Re: [asterisk-users] Do I need a sip proxy?
Hello Bruce, Sorry for the delay. I don't really have time to follow this list much. In your original setup, you did use a sort of SIP Proxy (the central Asterisk feeding the others) depending on your definition. A SIP Proxy would probably solve your issue, but as I stated in my previous mail, you should not need one. Fixing (or exchanging) Pfsense should also solve your issue and then you'll have one less device that can bring your system down. Fixing Pfsense will probably require you to troubleshoot the issue some more to see exactly what happens, so you know what you need to fix. Compare the SIP traffic between your Asterisks and Pfsense to the traffic between Pfsense and your provider. Capture the traffic in .pcap format with ngrep, tcpdump, wireshark or other packet dumping tools, then analyze it in wireshark. To capture traffic outside Pfsense, you'll probably need to mirror a switch port, install a hub or ask your provider to send you a dump. This will require some understanding of the SIP message format and TCP/IP, but it should not be very complicated. I'm quite sure Pfsense changes the contents of the SIP message itself in ways it should not do possibly in addition to changing the IP packets in ways it should not do. It may also possibly block incoming traffic it should not block. If you decide to use a SIP proxy, then going back to your original design (using Asterisk as a proxy) would probably be the easiest for you. Of the alternatives you've listed, I only have experience with Kamailio. In simple setups, its default configuration will not need to be altered much to get it working. Its logic is VERY different to Asterisk, though. I know that Kamailio would be a very good choice for this role. I believe the alternatives would be as well. With kind regards, Pan B. Christensen Senior technician Ibidium AS http://www.ibidium.no/ - Original Message - From: Bruce B To: Asterisk Users Mailing List - Non-Commercial Discussion Sent: Tuesday, January 11, 2011 4:37 PM Subject: Re: [asterisk-users] Do I need a sip proxy? Thanks a lot for the great input Pan. I think you are right on point with this one. I have STATIC PORT enabled in my outbound WAN. I am not sure if it was set for SIP or OpenVPN use but it is there for a reason. So, I try to mingle a bit with Siproxd package. I am a bit fuzzy on it though. If I have the Siproxd enabled, does it act as a one single server that connects multiple times to my provider or providers and then I connect to the Siproxd in return? Or, I can still register from Asterisk directly with the provider(s) and Siproxd will take care of the SIP packets to be handled nicely? If it's the latter then it sounds fine to use otherwise it would not only be complicated but also a downtime to Siproxd mean downtime to all Asterisk servers. ***In addition I have setup Siproxd according to pfsense guide online but once I save the configurations and return to it there are no configs left. I know this question is for pfsense forum but maybe someone else experienced this? ***And to return to my original question, do I need a SIP proxy and which one would be suit my needs? I still like to get an input on my previous e-mail. I have to stay with pfsense for now as it has proven to be a good router in all other aspect. Thanks, On Tue, Jan 11, 2011 at 7:38 AM, Pan B. Christensen p...@ibidium.no wrote: Hello Bruce, Your understanding of NAT is correct, and your setup should work. I’m not familiar with Pfsense, but I suspected that your problem was due to a SIP ALG. Pfsense seems to have a SIP ALG and other special handling of VoIP traffic. Hence, you are not using plain NAT. Pfsense is probably rewriting the SIP packets in addition to the IP packets. Try reconfiguring Pfsense or swapping it for something else. A good way to troubleshoot your scenario is to compare the traffic in your end to the traffic on your providers end (or on either side of pfsense). Pay attention to the source and destination IP and ports in addition to the contents of the SIP messages. http://doc.pfsense.org/index.php/VoIP_Configuration http://en.wikipedia.org/wiki/Application-level_gateway With kind regards, Pan From: Bruce B Sent: Tuesday, January 11, 2011 8:58 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [asterisk-users] Do I need a sip proxy? Hi Everyone, I am running multiple instances of Asterisk in Proxmox and so far I had one central Asterisk feeding all others with trunks from one provider. Now, I want to connect each Asterisk server directly to the provider. Based on my understanding, each connection made to the provider port 5060 would be on a port that is unique to that server. And so other connections made to the same provider will go out through a different port and should receive responses through that different
Re: [asterisk-users] Do I need a sip proxy?
Thanks for the info. I did get it working without any SIP Proxy. There is a bug in pfSense v1.2.3 where certain configs are not removed and some inconsistencies exist in the xml config file. Once I cleaned that and when I limited my Asterisk servers to use different port ranges for UDP traffic now everything is working great. On Tue, Jan 18, 2011 at 7:26 AM, Pan B. Christensen p...@ibidium.no wrote: Hello Bruce, Sorry for the delay. I don't really have time to follow this list much. In your original setup, you did use a sort of SIP Proxy (the central Asterisk feeding the others) depending on your definition. A SIP Proxy would probably solve your issue, but as I stated in my previous mail, you should not need one. Fixing (or exchanging) Pfsense should also solve your issue and then you'll have one less device that can bring your system down. Fixing Pfsense will probably require you to troubleshoot the issue some more to see exactly what happens, so you know what you need to fix. Compare the SIP traffic between your Asterisks and Pfsense to the traffic between Pfsense and your provider. Capture the traffic in .pcap format with ngrep, tcpdump, wireshark or other packet dumping tools, then analyze it in wireshark. To capture traffic outside Pfsense, you'll probably need to mirror a switch port, install a hub or ask your provider to send you a dump. This will require some understanding of the SIP message format and TCP/IP, but it should not be very complicated. I'm quite sure Pfsense changes the contents of the SIP message itself in ways it should not do possibly in addition to changing the IP packets in ways it should not do. It may also possibly block incoming traffic it should not block. If you decide to use a SIP proxy, then going back to your original design (using Asterisk as a proxy) would probably be the easiest for you. Of the alternatives you've listed, I only have experience with Kamailio. In simple setups, its default configuration will not need to be altered much to get it working. Its logic is VERY different to Asterisk, though. I know that Kamailio would be a very good choice for this role. I believe the alternatives would be as well. With kind regards, Pan B. Christensen Senior technician Ibidium AS http://www.ibidium.no/ - Original Message - *From:* Bruce B bruceb...@gmail.com *To:* Asterisk Users Mailing List - Non-Commercial Discussionasterisk-users@lists.digium.com *Sent:* Tuesday, January 11, 2011 4:37 PM *Subject:* Re: [asterisk-users] Do I need a sip proxy? Thanks a lot for the great input Pan. I think you are right on point with this one. I have STATIC PORT enabled in my outbound WAN. I am not sure if it was set for SIP or OpenVPN use but it is there for a reason. So, I try to mingle a bit with Siproxd package. I am a bit fuzzy on it though. If I have the Siproxd enabled, does it act as a one single server that connects multiple times to my provider or providers and then I connect to the Siproxd in return? Or, I can still register from Asterisk directly with the provider(s) and Siproxd will take care of the SIP packets to be handled nicely? If it's the latter then it sounds fine to use otherwise it would not only be complicated but also a downtime to Siproxd mean downtime to all Asterisk servers. ***In addition I have setup Siproxd according to pfsense guide online but once I save the configurations and return to it there are no configs left. I know this question is for pfsense forum but maybe someone else experienced this? ***And to return to my original question, do I need a SIP proxy and which one would be suit my needs? I still like to get an input on my previous e-mail. I have to stay with pfsense for now as it has proven to be a good router in all other aspect. Thanks, On Tue, Jan 11, 2011 at 7:38 AM, Pan B. Christensen p...@ibidium.nowrote: Hello Bruce, Your understanding of NAT is correct, and your setup should work. I’m not familiar with Pfsense, but I suspected that your problem was due to a SIP ALG. Pfsense seems to have a SIP ALG and other special handling of VoIP traffic. Hence, you are not using plain NAT. Pfsense is probably rewriting the SIP packets in addition to the IP packets. Try reconfiguring Pfsense or swapping it for something else. A good way to troubleshoot your scenario is to compare the traffic in your end to the traffic on your providers end (or on either side of pfsense). Pay attention to the source and destination IP and ports in addition to the contents of the SIP messages. http://doc.pfsense.org/index.php/VoIP_Configuration http://en.wikipedia.org/wiki/Application-level_gateway With kind regards, Pan *From:* Bruce B bruceb...@gmail.com *Sent:* Tuesday, January 11, 2011 8:58 AM *To:* Asterisk Users Mailing List - Non-Commercial Discussionasterisk-users@lists.digium.com *Subject:* [asterisk-users] Do I need a sip proxy? Hi Everyone, I
Re: [asterisk-users] Do I need a sip proxy?
Thanks a lot for the great input Pan. I think you are right on point with this one. I have STATIC PORT enabled in my outbound WAN. I am not sure if it was set for SIP or OpenVPN use but it is there for a reason. So, I try to mingle a bit with Siproxd package. I am a bit fuzzy on it though. If I have the Siproxd enabled, does it act as a one single server that connects multiple times to my provider or providers and then I connect to the Siproxd in return? Or, I can still register from Asterisk directly with the provider(s) and Siproxd will take care of the SIP packets to be handled nicely? If it's the latter then it sounds fine to use otherwise it would not only be complicated but also a downtime to Siproxd mean downtime to all Asterisk servers. ***In addition I have setup Siproxd according to pfsense guide online but once I save the configurations and return to it there are no configs left. I know this question is for pfsense forum but maybe someone else experienced this? ***And to return to my original question, do I need a SIP proxy and which one would be suit my needs? I still like to get an input on my previous e-mail. I have to stay with pfsense for now as it has proven to be a good router in all other aspect. Thanks, On Tue, Jan 11, 2011 at 7:38 AM, Pan B. Christensen p...@ibidium.no wrote: Hello Bruce, Your understanding of NAT is correct, and your setup should work. I’m not familiar with Pfsense, but I suspected that your problem was due to a SIP ALG. Pfsense seems to have a SIP ALG and other special handling of VoIP traffic. Hence, you are not using plain NAT. Pfsense is probably rewriting the SIP packets in addition to the IP packets. Try reconfiguring Pfsense or swapping it for something else. A good way to troubleshoot your scenario is to compare the traffic in your end to the traffic on your providers end (or on either side of pfsense). Pay attention to the source and destination IP and ports in addition to the contents of the SIP messages. http://doc.pfsense.org/index.php/VoIP_Configuration http://en.wikipedia.org/wiki/Application-level_gateway With kind regards, Pan *From:* Bruce B bruceb...@gmail.com *Sent:* Tuesday, January 11, 2011 8:58 AM *To:* Asterisk Users Mailing List - Non-Commercial Discussionasterisk-users@lists.digium.com *Subject:* [asterisk-users] Do I need a sip proxy? Hi Everyone, I am running multiple instances of Asterisk in Proxmox and so far I had one central Asterisk feeding all others with trunks from one provider. Now, I want to connect each Asterisk server directly to the provider. Based on my understanding, each connection made to the provider port 5060 would be on a port that is unique to that server. And so other connections made to the same provider will go out through a different port and should receive responses through that different port. At least that is my understanding of NAT. The provider should see me trying to register from the same IP with multiple different ports (high number ports; not talking about 5060 as this is outbound and not inbound) and should be able to differentiate between SIP packets coming from various servers. However, it seems to not happen. There is some sort of clash and only one of the servers shows registered with the provider and other's trunks go down. I have noticed that keeping one server works. It could also be that my Fail2ban kicks in on all servers if the SIP packets received are broadcasted to all servers which shouldn't really happen and router should take of this by sending it to the server that has the established connection through that port. *My equipment:* Asterisk 1.6x Pfsense 1.2.3 Dumb Switch *My questions:* A- What is the rational behind this? B- Do I need a sip proxy server? Something like Siproxd, OpenSIPs, or Kamailio? C- Which one of the above is the easiest to get running given I never tried any of those. D- If I am doing an SIP proxy server then it might have to also be redundant. What options do I have in that and which of above or any other suggested package might be great for future expansions. Clarification on how NAT would work in situations like this would be much appreciated. Thanks -- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options
Re: [asterisk-users] Do I need a sip proxy?
Hi, At least that is my understanding of NAT. The provider should see me trying to register from the same IP with multiple different ports (high number ports; not talking about 5060 as this is outbound and not inbound) and should be able to differentiate between SIP packets coming from various servers. However, it seems to not happen. There is some sort of clash and only one of the servers shows registered with the provider and other's trunks go down. I have noticed that keeping one server works. What I have noticed with consumer grade NAT routers is that they seem to be optimized to only keep track of one single client that is allowed to connect to a server:port tuple on the outside. So if a SIP client on local ip_a and port 5060 on the inside of the router is talking to a server outside of the NAT at ip_s and port 5060 it works fine, but the minute a second client at local IP ip_b and port 5060 starts to talk to ip_s at port 5060 on the outside of the same NAT router all traffic from server_s is sent to ip_b and ip_a will receive nothing. With NAT entry timeouts and regular traffic from ip_a and ip_b you might see only one local client being reachable all the time or connectivity hopping from one to te other at regular intervals. There are NAT implementations that do not have this problem, but that might require a more expensive router or you can configure the SIP clients to all use different local ports. Perhaps this is a result of some sort of SIP ALG or a stupid basic NAT implementation to reduce code complexity on the router, but it is a nuisance either way. -- Andreas Sikkema -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Do I need a sip proxy?
Hi Everyone, I am running multiple instances of Asterisk in Proxmox and so far I had one central Asterisk feeding all others with trunks from one provider. Now, I want to connect each Asterisk server directly to the provider. Based on my understanding, each connection made to the provider port 5060 would be on a port that is unique to that server. And so other connections made to the same provider will go out through a different port and should receive responses through that different port. At least that is my understanding of NAT. The provider should see me trying to register from the same IP with multiple different ports (high number ports; not talking about 5060 as this is outbound and not inbound) and should be able to differentiate between SIP packets coming from various servers. However, it seems to not happen. There is some sort of clash and only one of the servers shows registered with the provider and other's trunks go down. I have noticed that keeping one server works. It could also be that my Fail2ban kicks in on all servers if the SIP packets received are broadcasted to all servers which shouldn't really happen and router should take of this by sending it to the server that has the established connection through that port. *My equipment:* Asterisk 1.6x Pfsense 1.2.3 Dumb Switch *My questions:* A- What is the rational behind this? B- Do I need a sip proxy server? Something like Siproxd, OpenSIPs, or Kamailio? C- Which one of the above is the easiest to get running given I never tried any of those. D- If I am doing an SIP proxy server then it might have to also be redundant. What options do I have in that and which of above or any other suggested package might be great for future expansions. Clarification on how NAT would work in situations like this would be much appreciated. Thanks -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Do I need a SIP Proxy for this?
I've got an Asterisk server, and several SIP phones behind our router here. Things are working just perfectly inside the network, just as the should. However, I'm not trying to configure my asterisk server to talk with SIP services outside our network, once such example is my gizmo project account. This isn't working out to well. Would it be useful to have a SIP proxy outside of my firewall that then interfaces with both my asterisk server inside the network and whatever else outside the network? Or am I trying to find a solution in all the wrong ways? So far, voip-info.org and google have told me what I want to doesn't work, but can't find anything good on what does work. Much appreciate your guidance. -jonathan ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Do I need a SIP Proxy for this?
- Jonathan Moore supermegat...@gmail.com wrote: I've got an Asterisk server, and several SIP phones behind our router here. Things are working just perfectly inside the network, just as the should. However, I'm not trying to configure my asterisk server to talk with SIP services outside our network, once such example is my gizmo project account. This isn't working out to well. Would it be useful to have a SIP proxy outside of my firewall that then interfaces with both my asterisk server inside the network and whatever else outside the network? Or am I trying to find a solution in all the wrong ways? So far, voip-info.org and google have told me what I want to doesn't work, but can't find anything good on what does work. Much appreciate your guidance. -jonathan Could you elaborate a bit more? What isn't 'working out to well'? Are you getting failed calls? One way or no audio? --Tim ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Do I need a SIP Proxy for this?
On Wed, May 20, 2009 at 1:50 PM, Tim Nelson tnel...@rockbochs.com wrote: Could you elaborate a bit more? What isn't 'working out to well'? Are you getting failed calls? One way or no audio? Sorry for the lack of information. I posted in a bit of haste. Initially it was failed calls, or not being able to register. I had a line similar to register = 00...@proxy01.sipphone.com in sip.conf and it was never able to successfully register. I would get a timeout after so long, and then it would send again. I then added the externalip and localnetwork configurations to sip.conf and set the proxy01.sipphone.com section to include the nat=yes, and this netted me one way audio, only after i swapped out the aging cisco router for a vyatta install. I mostly followed guides found on voip-info.org for gizmo and sip, and also the information on Gizmo's website. Another area that had issues with with having something like Dial(SIP/remotehost) would fail to connect to remotehost. -jonathan ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Do I need a SIP Proxy for this?
No, you don't necessarily need a SIP proxy for this. Furthermore, while a SIP proxy might assist with certain SIP-level reachability issues, it will do nothing for the actual audio (media) if there are NAT issues that prevent that from getting through. As the other reply said, this isn't working out well needs some explanation. Jonathan Moore wrote: I've got an Asterisk server, and several SIP phones behind our router here. Things are working just perfectly inside the network, just as the should. However, I'm not trying to configure my asterisk server to talk with SIP services outside our network, once such example is my gizmo project account. This isn't working out to well. Would it be useful to have a SIP proxy outside of my firewall that then interfaces with both my asterisk server inside the network and whatever else outside the network? Or am I trying to find a solution in all the wrong ways? So far, voip-info.org and google have told me what I want to doesn't work, but can't find anything good on what does work. Much appreciate your guidance. -jonathan ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Alex Balashov Evariste Systems Web : http://www.evaristesys.com/ Tel : (+1) (678) 954-0670 Direct : (+1) (678) 954-0671 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users