Re: [pfSense Support] asterisk behind pfsense+remote sip clients
- Mensaje original - De: David Burgess apt@gmail.com Para: support@pfsense.com Enviados: Miércoles, 11 de Agosto 2010 15:56:25 Asunto: Re: [pfSense Support] asterisk behind pfsense+remote sip clients On Wed, Aug 11, 2010 at 1:53 PM, Victor Pasten vpas...@connected.cl wrote: Hi Guys, recently I've installed a asterisk server (in my lan, behind pfsense 1.2.3-release), everything it's ok, except for some remote sip extentions (polycom device, and x-lite softphone) that periodically are loosing her registration. Most voip problems with pfsense can be solved here: http://doc.pfsense.org/index.php/VoIP_Configuration - I've followed the instructions, but nothing... Now I'm testing with M0n0 sip+nat bad mix - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] asterisk behind pfsense+remote sip clients
I overcome this issue most of the time by defining your port range w/ asterisk for RTP in the rtp.conf file. Then redirect those ports from the nat device to the asterisk box inside. Make sure you do what needs to be done for nat keepalive if you have states enabled. Also, don’t forget to open 5060 udp on nat to the inside asterisk box. Also note, you can adjust the amount of ports for RTP needed based on how many phones you have. The lower the amount of phones, the lower amount of ports to forward. Mess with port address translation (PAT) or port forwarding, and also try 1:1 nat if you have the public ip's to spare.. HTH, Austin -Original Message- From: Victor Pasten [mailto:vpas...@connected.cl] Sent: Thursday, August 12, 2010 3:11 PM To: support@pfsense.com Subject: Re: [pfSense Support] asterisk behind pfsense+remote sip clients - Mensaje original - De: David Burgess apt@gmail.com Para: support@pfsense.com Enviados: Miércoles, 11 de Agosto 2010 15:56:25 Asunto: Re: [pfSense Support] asterisk behind pfsense+remote sip clients On Wed, Aug 11, 2010 at 1:53 PM, Victor Pasten vpas...@connected.cl wrote: Hi Guys, recently I've installed a asterisk server (in my lan, behind pfsense 1.2.3-release), everything it's ok, except for some remote sip extentions (polycom device, and x-lite softphone) that periodically are loosing her registration. Most voip problems with pfsense can be solved here: http://doc.pfsense.org/index.php/VoIP_Configuration - I've followed the instructions, but nothing... Now I'm testing with M0n0 sip+nat bad mix - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] asterisk behind pfsense+remote sip clients
If your Asterisk is setup correctly, the page David pointed you to has the solutions to all the common issues. The issue you describe is actually more likely to be the firewall/NAT device the phones are behind than the one your server is behind, probably have short UDP timeouts and your keepalive isn't high enough. Agreed. By the by, an easy, if hackish, fix for this tends to be to set the registration interval very low on the phones. This keeps the state established. I have a few environments in homes we service where this is literally the only reliable way to punch through the homeowners' NAT (firewalls they/we can't control, etc). I've seen firewalls that need 60 second intervals, and some that can handle 5 or 10 minute intervals. One of my platforms has a couple thousand SIP registrations from various phone/ATA devices, and the load generated by the registrations is completely nominal. On the server side of things, we're not using NAT, just routing. Still my suspicion is that if you're losing registrations over time, it's a session state issue at the phone's end - especially if the registrations come back when the expire timer runs out (sip show peer xx) and the phone creates a new connection to register itself. Nathan Eisenberg - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] asterisk behind pfsense+remote sip clients
- Mensaje original - De: Austin G. Smith asm...@neweffectit.com Para: support@pfsense.com Enviados: Jueves, 12 de Agosto 2010 15:32:55 Asunto: RE: [pfSense Support] asterisk behind pfsense+remote sip clients I overcome this issue most of the time by defining your port range w/ asterisk for RTP in the rtp.conf file. Then redirect those ports from the nat device to the asterisk box inside. Make sure you do what needs to be done for nat keepalive if you have states enabled. Also, don’t forget to open 5060 udp on nat to the inside asterisk box. Also note, you can adjust the amount of ports for RTP needed based on how many phones you have. The lower the amount of phones, the lower amount of ports to forward. Mess with port address translation (PAT) or port forwarding, and also try 1:1 nat if you have the public ip's to spare.. my pat is: 5060 - asterisk(ip_internal) 1-2 - asterisk(ip_internal) 4569 - asterisk(ip_internal) nat 1:1, impossible We've only 1 public ip address - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] asterisk behind pfsense+remote sip clients
Looks like you got it right. IAX works well with NAT to overcome some of the headaches of SIP. As stated from some of the others, it does sound like a keep alive issue at this point - your config checks out.. As previously stated, check the sip registration time and the keep alive timeout.. depending on the phone you use, it could very well have some nat friendly settings too.. -Original Message- From: Victor Pasten [mailto:vpas...@connected.cl] Sent: Thursday, August 12, 2010 4:26 PM To: support@pfsense.com Subject: Re: [pfSense Support] asterisk behind pfsense+remote sip clients - Mensaje original - De: Austin G. Smith asm...@neweffectit.com Para: support@pfsense.com Enviados: Jueves, 12 de Agosto 2010 15:32:55 Asunto: RE: [pfSense Support] asterisk behind pfsense+remote sip clients I overcome this issue most of the time by defining your port range w/ asterisk for RTP in the rtp.conf file. Then redirect those ports from the nat device to the asterisk box inside. Make sure you do what needs to be done for nat keepalive if you have states enabled. Also, don’t forget to open 5060 udp on nat to the inside asterisk box. Also note, you can adjust the amount of ports for RTP needed based on how many phones you have. The lower the amount of phones, the lower amount of ports to forward. Mess with port address translation (PAT) or port forwarding, and also try 1:1 nat if you have the public ip's to spare.. my pat is: 5060 - asterisk(ip_internal) 1-2 - asterisk(ip_internal) 4569 - asterisk(ip_internal) nat 1:1, impossible We've only 1 public ip address - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] asterisk behind pfsense+remote sip clients
- Mensaje original - De: Chris Buechler cbuech...@gmail.com Para: support@pfsense.com Enviados: Jueves, 12 de Agosto 2010 15:33:44 Asunto: Re: [pfSense Support] asterisk behind pfsense+remote sip clients On Wed, Aug 11, 2010 at 3:53 PM, Victor Pasten vpas...@connected.cl wrote: I've investigated, I tried with several tricks, but apparently the management of pfsense with nat+sip+udp is not compliant with asterisk That's not true in the least, there are a number of VoIP providers who deploy nothing but pfsense for their clients, and run it in front of their servers, and use Asterisk. Hundreds of boxes I'm aware of like that just between a handful of our customers in such scenarios, which comprise a tiny percentage of the overall user base. If your Asterisk is setup correctly, the page David pointed you to has the solutions to all the common issues. The issue you describe is actually more likely to be the firewall/NAT device the phones are behind than the one your server is behind, probably have short UDP timeouts and your keepalive isn't high enough. - Maybe... with m0n0wall, the same problem... 320/320186.40.x.xD N A 48776UNREACHABLE my sip_nat.conf: nat=yes externip=201.xx.xx.xx localnet=192.168.0.0/255.255.255.0 localnet=192.168.200.0/255.255.255.0 localnet=172.16.30.0/255.255.255.0 externrefresh=120 rtp.conf: rtpstart=1 rtpend=2 but, what more I must do in my asterisk server?. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] asterisk behind pfsense+remote sip clients
- Victor Pasten vpas...@connected.cl wrote: - Mensaje original - De: Chris Buechler cbuech...@gmail.com Para: support@pfsense.com Enviados: Jueves, 12 de Agosto 2010 15:33:44 Asunto: Re: [pfSense Support] asterisk behind pfsense+remote sip clients On Wed, Aug 11, 2010 at 3:53 PM, Victor Pasten vpas...@connected.cl wrote: I've investigated, I tried with several tricks, but apparently the management of pfsense with nat+sip+udp is not compliant with asterisk That's not true in the least, there are a number of VoIP providers who deploy nothing but pfsense for their clients, and run it in front of their servers, and use Asterisk. Hundreds of boxes I'm aware of like that just between a handful of our customers in such scenarios, which comprise a tiny percentage of the overall user base. If your Asterisk is setup correctly, the page David pointed you to has the solutions to all the common issues. The issue you describe is actually more likely to be the firewall/NAT device the phones are behind than the one your server is behind, probably have short UDP timeouts and your keepalive isn't high enough. - Maybe... with m0n0wall, the same problem... 320/320186.40.x.xD N A 48776 UNREACHABLE my sip_nat.conf: nat=yes externip=201.xx.xx.xx localnet=192.168.0.0/255.255.255.0 localnet=192.168.200.0/255.255.255.0 localnet=172.16.30.0/255.255.255.0 externrefresh=120 rtp.conf: rtpstart=1 rtpend=2 but, what more I must do in my asterisk server?. Set nat=yes for peer 320. --Tim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] asterisk behind pfsense+remote sip clients
On Thu, Aug 12, 2010 at 4:59 PM, Victor Pasten vpas...@connected.cl wrote: but, what more I must do in my asterisk server?. Probably nothing given the symptoms, see previous comments on the problem being what your phones are behind, not what your server is behind. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] asterisk behind pfsense+remote sip clients
On Wed, Aug 11, 2010 at 1:53 PM, Victor Pasten vpas...@connected.cl wrote: Hi Guys, recently I've installed a asterisk server (in my lan, behind pfsense 1.2.3-release), everything it's ok, except for some remote sip extentions (polycom device, and x-lite softphone) that periodically are loosing her registration. Most voip problems with pfsense can be solved here: http://doc.pfsense.org/index.php/VoIP_Configuration - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Asterisk behind pfSense
Hi, I am having problem for remote user to register my asterisk. Initially, It was working fine. I read from the support email. Someone installed siproxd. And its working. How to install on my wrap ? using shell to install ? I notice that the feature Install Package is removed from my WRAP. I saw that feature in the earlier version. Is that so ? -santo-
Re: [pfSense Support] Asterisk behind pfSense
Also, in addition to John's great suggestions if this still doesn't work, try sipproxd in the packages section (if you are not running on a embedded platform). Scott On 10/13/05, John Cianfarani [EMAIL PROTECTED] wrote: What protocol SIP or IAX? If it's IAX (recommended for clients dealing with nat) you need to forward port UDP 4569 to your asterisk box. If it's SIP you need to forward port TCP 5060 and UDP 16384-32767 to your asterisk box. Also make sure nat=yes and quality=yes are enabled for that extension in the sip.conf Just so you know gettings clients to work behind NAT can be very tricky. http://www.voip-info.org has a wealth of knowledge on the topic. Someone here can probably give you better info for installing the package but this is what I think would work. SSH/console in. /etc/rc.conf_mount_rw pkg_add http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All/siproxd-0.5.11.tbz /etc/rc.conf_mount_ro Not sure if you would be able to configure through the gui or if you have to edit conf files. Hope that helps John From: Susanto Leman [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 9:19 PM To: support@pfsense.com Subject: [pfSense Support] Asterisk behind pfSense Hi, I am having problem for remote user to register my asterisk. Initially, It was working fine. I read from the support email. Someone installed siproxd. And its working. How to install on my wrap ? using shell to install ? I notice that the feature Install Package is removed from my WRAP. I saw that feature in the earlier version. Is that so ? -santo- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]