cancel
Showing results for 
Search instead for 
Did you mean: 

TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?

GaryWilliams
Grafter
Posts: 40
Thanks: 4
Registered: ‎09-08-2010

TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?

I have been looking at reviews for the TP-Link AC1900 (Archer VR900 V2) router/modem.  All reviews were good except this one.  Can a router/modem genius translate this review for me?

Cheers

Gary

=============================================

 

TP-Link AC1900 (Archer VR900 V2)

.... otherwise excellent router that leaves the front door open to hackers!

However, unless you are a tech genius who will lock down all internal machines with SPI firewalls, do not trust this router to protect your internal machines.

The SIP ALG (an automatic gateway to allow you to use a VoIP service) opens up port 5060 to the whole WAN and forwards it to the internal machine using SIP. The setting (and others similar) are enabled by default.


This meant that whilst thinking my internal machine was secure because it is behind a NAT firewall, the TP link router has forwarded all incoming connections directly to it. This has cost me a huge amount of money due to hackers making international phone calls.


I e-mailed TP-Link tech support and they have confirmed multiple times that this is expected behaviour of the ALG.
For their attitude towards security, this router goes from 5 starts to 0 from me.

 

 

9 REPLIES 9
dvorak
Moderator
Moderator
Posts: 29,473
Thanks: 6,623
Fixes: 1,482
Registered: ‎11-01-2008

Re: TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?


Moderators Note


This topic has been moved from Fibre to My Router

Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
dvorak
Moderator
Moderator
Posts: 29,473
Thanks: 6,623
Fixes: 1,482
Registered: ‎11-01-2008

Re: TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?

Unless you use a Voice Over IP (VoIP) phone (sipgate etc.) then you don't need to worry to much about this - if you do use VoIP then you know you need to secure it.
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
MisterW
Superuser
Superuser
Posts: 14,574
Thanks: 5,408
Fixes: 385
Registered: ‎30-07-2007

Re: TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?

e-mailed TP-Link tech support and they have confirmed multiple times that this is expected behaviour of the ALG.

That isn't true expected behaviour of a properly implemented SIP Alg. Having said that,  most routers implementation of a sip Alg are broken in some way. In fact many (including the BT home hubs and the PN hub one) behave like the tplink. As @dvorak  says it's not a problem unless you've got a device with port 5060 open i.e a VoIP device or software. I suspect you can also disable the sip Alg on the tplink whereas you can't on the BT hubs

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

GaryWilliams
Grafter
Posts: 40
Thanks: 4
Registered: ‎09-08-2010

Re: TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?

Hi Guys,

Thank you both for the updates.  That raises two questions.

1.  I use Skype and TeamViewer 14 (which allows PC to PC audio).  Do either of these applications use VoIP?

2.  Can you point me to a good tutorial re securing VoIP functions?  I'll do a Google search now.

3.  I'll check the tplink documentation re disabling the sip.

4.  I'll run a port check to see if 5060 is open

Cheers

Gary

MisterW
Superuser
Superuser
Posts: 14,574
Thanks: 5,408
Fixes: 385
Registered: ‎30-07-2007

Re: TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?

Whilst Skype is a voip application, it uses its own protocols not SIP and will not have port 5060 open. I'm not sure what protocol teamviewer uses for its audio ?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

dvorak
Moderator
Moderator
Posts: 29,473
Thanks: 6,623
Fixes: 1,482
Registered: ‎11-01-2008

Re: TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?

By default TeamViewer uses 5380 and falls back to 443/80 if needed.
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
MisterW
Superuser
Superuser
Posts: 14,574
Thanks: 5,408
Fixes: 385
Registered: ‎30-07-2007

Re: TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?

Disabling the sip Alg onnthe vr900

http://www.surevoip.co.uk/support/wiki/troubleshooting:sip_alg:tp-link_archer_vr900

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

GaryWilliams
Grafter
Posts: 40
Thanks: 4
Registered: ‎09-08-2010

Re: TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?

Hi Guys,

 

Many thanks for your help.  That is a simple fix for this sip alg problem so I'll order my VR900 today.  I ran a port scan out of interest.  Port 5060 was reported as being in 'stealth' mode.

 

Regards

 

Gary

wisty
Pro
Posts: 591
Thanks: 112
Fixes: 8
Registered: ‎30-07-2007

Re: TP-Link AC1900 (Archer VR900 V2) Review -What does it mean?

I use a VOIP phone (Sipgate) with an old OBI100 ATA. My BT Business Hub 6 has SIP-ALG disabled. All works well. The inbound port on the ATA is set up to reject all calls except those from Sipgate.

The router tests stealth on all the relevant ports.