Re: [pfSense] Netgate Firmware

[Jim Thompson]

One more time:  there is only so much I can say about the issue.  Richard
Relph's message is inaccurate, but I can not describe why or how.

Specific to the subject of this thread:  The coreboot (it's not really a
BIOS, and yes, I'm splitting hairs) update addresses a Intel-issued
"specification clarification" for C2000-based systems.

The Intel specification clarification is available at the following
location:
https://www-ssl.intel.com/content/dam/www/public/us/en/documents/specification-updates/atom-c2000-family-spec-update.pdf

This specification clarification includes the following text on page 36:

*“If your system does not use SERIRQ and BIOS puts SERIRQ in Quiet-Mode,
then the*
*weak external pull up resistor is not required. All other cases must
implement an*
*external pull-up resistor, 8.2k to 10k, tied to 3.3V.”*

Since the LPC bus, including SERIRQ is not used in the SG-2xxx, SG-4xxx and
SG-8xxx systems, a software workaround for this specification clarification
has been implemented by ADI Engineering in v12 of coreboot for the affected
systems. The workaround disables SERIRQ to prevent indeterminate interrupt
behavior for these systems.

The instructions on how to update all affected systems are at the following
URLs:

https://www.netgate.com/docs/sg-2220/adi-bios-flash.html
https://www.netgate.com/docs/sg-2440/adi-bios-flash.html
https://www.netgate.com/docs/sg-4860/adi-bios-flash.html
https://www.netgate.com/docs/sg-4860-1u/adi-bios-flash.html
https://www.netgate.com/docs/sg-8860-1u/adi-bios-flash.html

We are also working on a 'package' (for pfSense) that will do most of the
work outlined in this documentation.

If you aren't running pfSense on your system, then there is a
different procedure, please contact Netgate customer support.

We have tested this update and believe it to be low risk for you to
implement. However, we encourage you to always backup your configuration
before applying any update or change.

We recommend that you update your affected systems at your earliest
convenience.

Jim


On Tue, Mar 21, 2017 at 3:33 PM, Richard A. Relph 
wrote:

> Google “cisco intel atom issue” for some of the coverage of the problem.
> The symptom appears to be that on a reboot (power on? cold reset? warm
> reset?) the Atom may not generate LPC clocks… kinda fatal. But it seemingly
> doesn’t happen in the course of normal operation.
>
> Richard
>
> > On Mar 21, 2017, at 1:24 PM, Steve Yates  wrote:
> >
> >   Note despite the thread subject, the affected models are:
> >
> > SG-2220
> > SG-2440
> > SG-4860
> > SG-8860
> > SG-4860-1U
> > SG-8860-1U
> >
> > However, what is the symptom?  We have a handful of these in service at
> various clients but have not noticed any issues that we're aware of.
> >
> > --
> >
> > Steve Yates
> > ITS, Inc.
> >
> > -Original Message-
> > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jon
> Gerdes
> > Sent: Tuesday, March 21, 2017 12:57 PM
> > To: list@lists.pfsense.org
> > Subject: Re: [pfSense] Netgate Firmware
> >
> >
> > Topic: SG-2440 bios upgrade:
> >
> > https://forum.pfsense.org/index.php?topic=127418.msg703237#msg703237
> >
> >
> > On Mon, 2017-03-20 at 19:49 -0500, Richard A. Relph wrote:
> >> OK, now you guys have me curious…
> >>
> >> I have a Netgate SG-2440 purchased directly from Netgate. I’ve
> >> received no emails. I don’t frequent the forums. But I am aware of an
> >> “alleged” chip issue, which I believe my unit is susceptible to.
> >>
> >> Can someone provide a link to a relevant forum thread?
> >>
> >> Thanks,
> >> Richard
> >>
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Netgate Firmware

[Richard A. Relph]

Google “cisco intel atom issue” for some of the coverage of the problem. The 
symptom appears to be that on a reboot (power on? cold reset? warm reset?) the 
Atom may not generate LPC clocks… kinda fatal. But it seemingly doesn’t happen 
in the course of normal operation.

Richard

> On Mar 21, 2017, at 1:24 PM, Steve Yates  wrote:
> 
>   Note despite the thread subject, the affected models are:
> 
> SG-2220
> SG-2440
> SG-4860
> SG-8860
> SG-4860-1U
> SG-8860-1U
> 
> However, what is the symptom?  We have a handful of these in service at 
> various clients but have not noticed any issues that we're aware of.
> 
> --
> 
> Steve Yates
> ITS, Inc.
> 
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jon Gerdes
> Sent: Tuesday, March 21, 2017 12:57 PM
> To: list@lists.pfsense.org
> Subject: Re: [pfSense] Netgate Firmware
> 
> 
> Topic: SG-2440 bios upgrade: 
> 
> https://forum.pfsense.org/index.php?topic=127418.msg703237#msg703237
> 
> 
> On Mon, 2017-03-20 at 19:49 -0500, Richard A. Relph wrote:
>> OK, now you guys have me curious…
>> 
>> I have a Netgate SG-2440 purchased directly from Netgate. I’ve
>> received no emails. I don’t frequent the forums. But I am aware of an
>> “alleged” chip issue, which I believe my unit is susceptible to.
>> 
>> Can someone provide a link to a relevant forum thread?
>> 
>> Thanks,
>> Richard
>> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SIP through IKEv2-tunnel

[Karl Fife]

Time to do a pcap, and see what's actually happening.   Look in the SIP 
session description (SDP) and see what IP addresses the client is 
telling the other side to communicate with.   Divide and conquer.



On 3/21/2017 5:42 AM, Martin Fuchs wrote:

what really irritates me is the fact (tried it just now) that using it over 
OpenVPN instead of IKEv2 it works...

any idea ?

i'm gonna look over it again...


Von: List  im Auftrag von Martin Fuchs 

Gesendet: Dienstag, 21. März 2017 10:45:34
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

I think so, too, that's what confuses me.


Internet -> Router -> (NAT: IPSec, OpenVPN) pfSense


so the SIP-Clients would tunnel trough the the router, terminate with the 
pfSense and the unencrypted packets are sent back to the router (which hosts 
the PBX).


In my opitnion it should work, too...




Von: List  im Auftrag von Vick Khera 

Gesendet: Montag, 20. März 2017 13:48:06
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

You only need siproxyd if you have multiple SIP clients inside your network
trying to talk outside.

SIP should work just fine in your situation where your PBX software and
your client are within the same VPN and do not block any traffic.

That is, I have a situation like this and it works just fine:

Internet <- pfSense NAT <- Switchvox <- local LAN clients

remotes  -> pfSense VPN -> Switchvox


I can't tell from the OP's original description how the connections are
configured.


On Mon, Mar 20, 2017 at 6:10 AM, Eero Volotinen 
wrote:


maybe you need something like this
https://doc.pfsense.org/index.php/Siproxd_package

Eero

20.3.2017 11.56 ap. "Martin Fuchs"  kirjoitti:


Hi !

I have a Fritz!Box (router) connected to the internet (no other
possibility).

In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.

This pfSense VM just operates as a VPN-Gateway.

I have set up the routes in the Fritz!Box for the dial-in networks to the
pfSense.


I can connect via IKEv2 and browse internat services.

I have a Fritz!App (SIP-Client) on my phone.

This app connects to the Fritz!Box (which provides a SIP-connection)
successfully.


When I try to make a call, the other phone rings BUT no party cann hear
the other.


It seems to me like a RTP-issue.


On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.

The firewall-rules allow IPSec to LAN (any service).

I'm running pfSense 2.3.3p1 with one interface.


Does anyone have any idea or some hint for me ?


regards,

martin
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Netgate Firmware

[Steve Yates]

Note despite the thread subject, the affected models are:

SG-2220
SG-2440
SG-4860
SG-8860
SG-4860-1U
SG-8860-1U

However, what is the symptom?  We have a handful of these in service at various 
clients but have not noticed any issues that we're aware of.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jon Gerdes
Sent: Tuesday, March 21, 2017 12:57 PM
To: list@lists.pfsense.org
Subject: Re: [pfSense] Netgate Firmware


Topic: SG-2440 bios upgrade: 

https://forum.pfsense.org/index.php?topic=127418.msg703237#msg703237


On Mon, 2017-03-20 at 19:49 -0500, Richard A. Relph wrote:
> OK, now you guys have me curious…
> 
> I have a Netgate SG-2440 purchased directly from Netgate. I’ve
> received no emails. I don’t frequent the forums. But I am aware of an
> “alleged” chip issue, which I believe my unit is susceptible to.
> 
> Can someone provide a link to a relevant forum thread?
> 
> Thanks,
> Richard
> 
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Netgate Firmware

[Jon Gerdes]

Topic: SG-2440 bios upgrade: 

https://forum.pfsense.org/index.php?topic=127418.msg703237#msg703237


On Mon, 2017-03-20 at 19:49 -0500, Richard A. Relph wrote:
> OK, now you guys have me curious…
> 
> I have a Netgate SG-2440 purchased directly from Netgate. I’ve
> received no emails. I don’t frequent the forums. But I am aware of an
> “alleged” chip issue, which I believe my unit is susceptible to.
> 
> Can someone provide a link to a relevant forum thread?
> 
> Thanks,
> Richard
> 
> 
> > On Mar 20, 2017, at 7:37 PM, Jon Gerdes 
> > wrote:
> > 
> > I understand where you are coming from but I don't think the
> > occasional
> >  note from vendors of pfSense kit that covers issues with high
> > importance (to users as well as vendors) could be classified as
> > spam on
> > the pfSense list. 
> > 
> > There are a lot of Netgate users here and Netgate gear has a bit of
> > a
> > focus, OS-wise.  
> > 
> > In this particular case the issue is not confined to Netgate gear
> > and
> > spelling it out here can't do any harm that I can foresee.  
> > 
> > You may prod users of other hardware platforms to investigate
> > whether
> > they they have the affected chips in their systems.  That can't be
> > a
> > bad thing provided the note is presented in a reasonably generic
> > way
> > but obviously you could mention specific products that you know are
> > affected from your range or perhaps a short note pointing Netgate
> > users
> > to a URL for more info.
> > 
> > Cheers
> > Jon
> > 
> > 
> > 
> > On Mon, 2017-03-20 at 19:15 -0500, Jim Thompson wrote:
> > > I tend to be careful about spamming the pfSense list with things
> > > that
> > > aren't directly related to pfSense.
> > > 
> > > Jim
> > > 
> > > On Mon, Mar 20, 2017 at 7:13 PM, Jon Gerdes  > > >
> > > wrote:
> > > > It might be worth putting a press release style post here as
> > > > well
> > > > anyway.
> > > > 
> > > > Your mailing list may not be perfect and some people have a
> > > > nasty
> > > > habit
> > > > of registering things with their own email address instead of a
> > > > group
> > > > address/alias and then moving on.  Thir account gets deleted
> > > > and
> > > > that
> > > > box that does something for the internets stops working and it
> > > > could
> > > > have been fixed by a timely firmware update.
> > > > 
> > > > To be fair, there is quite a lot of chat on the forums about
> > > > this
> > > > and
> > > > any interested pfSenser should be hanging out there as well as
> > > > here.
> > > > 
> > > > 
> > > > 
> > > > On Mon, 2017-03-20 at 18:57 -0500, Jim Thompson wrote:
> > > > > we only sent it to customers of affected units.
> > > > > 
> > > > > On Mon, Mar 20, 2017 at 5:43 PM, WebDawg 
> > > > > wrote:
> > > > > > Is there any other list for netgate firmware updates?  I
> > > > > > just
> > > > > > received a
> > > > > > notification from sales@pfsense about netgate firmware
> > > > > > updates
> > > > > > but
> > > > > > it was
> > > > > > not sent to this list?
> > > > > > ___
> > > > > > pfSense mailing list
> > > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > > Support the project with Gold! https://pfsense.org/gold
> > > > > 
> > > > > ___
> > > > > pfSense mailing list
> > > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > > Support the project with Gold! https://pfsense.org/gold
> > > > 
> > > > ___
> > > > pfSense mailing list
> > > > https://lists.pfsense.org/mailman/listinfo/list
> > > > Support the project with Gold! https://pfsense.org/gold
> > > 
> > > ___
> > > pfSense mailing list
> > > https://lists.pfsense.org/mailman/listinfo/list
> > > Support the project with Gold! https://pfsense.org/gold
> > 
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SIP through IKEv2-tunnel

[Martin Fuchs]

what really irritates me is the fact (tried it just now) that using it over 
OpenVPN instead of IKEv2 it works...

any idea ?

i'm gonna look over it again...


Von: List  im Auftrag von Martin Fuchs 

Gesendet: Dienstag, 21. März 2017 10:45:34
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

I think so, too, that's what confuses me.


Internet -> Router -> (NAT: IPSec, OpenVPN) pfSense


so the SIP-Clients would tunnel trough the the router, terminate with the 
pfSense and the unencrypted packets are sent back to the router (which hosts 
the PBX).


In my opitnion it should work, too...




Von: List  im Auftrag von Vick Khera 

Gesendet: Montag, 20. März 2017 13:48:06
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

You only need siproxyd if you have multiple SIP clients inside your network
trying to talk outside.

SIP should work just fine in your situation where your PBX software and
your client are within the same VPN and do not block any traffic.

That is, I have a situation like this and it works just fine:

Internet <- pfSense NAT <- Switchvox <- local LAN clients

remotes  -> pfSense VPN -> Switchvox


I can't tell from the OP's original description how the connections are
configured.


On Mon, Mar 20, 2017 at 6:10 AM, Eero Volotinen 
wrote:

> maybe you need something like this
> https://doc.pfsense.org/index.php/Siproxd_package
>
> Eero
>
> 20.3.2017 11.56 ap. "Martin Fuchs"  kirjoitti:
>
> > Hi !
> >
> > I have a Fritz!Box (router) connected to the internet (no other
> > possibility).
> >
> > In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.
> >
> > This pfSense VM just operates as a VPN-Gateway.
> >
> > I have set up the routes in the Fritz!Box for the dial-in networks to the
> > pfSense.
> >
> >
> > I can connect via IKEv2 and browse internat services.
> >
> > I have a Fritz!App (SIP-Client) on my phone.
> >
> > This app connects to the Fritz!Box (which provides a SIP-connection)
> > successfully.
> >
> >
> > When I try to make a call, the other phone rings BUT no party cann hear
> > the other.
> >
> >
> > It seems to me like a RTP-issue.
> >
> >
> > On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.
> >
> > The firewall-rules allow IPSec to LAN (any service).
> >
> > I'm running pfSense 2.3.3p1 with one interface.
> >
> >
> > Does anyone have any idea or some hint for me ?
> >
> >
> > regards,
> >
> > martin
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SIP through IKEv2-tunnel

[Martin Fuchs]

no change with sipproxd installed...
very strange...

Von: List  im Auftrag von Martin Fuchs 

Gesendet: Dienstag, 21. März 2017 10:44:36
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

since it's only one client i did not think about it but it's worth a try...


Von: List  im Auftrag von Eero Volotinen 

Gesendet: Montag, 20. März 2017 11:10:56
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

maybe you need something like this
https://doc.pfsense.org/index.php/Siproxd_package

Eero

20.3.2017 11.56 ap. "Martin Fuchs"  kirjoitti:

> Hi !
>
> I have a Fritz!Box (router) connected to the internet (no other
> possibility).
>
> In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.
>
> This pfSense VM just operates as a VPN-Gateway.
>
> I have set up the routes in the Fritz!Box for the dial-in networks to the
> pfSense.
>
>
> I can connect via IKEv2 and browse internat services.
>
> I have a Fritz!App (SIP-Client) on my phone.
>
> This app connects to the Fritz!Box (which provides a SIP-connection)
> successfully.
>
>
> When I try to make a call, the other phone rings BUT no party cann hear
> the other.
>
>
> It seems to me like a RTP-issue.
>
>
> On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.
>
> The firewall-rules allow IPSec to LAN (any service).
>
> I'm running pfSense 2.3.3p1 with one interface.
>
>
> Does anyone have any idea or some hint for me ?
>
>
> regards,
>
> martin
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SIP through IKEv2-tunnel

[Martin Fuchs]

I think so, too, that's what confuses me.


Internet -> Router -> (NAT: IPSec, OpenVPN) pfSense


so the SIP-Clients would tunnel trough the the router, terminate with the 
pfSense and the unencrypted packets are sent back to the router (which hosts 
the PBX).


In my opitnion it should work, too...




Von: List  im Auftrag von Vick Khera 

Gesendet: Montag, 20. März 2017 13:48:06
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

You only need siproxyd if you have multiple SIP clients inside your network
trying to talk outside.

SIP should work just fine in your situation where your PBX software and
your client are within the same VPN and do not block any traffic.

That is, I have a situation like this and it works just fine:

Internet <- pfSense NAT <- Switchvox <- local LAN clients

remotes  -> pfSense VPN -> Switchvox


I can't tell from the OP's original description how the connections are
configured.


On Mon, Mar 20, 2017 at 6:10 AM, Eero Volotinen 
wrote:

> maybe you need something like this
> https://doc.pfsense.org/index.php/Siproxd_package
>
> Eero
>
> 20.3.2017 11.56 ap. "Martin Fuchs"  kirjoitti:
>
> > Hi !
> >
> > I have a Fritz!Box (router) connected to the internet (no other
> > possibility).
> >
> > In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.
> >
> > This pfSense VM just operates as a VPN-Gateway.
> >
> > I have set up the routes in the Fritz!Box for the dial-in networks to the
> > pfSense.
> >
> >
> > I can connect via IKEv2 and browse internat services.
> >
> > I have a Fritz!App (SIP-Client) on my phone.
> >
> > This app connects to the Fritz!Box (which provides a SIP-connection)
> > successfully.
> >
> >
> > When I try to make a call, the other phone rings BUT no party cann hear
> > the other.
> >
> >
> > It seems to me like a RTP-issue.
> >
> >
> > On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.
> >
> > The firewall-rules allow IPSec to LAN (any service).
> >
> > I'm running pfSense 2.3.3p1 with one interface.
> >
> >
> > Does anyone have any idea or some hint for me ?
> >
> >
> > regards,
> >
> > martin
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SIP through IKEv2-tunnel

[Martin Fuchs]

since it's only one client i did not think about it but it's worth a try...


Von: List  im Auftrag von Eero Volotinen 

Gesendet: Montag, 20. März 2017 11:10:56
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

maybe you need something like this
https://doc.pfsense.org/index.php/Siproxd_package

Eero

20.3.2017 11.56 ap. "Martin Fuchs"  kirjoitti:

> Hi !
>
> I have a Fritz!Box (router) connected to the internet (no other
> possibility).
>
> In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.
>
> This pfSense VM just operates as a VPN-Gateway.
>
> I have set up the routes in the Fritz!Box for the dial-in networks to the
> pfSense.
>
>
> I can connect via IKEv2 and browse internat services.
>
> I have a Fritz!App (SIP-Client) on my phone.
>
> This app connects to the Fritz!Box (which provides a SIP-connection)
> successfully.
>
>
> When I try to make a call, the other phone rings BUT no party cann hear
> the other.
>
>
> It seems to me like a RTP-issue.
>
>
> On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.
>
> The firewall-rules allow IPSec to LAN (any service).
>
> I'm running pfSense 2.3.3p1 with one interface.
>
>
> Does anyone have any idea or some hint for me ?
>
>
> regards,
>
> martin
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SIP through IKEv2-tunnel

[Martin Fuchs]

Hi !

No possibility to disable STUN on the SIP client.


Von: List  im Auftrag von Rosen Iliev 

Gesendet: Montag, 20. März 2017 19:51:26
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

Hi,

Have you try to disable the STUN support on your phone?

Cheers,

Rosen

Martin Fuchs wrote on 3/20/2017 3:36 AM:
> Hi !
>
> I have a Fritz!Box (router) connected to the internet (no other possibility).
>
> In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.
>
> This pfSense VM just operates as a VPN-Gateway.
>
> I have set up the routes in the Fritz!Box for the dial-in networks to the 
> pfSense.
>
>
> I can connect via IKEv2 and browse internat services.
>
> I have a Fritz!App (SIP-Client) on my phone.
>
> This app connects to the Fritz!Box (which provides a SIP-connection) 
> successfully.
>
>
> When I try to make a call, the other phone rings BUT no party cann hear the 
> other.
>
>
> It seems to me like a RTP-issue.
>
>
> On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.
>
> The firewall-rules allow IPSec to LAN (any service).
>
> I'm running pfSense 2.3.3p1 with one interface.
>
>
> Does anyone have any idea or some hint for me ?
>
>
> regards,
>
> martin
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold