of any emulation package
that gives as good a performance as a native product.

>
> Pinched from another page:
> Because SIP and RTP are emerging protocols, most firewalls do not allow
> SIP and RTP traffic to pass through them.
>

I know all this since I've got 5 years experience writing SIP/RTP stacks.
There are various ways to get around this, for example STUN. I was told by
XTen that no firewall hacking was required but perhaps Ineen's cut-down
client doesn't do this. My own investigations seem to indicate that their
STUN server was either not working or unreachable.

BTW, a SIP-aware firewall is called an ALG (application level gateway). I
would be surprised to see such a thing in a small home NAT/firewall package,
but you never know.

Cheers,
Paul DS

Paul D.Smith wrote:
8><............................................... ...
> I know all this since I've got 5 years experience writing SIP/RTP stacks.
> There are various ways to get around this, for example STUN. I was told by
> XTen that no firewall hacking was required but perhaps Ineen's cut-down
> client doesn't do this. My own investigations seem to indicate that their
> STUN server was either not working or unreachable.
8><............................................... ..

From the INEEN Forum http://tinyurl.com/aybfr

Firewall and NAT Issues
If your computer is behind a firewall, certain ports must be open for
ineen to be able to
communicate with your VoIP service provider. The required ports are
listed below in Table 4.
Please see your firewall documentation for help on opening ports.
Table 4 - Standard Ports
Port Type and Number Service
UDP 3478 STUN
UDP 5060 SIP
UDP 8000 RTP
UDP 8001 RTCP
_________________
ineen Support

I've read that thread and there are two things you forgot to mention.

1. As XTen have told me, and another part of the Ineen Forum thread
indicates, Ineen uses random ports for RTP so listening on a specific port
doesn't work. It possibly might work for the first conversation because
it's not uncommon for "random" to mean "start at a specific port and for
each call, increment the port number by 1" so 8000 may be their starting
port.
2. At least one poster in the thread has confirmed that no special firewall
configuration is required, which is the same as what XTen told me.

The whole reason for central servers and STUN is to stop having to open up
firewalls in the manner that you describe.

Paul DS.

"NBT" <(E-Mail Removed)> wrote in message
news:d42nvl$4pv$(E-Mail Removed)...
> Paul D.Smith wrote:
> 8><............................................... ...
> > I know all this since I've got 5 years experience writing SIP/RTP
stacks.
> > There are various ways to get around this, for example STUN. I was told
by
> > XTen that no firewall hacking was required but perhaps Ineen's cut-down
> > client doesn't do this. My own investigations seem to indicate that
their
> > STUN server was either not working or unreachable.
> 8><............................................... ..
>
> From the INEEN Forum http://tinyurl.com/aybfr
>
> Firewall and NAT Issues
> If your computer is behind a firewall, certain ports must be open for
> ineen to be able to
> communicate with your VoIP service provider. The required ports are
> listed below in Table 4.
> Please see your firewall documentation for help on opening ports.
> Table 4 - Standard Ports
> Port Type and Number Service
> UDP 3478 STUN
> UDP 5060 SIP
> UDP 8000 RTP
> UDP 8001 RTCP
> _________________
> ineen Support

Paul D.Smith wrote:
> I've read that thread and there are two things you forgot to mention.
>
> 1. As XTen have told me, and another part of the Ineen Forum thread
> indicates, Ineen uses random ports for RTP so listening on a specific port
> doesn't work. It possibly might work for the first conversation because
> it's not uncommon for "random" to mean "start at a specific port and for
> each call, increment the port number by 1" so 8000 may be their starting
> port.
> 2. At least one poster in the thread has confirmed that no special firewall
> configuration is required, which is the same as what XTen told me.
>
> The whole reason for central servers and STUN is to stop having to open up
> firewalls in the manner that you describe.
>
> Paul DS.
>
Well I suppose I had to download it and try it.

The Laptop used runs XP SP2 ,ZAP Firewall ,wireless connection to a
Linksys WAG54G ver1(f/ware 1.02.07) 5 Metres away and using WPA-PSK TKIP
After 15 successful logon's my last log file reads:-
ineen 1.1 release 3006k build stamp 17510 (built on Apr 11 2005 at 14:33:26)
(c) 2005 ineen Inc. All rights reserved.

16:21:00.2 Found adapter 0:
16:21:00.2 Supports colour-converting blit
16:21:00.2 Supports hardware overlay
16:21:00.2 Supports blitting
16:21:00.2 Supports asynchronous blit
16:21:00.2 Supports stretched blits
16:21:00.2 Supports non-local video surfaces
16:21:00.2 Supports arithmetic stretching
16:21:00.2 Supports arbitrary x-axis stretching
16:21:00.2 Supports arbitrary y-axis stretching
16:21:00.2 94 MB of video memory free
16:21:00.2 Found 1FOURCC codes
16:21:00.2 Supports YUY2 FOURCC surface
16:21:00.2 Proxy slot #1 () - Proxy not enabled
16:21:00.2 Proxy slot #2 () - Proxy not enabled
16:21:00.2 Proxy slot #3 () - Proxy not enabled
16:21:00.2 Proxy slot #4 () - Proxy not enabled
16:21:00.2 Proxy slot #5 () - Proxy not enabled
16:21:00.2 Proxy slot #6 () - Proxy not enabled
16:21:00.2 Proxy slot #7 () - Proxy not enabled
16:21:00.2 Proxy slot #8 () - Proxy not enabled
16:21:00.2 Proxy slot #9 () - Proxy not enabled
16:21:00.4 Proxy slot #0 (sip6.ineen.com) - DNS lookup results:

Proxy : Lookup performed: '(_sip._udp.) sip6.ineen.com,(_sip._tcp.)
sip6.ineen.com' - Results: '64.34.98.148:5060'
STUN : Lookup performed: '(_stun._udp.) ineen.com' - Results:
'64.34.98.148:3478,64.34.98.144:3478'
XTunnels: Lookup performed: '(_xtunnels2._tcp.) ineen.com' - Results: ''

16:21:00.4 Proxy slot #0 (sip6.ineen.com) - Performing firewall
discovery...64.34.98.148:3478,64.34.98.144:3478
16:21:07.2 FW Type Test
[#1:A1P1_A1P1:2:F][d:64.34.98.148:3478][c-ip:F][c-p:F][o:192.168.xx.xxx:2788]
[m:81.157.70.50:2788][r:64.34.98.148:3478][s-a:F][s-p:T][ma-c:T] -
[81.157.70.50:2788][]
16:21:07.2 FW Type Test
[#2:A1P1_A2P2:6:T][d:64.34.98.148:3478][c-ip:T][c-p:T][o:192.168.xx.xxx:2788]
[m:81.157.70.50:2788][r:0.0.0.0][s-a:F][s-p:T][ma-c:F] -
[81.157.70.50:2788][]
16:21:07.2 FW Type Test
[#3:A2P1_A2P1:2:F][d:64.34.98.149:3478][c-ip:F][c-p:F][o:192.168.xx.xxx:2788]
[m:81.157.70.50:2788][r:64.34.98.149:3478][s-a:F][s-p:T][ma-c:F] -
[81.157.70.50:2788][]
16:21:07.2 FW Type Test
[#4:A1P1_A1P2:6:T][d:64.34.98.148:3478][c-ip:F][c-p:T][o:192.168.xx.xxx:2788]
[m:81.157.70.50:2788][r:0.0.0.0][s-a:F][s-p:T][ma-c:F] -
[81.157.70.50:2788][PortRestrictedConeNAT]
16:21:07.2 Proxy slot #0 (sip6.ineen.com) - XNAT is used.
16:21:08.5 Proxy slot #0 (sip6.ineen.com) -

SIP Transport:
UDP: '81.157.70.50:7116' type: 'EHasNATIP'
TCP: '192.168.xx.xxx:7116' type: 'EUndefined'

16:21:08.5 Proxy slot #0 (sip6.ineen.com) - OnSipAccountReady
[local:192.168.xx.xxx:7116][STUN:81.157.70.50:2788][USED:81.157.70.50:7116]
16:21:08.5 Proxy slot #0 (sip6.ineen.com) - Order of registration:
<sip6.ineen.com> Attempting to register to AOR:
'NBT<sip:(E-Mail Removed)>', proxy: 'sip6.ineen.com', firewall-proxy: 'F'.
16:21:08.8
SENDING TO: 64.34.98.148:5060
REGISTER sip:ineen.com SIP/2.0
To: NBT<sip:(E-Mail Removed)>
From: NBT<sip:(E-Mail Removed)>;tag=be68fe00
Via: SIP/2.0/UDP
81.157.70.50:7116;branch=z9hG4bK-d87543-603526762-1--d87543-;rport
Call-ID: 7f25545feb51e67a
CSeq: 1 REGISTER
Contact: <sip:2004556@81.157.70.50:7116>
Expires: 3600
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: ineen release 3006k stamp 17510 (WinNT 5.x)
Content-Length: 0


16:21:09.0
RECEIVING FROM: 64.34.98.148:5060
SIP/2.0 401 Unauthorized
To: NBT<sip:(E-Mail Removed)>;tag=cc9906538ee5591f380 2851c280fd99e.6f59
From: NBT<sip:(E-Mail Removed)>;tag=be68fe00
Via: SIP/2.0/UDP
81.157.70.50:7116;branch=z9hG4bK-d87543-603526762-1--d87543-;rport=7116
Call-ID: 7f25545feb51e67a
CSeq: 1 REGISTER
WWW-Authenticate: Digest realm="ineen.com",
nonce="42652438b9230dfe8b037bd5e1a0f3e9ead3188b", qop="auth"
Content-Length: 0


16:21:09.3
SENDING TO: 64.34.98.148:5060
REGISTER sip:ineen.com SIP/2.0
To: NBT<sip:(E-Mail Removed)>
From: NBT<sip:(E-Mail Removed)>;tag=be68fe00
Via: SIP/2.0/UDP
81.157.70.50:7116;branch=z9hG4bK-d87543-899569849-1--d87543-;rport
Call-ID: 7f25545feb51e67a
CSeq: 2 REGISTER
Contact: <sip:2004556@81.157.70.50:7116>
Expires: 3600
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO
User-Agent: ineen release 3006k stamp 17510 (WinNT 5.x)
Authorization: Digest username="2004556",realm="ineen.com",
nonce="42652438b9230dfe8b037bd5e1a0f3e9ead3188b",
uri="sip:ineen.com",response="d97f43e01b1d316eb784 6fe45d91efb5",
cnonce="067590611c465e23",nc=00000001,qop=auth,alg orithm=MD5
Content-Length: 0


16:21:09.5
RECEIVING FROM: 64.34.98.148:5060
SIP/2.0 200 OK
To: NBT<sip:(E-Mail Removed)>;tag=cc9906538ee5591f380 2851c280fd99e.8433
From: NBT<sip:(E-Mail Removed)>;tag=be68fe00
Via: SIP/2.0/UDP
81.157.70.50:7116;branch=z9hG4bK-d87543-899569849-1--d87543-;rport=7116
Call-ID: 7f25545feb51e67a
CSeq: 2 REGISTER
Contact: <sip:2004556@81.157.70.50:7116>;expires=3600
Content-Length: 0


16:21:09.5 Proxy slot #0 (sip6.ineen.com) - Successfully registered -
AOR: 'NBT<sip:(E-Mail Removed)>', proxy: '64.34.98.148:5060',
firewall-proxy: 'F'.
16:21:15.7 Proxy slot #0 (sip6.ineen.com) - Current firewall port open
duration: 7 seconds.
16:21:15.7 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 3 seconds. Current firewall open duration: 7
seconds.
16:21:18.9 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 3 seconds. Current firewall open duration: 7
seconds.
16:21:18.9 Proxy slot #1 () - Proxy not enabled
16:21:18.9 Proxy slot #2 () - Proxy not enabled
16:21:18.9 Proxy slot #3 () - Proxy not enabled
16:21:18.9 Proxy slot #4 () - Proxy not enabled
16:21:18.9 Proxy slot #5 () - Proxy not enabled
16:21:18.9 Proxy slot #6 () - Proxy not enabled
16:21:18.9 Proxy slot #7 () - Proxy not enabled
16:21:18.9 Proxy slot #8 () - Proxy not enabled
16:21:18.9 Proxy slot #9 () - Proxy not enabled
16:21:28.0 Proxy slot #0 (sip6.ineen.com) - Current firewall port open
duration: 12 seconds.
16:21:28.4 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 5 seconds. Current firewall open duration: 12
seconds.
16:21:45.4 Proxy slot #0 (sip6.ineen.com) - Current firewall port open
duration: 17 seconds.
16:21:50.0 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 8 seconds. Current firewall open duration: 17
seconds.
16:21:57.7 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 8 seconds. Current firewall open duration: 17
seconds.
16:22:07.7 Proxy slot #0 (sip6.ineen.com) - Current firewall port open
duration: 22 seconds.
16:22:13.0 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 10 seconds. Current firewall open duration: 22
seconds.
16:22:35.1 Proxy slot #0 (sip6.ineen.com) - Current firewall port open
duration: 27 seconds.
16:22:42.7 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 12 seconds. Current firewall open duration: 27
seconds.
16:22:54.9 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 12 seconds. Current firewall open duration: 27
seconds.
16:23:07.4 Proxy slot #0 (sip6.ineen.com) - Current firewall port open
duration: 32 seconds.
16:23:19.2 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 14 seconds. Current firewall open duration: 32
seconds.
16:23:49.8 Proxy slot #0 (sip6.ineen.com) - Current firewall port open
duration: 42 seconds.
16:24:02.5 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 19 seconds. Current firewall open duration: 42
seconds.
16:24:42.1 Proxy slot #0 (sip6.ineen.com) - Current firewall port open
duration: 52 seconds.
16:24:59.2 Proxy slot #0 (sip6.ineen.com) - Sending SIP keep-alive to
'64.34.98.148:5060' every 23 seconds. Current firewall open duration: 52
seconds.

Thanks for that. Your output confirms what I suspected - my system fails to
find the stun server and then tries to run as if there is no NAT, which
doesn't work.

Interestingly they use SRV records in the DNS look-up for the STUN server so
there is the possibility that the Netgear DG384G doesn't handle these
properly. I'll try a test tonight or tomorrow when I get time to bypass the
Netgear's DNS and see what happens.

Paul DS.

<snip>

On Tue, 19 Apr 2005 11:11:12 +0100, "Paul D.Smith"
<(E-Mail Removed)> wrote:

>To follow up...
>
>> According to the FAQ's PalTalk will work on mac's using "Virtual PC" for
>> mac's.
>> Also worth a read
>> http://www.paltalk.com/PalTalkSite/s...etworksup.html
>
>I read all that before I posted. My in-laws don't have virutal PC, don't
>want virtual PC and much prefer to have a native MAC products since they
>know how to install MAC products. Virtual PC does not make a PC product
>into a native MAC product and and I'm not aware of any emulation package
>that gives as good a performance as a native product.
>
>>
>> Pinched from another page:
>> Because SIP and RTP are emerging protocols, most firewalls do not allow
>> SIP and RTP traffic to pass through them.
>>
>
>I know all this since I've got 5 years experience writing SIP/RTP stacks.
>There are various ways to get around this, for example STUN. I was told by
>XTen that no firewall hacking was required but perhaps Ineen's cut-down
>client doesn't do this. My own investigations seem to indicate that their
>STUN server was either not working or unreachable.
>
>BTW, a SIP-aware firewall is called an ALG (application level gateway). I
>would be surprised to see such a thing in a small home NAT/firewall package,
>but you never know.

Hi Paul, just to let you know that the SpeedTouch ADSL routers
support/implement a SIP aware ALG from software version 4.2.7 :-)

>
>Cheers,
>Paul DS
>

> Hi Paul, just to let you know that the SpeedTouch ADSL routers
> support/implement a SIP aware ALG from software version 4.2.7 :-)
>

Wow! Clearly Speedtouch are taking VoIP seriously. This is a great thing
for SIP as currently offering have to jump through many hoops to get through
NATs but the common concensus has always been that small routers would not
supoprt SIP as an ALG.

Paul DS.