Hello Bruce,
Sorry for the delay. I don't really have time to follow this list much.
In your original setup, you did use a sort of SIP Proxy (the central Asterisk
feeding the others) depending on your definition. A SIP Proxy would probably
solve your issue, but as I stated in my previous mail, you should not need one.
Fixing (or exchanging) Pfsense should also solve your issue and then you'll
have one less device that can bring your system down. Fixing Pfsense will
probably require you to troubleshoot the issue some more to see exactly what
happens, so you know what you need to fix. Compare the SIP traffic between your
Asterisks and Pfsense to the traffic between Pfsense and your provider. Capture
the traffic in .pcap format with ngrep, tcpdump, wireshark or other packet
dumping tools, then analyze it in wireshark. To capture traffic outside
Pfsense, you'll probably need to mirror a switch port, install a hub or ask
your provider to send you a dump. This will require some understanding of the
SIP message format and TCP/IP, but it should not be very complicated.
I'm quite sure Pfsense changes the contents of the SIP message itself in ways
it should not do possibly in addition to changing the IP packets in ways it
should not do. It may also possibly block incoming traffic it should not block.
If you decide to use a SIP proxy, then going back to your original design
(using Asterisk as a proxy) would probably be the easiest for you.
Of the alternatives you've listed, I only have experience with Kamailio. In
simple setups, its default configuration will not need to be altered much to
get it working. Its logic is VERY different to Asterisk, though. I know that
Kamailio would be a very good choice for this role. I believe the alternatives
would be as well.
With kind regards,
Pan B. Christensen
Senior technician
Ibidium AS
http://www.ibidium.no/
----- Original Message -----
From: Bruce B
To: Asterisk Users Mailing List - Non-Commercial Discussion
Sent: Tuesday, January 11, 2011 4:37 PM
Subject: Re: [asterisk-users] Do I need a sip proxy?
Thanks a lot for the great input Pan.
I think you are right on point with this one. I have STATIC PORT enabled in
my outbound WAN. I am not sure if it was set for SIP or OpenVPN use but it is
there for a reason.
So, I try to mingle a bit with Siproxd package. I am a bit fuzzy on it
though. If I have the Siproxd enabled, does it act as a one single server that
connects multiple times to my provider or providers and then I connect to the
Siproxd in return? Or, I can still register from Asterisk directly with the
provider(s) and Siproxd will take care of the SIP packets to be handled nicely?
If it's the latter then it sounds fine to use otherwise it would not only be
complicated but also a downtime to Siproxd mean downtime to all Asterisk
servers.
***In addition I have setup Siproxd according to pfsense guide online but
once I save the configurations and return to it there are no configs left. I
know this question is for pfsense forum but maybe someone else experienced this?
***And to return to my original question, do I need a SIP proxy and which one
would be suit my needs? I still like to get an input on my previous e-mail. I
have to stay with pfsense for now as it has proven to be a good router in all
other aspect.
Thanks,
On Tue, Jan 11, 2011 at 7:38 AM, Pan B. Christensen <p...@ibidium.no> wrote:
Hello Bruce,
Your understanding of NAT is correct, and your setup should work.
I’m not familiar with Pfsense, but I suspected that your problem was due to
a SIP ALG. Pfsense seems to have a SIP ALG and other special handling of VoIP
traffic. Hence, you are not using plain NAT. Pfsense is probably rewriting the
SIP packets in addition to the IP packets. Try reconfiguring Pfsense or
swapping it for something else. A good way to troubleshoot your scenario is to
compare the traffic in your end to the traffic on your providers end (or on
either side of pfsense). Pay attention to the source and destination IP and
ports in addition to the contents of the SIP messages.
http://doc.pfsense.org/index.php/VoIP_Configuration
http://en.wikipedia.org/wiki/Application-level_gateway
With kind regards,
Pan
From: Bruce B
Sent: Tuesday, January 11, 2011 8:58 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] Do I need a sip proxy?
Hi Everyone,
I am running multiple instances of Asterisk in Proxmox and so far I had one
central Asterisk feeding all others with trunks from one provider. Now, I want
to connect each Asterisk server directly to the provider. Based on my
understanding, each connection made to the provider port 5060 would be on a
port that is unique to that server. And so other connections made to the same
provider will go out through a different port and should receive responses
through that different port. At least that is my understanding of NAT. The
provider should see me trying to register from the same IP with multiple
different ports (high number ports; not talking about 5060 as this is outbound
and not inbound) and should be able to differentiate between SIP packets coming
from various servers. However, it seems to not happen.
There is some sort of clash and only one of the servers shows registered
with the provider and other's trunks go down. I have noticed that keeping one
server works. It could also be that my Fail2ban kicks in on all servers if the
SIP packets received are broadcasted to all servers which shouldn't really
happen and router should take of this by sending it to the server that has the
established connection through that port.
My equipment:
Asterisk 1.6x
Pfsense 1.2.3
Dumb Switch
My questions:
A- What is the rational behind this?
B- Do I need a sip proxy server? Something like Siproxd, OpenSIPs, or
Kamailio?
C- Which one of the above is the easiest to get running given I never tried
any of those.
D- If I am doing an SIP proxy server then it might have to also be
redundant. What options do I have in that and which of above or any other
suggested package might be great for future expansions.
Clarification on how NAT would work in situations like this would be much
appreciated.
Thanks
----------------------------------------------------------------------------
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
------------------------------------------------------------------------------
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users