Solutions for users with VoIP port blocked with Mikrotik

Writing after a long due to a busy schedule of mine. Many users worldwide have experienced a very common problem similar to mine.

VoIP port (5060) is blocked by my ISP

Before going in depth I’ll tell briefly what made me write this post. After I discovered it’s blocked, I went to my ISP and submitted all the necessary documents for the activation of VoIP. The service was activated in the evening. But later I found out the peering speed which I used to get from the ISP for p2p downloads were gone.

After contacting them, they  said that my connection is now a corporate one and peering is not applicable. Since I am a heavy downloader, I had to disable VoIP to enable peering.

Then I started to think what could be done to bypass port restriction at router level as I want to unblock it for all my PCs not just a single PC. I had a talk with Mr. Syed Jahanzaib and he suggested me to use VPN.

Let’s start our configuration process. For me its done on RB2011.

  1. Go to and copy the vpn server address, username and password.
  2. Login to winbox and then create a new PPTP Client interface from the Interface menu.
  3. Give a name : vpn. Then put in server address, username and password as shown below. Also check dial on demand nad add default route
  4. Then go to IP -> firewall -> NAT . Create a new srcnat with out interface vpn and action is masquerade.
  5. Then go to IP -> firewall -> Mangle. Create a new rule with chain prerouting and dst. address = VoIP-Server-IP and action=mark routing with routing mark=voip-traffic

  6. Then go to IP -> routes. Create a new route with dst. address = and routing mark=voip-traffic

Now fire up your voip soft phone and voila you can now connect without any problem. Now all traffic except the voip-traffic will pass through main WAN link and voip-traffic through vpn.


Happy talking…

Enjoyed this post? Share it!