I played around with qualify frequency and settings without success. I didn't have such problems with Openwrt and dedicated router from my operator. This is not reliable and If I can not find a solution for this I'll have to give up pfsense. Any help in this case is appreciated!
On Wed, Oct 16, 2013 at 12:31 PM, palesius . <[email protected]> wrote: > Thanks that (keepalives on phone) seemed to help but we're suffering > unrelated connectivity problems between the sites, so I won't be able to > test until that is resolved, but if I'm having trouble still I'll try some > of your other suggestions. > On Oct 15, 2013 8:44 AM, "Jon Gerdes" <[email protected]> wrote: > >> I use these parameters which seem to work regardless of where the phone >> is (NAT or VPN) >> >> nat=yes for all devices whether internal (VPN) or external >> Set the RTP ports to the same as the Asterisk server or make the server >> range a superset of the device's ranges >> Enable symmetric RTP >> Enable keep alives on the phones - some may have a NAT keep alive option >> >> Make sure you have defined your localnet on Asterisk for each "internal" >> subnet. I usually put 10.0.0.0/255.0.0.0 172.16.0.0/255.240.0.0 and >> 192.168.20.0/255.255.0.0 in on all Asterisks I configure - it covers >> most eventualities. >> >> Hope this helps >> >> Cheers >> Jon >> >> >> >>> >> > i have nat=no set for those devices since it's over a tunnel (i've tried >> > yes and strict as well i think). >> > my RTP range is 10000-20000 on the asterisk device. (and they are >> allowed >> > through the firewall) >> > at the moment i'm using a snom m9 (RTP range 49152-65534) >> > but i've seen the same issues with a aastra 480 (rtp 3000-3003) >> > and a digium d50 (not sure on the RTP ports) >> > >> > Should any of this matter over a OpenVPN tunnel? or only over NAT? >> > >> > I'm not just losing voice btw (which i assume is the RTP), I'm loosing >> all >> > connectivity (which I'm assuming means my Sip session is down). >> > >> > >> > On Mon, Oct 14, 2013 at 5:12 AM, Jon Gerdes <[email protected]> >> wrote: >> > >> >> Are you using symmetric RTP? if not, try that along with a keep alive >> >> option. As the RFC for it states it should be a default - shame it >> isn't >> >> on many systems. it fixes a lot of snags for me. >> >> >> >> I have a phone - Cisco 504G - on my desk that can go weeks without >> >> making/taking a call and yet just works. The PBX - Asterisk 11 - for >> it >> >> is over 50 miles away, behind pfSense 2.1 (formally 2.0.{1,2,3}), at >> one >> >> stage over IPSEC and now simply NATted. >> >> >> >> Your problem is almost certainly the phone setting up an RTP port at >> >> registration and then assuming it can carry on using it. The state >> goes at >> >> one end or the other and then calls fail. By using symmetric RTP you >> >> effectively fix the RTP port at both ends and the state will properly >> keep >> >> alive - at both ends, PBX and phone. >> >> >> >> Also make sure that your RTP port range is the same at both ends. >> There >> >> are many range defaults depending on manufacturer. Asterisk defaults >> to >> >> 10000-20000 (check /etc/astyerisk/rtp.conf) but Cisco for example does >> not. >> >> >> >> So: >> >> Get the RTP ranges fixed up >> >> Use symmetric RTP >> >> Use keep alives >> >> >> >> Cheers >> >> Jon >> >> >> >> >> >> >> >> >>> >> >> > Already tried that, I think they are pinged every 30sec from the >> asterisk >> >> > side. >> >> > >> >> > >> >> > On Thu, Oct 10, 2013 at 10:05 AM, Vick Khera <[email protected]> >> wrote: >> >> > >> >> >> Can you configure your phones to use do a keepalive ping? It sounds >> like >> >> >> the states are timing out. >> >> >> >> >> >> >> >> >> >> >> >> On Wed, Oct 9, 2013 at 5:44 PM, palesius . <[email protected]> >> wrote: >> >> >> >> >> >>> To take a break from all the NSA talk... >> >> >>> >> >> >>> I'm having some trouble routing traffic over an openvpn tunnel >> between >> >> >>> two pfsense firewalls. Asterisk server on one end, a couple of >> >> different >> >> >>> phones on the other side. >> >> >>> >> >> >>> It was working fine when we had monowall on both ends. (W/ipsec >> tunnel) >> >> >>> Since changing to pfsense it will register with the server just >> fine >> >> but >> >> >>> will lose it's connection anywhere from a few minutes to hours >> later. >> >> >>> >> >> >>> I've tried both ipsec and openvpn tunnels and have pretty much the >> same >> >> >>> result. I know mono and pfsense use a diffrerent firewall engine, >> is >> >> there >> >> >>> something obvious I should set/change to fix this. >> >> >>> >> >> >>> I had kind of dropped the issue a few months ago but wanted to take >> >> >>> another stab at it. I'll try to do some packet captures but don't >> have >> >> any >> >> >>> at the moment. Just hoping there is some easy general fix for >> getting >> >> SIP >> >> >>> working that someone else has already discovered. >> >> >>> >> >> >>> _______________________________________________ >> >> >>> List mailing list >> >> >>> [email protected] >> >> >>> http://lists.pfsense.org/mailman/listinfo/list >> >> >>> >> >> >>> >> >> >> >> >> >> _______________________________________________ >> >> >> List mailing list >> >> >> [email protected] >> >> >> http://lists.pfsense.org/mailman/listinfo/list >> >> >> >> >> >> >> >> >> >> >> >> >> >> Registered Address : Blueloop House, Ilchester Road, YEOVIL, BA21 3AA >> >> Registered England & Wales - 3981322 >> >> >> >> CONFIDENTIAL INFORMATION >> >> This e-mail and any files attached with it are confidential and for the >> >> sole use of the intended recipient(s). If you are not the intended >> >> recipient(s) you are prohibited from using, copying or distributing >> this or >> >> any information contained in it and should immediately notify the >> sender >> >> and delete the message from your system. >> >> >> >> Internet communications are not secure and Blueloop Limited is not >> >> responsible for unauthorised use by third parties nor for alteration or >> >> corruption in transmission. Furthermore, while Blueloop Limited have >> taken >> >> reasonable precautions to minimise the risk of software viruses, it >> cannot >> >> accept liability for any damage which you may suffer as a result of >> such >> >> viruses, and we therefore recommend you carry out your own virus >> checks on >> >> receipt of any e-mail. >> >> >> >> _______________________________________________ >> >> List mailing list >> >> [email protected] >> >> http://lists.pfsense.org/mailman/listinfo/list >> >> >> >> >> >> Registered Address : Blueloop House, Ilchester Road, YEOVIL, BA21 3AA >> Registered England & Wales - 3981322 >> >> CONFIDENTIAL INFORMATION >> This e-mail and any files attached with it are confidential and for the >> sole use of the intended recipient(s). If you are not the intended >> recipient(s) you are prohibited from using, copying or distributing this or >> any information contained in it and should immediately notify the sender >> and delete the message from your system. >> >> Internet communications are not secure and Blueloop Limited is not >> responsible for unauthorised use by third parties nor for alteration or >> corruption in transmission. Furthermore, while Blueloop Limited have taken >> reasonable precautions to minimise the risk of software viruses, it cannot >> accept liability for any damage which you may suffer as a result of such >> viruses, and we therefore recommend you carry out your own virus checks on >> receipt of any e-mail. >> >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list >> > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
