Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-28 Thread Hannes Werner
I would like to repeat Vassilis questions:

Has this been implemented? Could this be implemented? Do the pfsense
dev's need some more info? Can we help with testing?

On Sat, Sep 27, 2014 at 1:02 PM, Vassilis V. bigracc...@gmx.net wrote:
 ADSL over PPPoE with constant changing IPs is the standard in some
 countries, we do not have such connections because we chose them and we
 like the challenge..

 Reading again the whole bug report, there seems to be alot of people
 affected by this and Tom De Coninck has made alot of effort to figure
 out what might be the issue.

 In the last post of Tom, he comes to a very exact conclusion:
 I think this proves that pfsense not only needs to kill states on 'WAN
 DOWN' , but also on 'WAN UP'. I can't see how it could work otherwise

 Has this been implemented? Could this be implemented? Do the pfsense
 dev's need some more info? Can we help with testing?

 Vassilis


 Hannes Werner wrote on 26.09.2014 22:53:
 Thanks Vassilis,

 I've these settings already - without any success.

 On Fri, Sep 26, 2014 at 9:03 PM, Vassilis V. bigracc...@gmx.net wrote:


 Hannes Werner wrote on 26.09.2014 16:51:
 thank you very much Giles, but unfortunately it doesn't help.

 anyone here who is using asterisk behind pfSense on a dynamic IP WAN
 successfully?


 Hello Hannes!

 I have also used asterisk behind a dynamic PPPoE WAN. I had the exact
 same issues that the bug report is describing.

 I tried different ways to get it to work and I found that some solutions
 work with some providers, but fail at others. There seems to be alot of
 black magic involved when configuring SIP to work in such a configuration :)

 What worked best was to set nat=no and externip=the local asterisk IP.
 I had also not done any port forwards whatsoever on pfsense,  outgoing
 NAT was set to automatic.

 I certainly cannot explain why it was working that way!


 Hope it helps!
 Vassilis
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-28 Thread Espen Johansen
If this is to be implemented it should be a tick box on each interfance.
Dropping all states if you want to move a cable/reroute it is not a good
idea.
This needs to be user controllable or only affect interface if
is_interface_type=pppoe.

Just my 2 cents.

-lsf
28. sep. 2014 19:19 skrev Hannes Werner jgoe...@gmail.com følgende:

 I would like to repeat Vassilis questions:

 Has this been implemented? Could this be implemented? Do the pfsense
 dev's need some more info? Can we help with testing?

 On Sat, Sep 27, 2014 at 1:02 PM, Vassilis V. bigracc...@gmx.net wrote:
  ADSL over PPPoE with constant changing IPs is the standard in some
  countries, we do not have such connections because we chose them and we
  like the challenge..
 
  Reading again the whole bug report, there seems to be alot of people
  affected by this and Tom De Coninck has made alot of effort to figure
  out what might be the issue.
 
  In the last post of Tom, he comes to a very exact conclusion:
  I think this proves that pfsense not only needs to kill states on 'WAN
  DOWN' , but also on 'WAN UP'. I can't see how it could work otherwise
 
  Has this been implemented? Could this be implemented? Do the pfsense
  dev's need some more info? Can we help with testing?
 
  Vassilis
 
 
  Hannes Werner wrote on 26.09.2014 22:53:
  Thanks Vassilis,
 
  I've these settings already - without any success.
 
  On Fri, Sep 26, 2014 at 9:03 PM, Vassilis V. bigracc...@gmx.net
 wrote:
 
 
  Hannes Werner wrote on 26.09.2014 16:51:
  thank you very much Giles, but unfortunately it doesn't help.
 
  anyone here who is using asterisk behind pfSense on a dynamic IP WAN
  successfully?
 
 
  Hello Hannes!
 
  I have also used asterisk behind a dynamic PPPoE WAN. I had the exact
  same issues that the bug report is describing.
 
  I tried different ways to get it to work and I found that some
 solutions
  work with some providers, but fail at others. There seems to be alot of
  black magic involved when configuring SIP to work in such a
 configuration :)
 
  What worked best was to set nat=no and externip=the local asterisk
 IP.
  I had also not done any port forwards whatsoever on pfsense,  outgoing
  NAT was set to automatic.
 
  I certainly cannot explain why it was working that way!
 
 
  Hope it helps!
  Vassilis
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-28 Thread PiBa

Hi Guy's,

Anyone care to test if this fixes the issue?

I dont have a pppoe myself , but do think everyone with a changing wan 
ip is affected by old udp states that stay alive long after a outbound 
natted ip has changed..
I think there is no danger in dropping all states that use that specific 
old ip, as it nolonger is used by pfSense and you wouldnt know where 
might exist now..


Place the code below in the file /etc/rc.newwanip at the bottom of the 
file just before the ?

--
if (is_ipaddr($oldip)  $curwanip != $oldip) {
/*  Reset states that are using the wan-ip, for example outbound natted
udp traffic would otherwise stay natted using the old wan-ip */
mwexec_bg(/sbin/pfctl -k $oldip);
}
--
Please report back if this fixes the issue, or if any unwanted 
side-effects occur..
Ive send a pull-request for pfSense 2.2 containing this change: 
https://github.com/pfsense/pfsense/pull/1299/files


p.s. im not a 'pfSense dev' , just a user and contributer.. use it at 
your own risk ;)..

Greets PiBa-NL

Espen Johansen schreef op 28-9-2014 19:26:


If this is to be implemented it should be a tick box on each 
interfance. Dropping all states if you want to move a cable/reroute it 
is not a good idea.
This needs to be user controllable or only affect interface if 
is_interface_type=pppoe.


Just my 2 cents.

-lsf

28. sep. 2014 19:19 skrev Hannes Werner jgoe...@gmail.com 
mailto:jgoe...@gmail.com følgende:


I would like to repeat Vassilis questions:

Has this been implemented? Could this be implemented? Do the pfsense
dev's need some more info? Can we help with testing?

On Sat, Sep 27, 2014 at 1:02 PM, Vassilis V. bigracc...@gmx.net
mailto:bigracc...@gmx.net wrote:
 ADSL over PPPoE with constant changing IPs is the standard in some
 countries, we do not have such connections because we chose them
and we
 like the challenge..

 Reading again the whole bug report, there seems to be alot of people
 affected by this and Tom De Coninck has made alot of effort to
figure
 out what might be the issue.

 In the last post of Tom, he comes to a very exact conclusion:
 I think this proves that pfsense not only needs to kill states
on 'WAN
 DOWN' , but also on 'WAN UP'. I can't see how it could work
otherwise

 Has this been implemented? Could this be implemented? Do the pfsense
 dev's need some more info? Can we help with testing?

 Vassilis


 Hannes Werner wrote on 26.09.2014 22 tel:26.09.2014%2022:53:
 Thanks Vassilis,

 I've these settings already - without any success.

 On Fri, Sep 26, 2014 at 9:03 PM, Vassilis V.
bigracc...@gmx.net mailto:bigracc...@gmx.net wrote:


 Hannes Werner wrote on 26.09.2014 16 tel:26.09.2014%2016:51:
 thank you very much Giles, but unfortunately it doesn't help.

 anyone here who is using asterisk behind pfSense on a dynamic
IP WAN
 successfully?


 Hello Hannes!

 I have also used asterisk behind a dynamic PPPoE WAN. I had
the exact
 same issues that the bug report is describing.

 I tried different ways to get it to work and I found that some
solutions
 work with some providers, but fail at others. There seems to
be alot of
 black magic involved when configuring SIP to work in such a
configuration :)

 What worked best was to set nat=no and externip=the local
asterisk IP.
 I had also not done any port forwards whatsoever on pfsense, 
outgoing

 NAT was set to automatic.

 I certainly cannot explain why it was working that way!


 Hope it helps!
 Vassilis
 ___
 List mailing list
 List@lists.pfsense.org mailto:List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org mailto:List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

 ___
 List mailing list
 List@lists.pfsense.org mailto:List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org mailto:List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-27 Thread Drew Lehman
First off, let me point out that I am a user, not a developer. Secondly 
you may want to tone down the attitude.  Since many of the developers 
volunteer, they won't bother taking on a bug that is a) limited in scope 
b) having someone pester them about.  that being said, the bug is NOT 
exclusive to pfsense.  While pfsense may be able to implement some 
workarounds, this is ultimately an asterisks issue.  You may have more 
luck asking the asterisks community to fix it.
Yes, it works on some routers, but from what I was able to find the bug 
is very narrow in scope, such as what someone already replied :

The triggers for this issue seem to be, specifically:
 - PPPoE WAN interface
 - dynamic WAN IP
 - SIP service provider
Not having a PPoE WAN would fix this too.  As for the idea of asterisks 
on a dynamic address; the idea of having many services hosted on a 
dynamic address is generally discouraged because of the extra complexity 
and lack of reliability that comes with it.  This is not specifically 
about asterisks.


Now, back to the bug.  From what I have read, this seems to be an issue 
with the states table, which probably means that the WAN address is 
changing and the states are not being update.  I'm not sure why your ISP 
would be changing your IP all the time.  Most simply give you one when 
you connect and you keep it until you are no longer connected.  Without 
knowing the exact problem, it would probably involve clearing the state 
table every time the address changes and that may have other considerations.



On 9/26/2014 7:42 AM, Hannes Werner wrote:

are you saying that people with dynamic IP shouldn't use pfSense
behind an Asterisk service? I've had asterisk running behind Fritz-Box
for years without any trouble. I've seen the cheapest router being
able to handle this like the speedports. I can't believe pfSense is
unable to do this, but it doesn't matter a clear word would solve the
problem for all the time and you do not have to worry again about this
issue.

maybe you guys do better telling those users to change there router?

On Fri, Sep 26, 2014 at 1:33 PM, Chris Bagnall
pfse...@lists.minotaur.cc wrote:

On 26/9/14 12:06 pm, Giles Coochey wrote:

I can think of many reasons, why running a service such as Asterisk, on
an IP address  that you have a temporary lease for (thus only have a
passing relationship with, before it is passed to someone else), would
be pretty bad practice.


I think Giles has put it far better than I did :-)

In short, Asterisk is temperamental with dynamic IPs _in general_, it's not
necessarily specific to pfSense (though I appreciate this bug report relates
specifically to pfSense).

I've seen the same symptoms with Asterisk servers behind Draytek routers,
for example - as with pfSense, it's usually solved with a state table reset.


Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


[pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Hannes Werner
Hello,

I wonder what the reason for not getting
https://redmine.pfsense.org/issues/1629 fixed?

Many gave up waiting for this, but it seems there must be a proper
reason for it. May I ask what the problem is not being able to use
pfSense with Asterisk?

Regards
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Chris Bagnall

On 26/9/14 11:43 am, Hannes Werner wrote:

I wonder what the reason for not getting
https://redmine.pfsense.org/issues/1629 fixed?
Many gave up waiting for this, but it seems there must be a proper
reason for it. May I ask what the problem is not being able to use
pfSense with Asterisk?


Worth mentioning here that many of us are using Asterisk behind pfSense 
without any issue at all.


The triggers for this issue seem to be, specifically:
 - PPPoE WAN interface
 - dynamic WAN IP
 - SIP service provider

We (one of my $dayjobs is a VoIP service provider) have dozens of 
clients using Asterisk with PPPoE WAN without any problem, but they're 
all using static WAN IPs provided by the ISP(s) in question.


Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Hannes Werner
I'm sure more people are with dynamic WAN IPs and facing this problem.
The issue #1629 is showing this clearly. If at least there would be a
report saying we are not going to fix it than all of those could
decide to use or not to use pfsense.

On Fri, Sep 26, 2014 at 12:58 PM, Chris Bagnall
pfse...@lists.minotaur.cc wrote:
 On 26/9/14 11:43 am, Hannes Werner wrote:

 I wonder what the reason for not getting
 https://redmine.pfsense.org/issues/1629 fixed?
 Many gave up waiting for this, but it seems there must be a proper
 reason for it. May I ask what the problem is not being able to use
 pfSense with Asterisk?


 Worth mentioning here that many of us are using Asterisk behind pfSense
 without any issue at all.

 The triggers for this issue seem to be, specifically:
  - PPPoE WAN interface
  - dynamic WAN IP
  - SIP service provider

 We (one of my $dayjobs is a VoIP service provider) have dozens of clients
 using Asterisk with PPPoE WAN without any problem, but they're all using
 static WAN IPs provided by the ISP(s) in question.

 Kind regards,

 Chris
 --
 This email is made from 100% recycled electrons
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Giles Coochey

On 26/09/2014 11:58, Chris Bagnall wrote:


Worth mentioning here that many of us are using Asterisk behind
pfSense without any issue at all.

The triggers for this issue seem to be, specifically:
 - PPPoE WAN interface
 - dynamic WAN IP
 - SIP service provider

We (one of my $dayjobs is a VoIP service provider) have dozens of
clients using Asterisk with PPPoE WAN without any problem, but they're
all using static WAN IPs provided by the ISP(s) in question.

I can think of many reasons, why running a service such as Asterisk, on 
an IP address  that you have a temporary lease for (thus only have a 
passing relationship with, before it is passed to someone else), would 
be pretty bad practice.


The bug itself seems to be a genuine problem, the way the bug is put 
forward doesn't do much for motivating its resolution.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.netsecspec.co.uk
giles.cooc...@netsecspec.co.uk



--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net



smime.p7s
Description: S/MIME Cryptographic Signature
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Chris Bagnall

On 26/9/14 12:06 pm, Giles Coochey wrote:

I can think of many reasons, why running a service such as Asterisk, on
an IP address  that you have a temporary lease for (thus only have a
passing relationship with, before it is passed to someone else), would
be pretty bad practice.


I think Giles has put it far better than I did :-)

In short, Asterisk is temperamental with dynamic IPs _in general_, it's 
not necessarily specific to pfSense (though I appreciate this bug report 
relates specifically to pfSense).


I've seen the same symptoms with Asterisk servers behind Draytek 
routers, for example - as with pfSense, it's usually solved with a state 
table reset.


Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Hannes Werner
are you saying that people with dynamic IP shouldn't use pfSense
behind an Asterisk service? I've had asterisk running behind Fritz-Box
for years without any trouble. I've seen the cheapest router being
able to handle this like the speedports. I can't believe pfSense is
unable to do this, but it doesn't matter a clear word would solve the
problem for all the time and you do not have to worry again about this
issue.

maybe you guys do better telling those users to change there router?

On Fri, Sep 26, 2014 at 1:33 PM, Chris Bagnall
pfse...@lists.minotaur.cc wrote:
 On 26/9/14 12:06 pm, Giles Coochey wrote:

 I can think of many reasons, why running a service such as Asterisk, on
 an IP address  that you have a temporary lease for (thus only have a
 passing relationship with, before it is passed to someone else), would
 be pretty bad practice.


 I think Giles has put it far better than I did :-)

 In short, Asterisk is temperamental with dynamic IPs _in general_, it's not
 necessarily specific to pfSense (though I appreciate this bug report relates
 specifically to pfSense).

 I've seen the same symptoms with Asterisk servers behind Draytek routers,
 for example - as with pfSense, it's usually solved with a state table reset.


 Kind regards,

 Chris
 --
 This email is made from 100% recycled electrons
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Chris Bagnall

On 26/9/14 12:42 pm, Hannes Werner wrote:

are you saying that people with dynamic IP shouldn't use pfSense
behind an Asterisk service?


Firstly - it's not my place to say anything of the sort - I have no 
connection to the pfSense team (apart from as a satisfied user). I 
suspect one of the pfSense devs will reply to this thread at an 
appropriate time.


The point I was trying to make is that this is not exclusively a pfSense 
problem. Asterisk (and SIP in general) is far from perfect when behind a 
frequently changing dynamic IP.


Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Giles Coochey

On 26/09/2014 12:42, Hannes Werner wrote:

are you saying that people with dynamic IP shouldn't use pfSense
behind an Asterisk service? I've had asterisk running behind Fritz-Box
for years without any trouble. I've seen the cheapest router being
able to handle this like the speedports. I can't believe pfSense is
unable to do this, but it doesn't matter a clear word would solve the
problem for all the time and you do not have to worry again about this
issue.

maybe you guys do better telling those users to change there router?


It's not my place, either, to pass comment on what free software you 
should decide to use, I am also none other than a happy end user (with a 
PPPoE service on at least one of my pfsense boxes, but with a static IP).


Doesn't ensuring that you have Gateway monitoring enabled, and then 
ensuring that you have, under System -- Advanced -- Miscelleaneous -- 
State Killing on Gateway Failure enabled provide a workaround 
resolution for you? I'm referring to 
https://redmine.pfsense.org/issues/3181 which is referenced from #1629.


Also it's clear that bug #1629 is pushed out to 2.2, although the latest 
comment is for it to be addressed, or to push it out to 2.3. It's 
probably not good news for you, but it looks like there is a schedule 
for it to be fixed just not very quickly.


Do bear in mind that the original PPP software was designed for 
opportunistic on-demand dial-up connections, and isn't perfectly suited 
for running server side applications on the client end. PPPoE  PPPoA 
built on this, I guess, to allow ISPs to continue to use their RADIUS 
infrastructure for customers authentication as they moved to broadband / 
cable based connections.


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net




smime.p7s
Description: S/MIME Cryptographic Signature
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Hannes Werner
thank you very much Giles, but unfortunately it doesn't help.

anyone here who is using asterisk behind pfSense on a dynamic IP WAN
successfully?

On Fri, Sep 26, 2014 at 2:44 PM, Giles Coochey gi...@coochey.net wrote:
 On 26/09/2014 12:42, Hannes Werner wrote:

 are you saying that people with dynamic IP shouldn't use pfSense
 behind an Asterisk service? I've had asterisk running behind Fritz-Box
 for years without any trouble. I've seen the cheapest router being
 able to handle this like the speedports. I can't believe pfSense is
 unable to do this, but it doesn't matter a clear word would solve the
 problem for all the time and you do not have to worry again about this
 issue.

 maybe you guys do better telling those users to change there router?


 It's not my place, either, to pass comment on what free software you should
 decide to use, I am also none other than a happy end user (with a PPPoE
 service on at least one of my pfsense boxes, but with a static IP).

 Doesn't ensuring that you have Gateway monitoring enabled, and then ensuring
 that you have, under System -- Advanced -- Miscelleaneous -- State
 Killing on Gateway Failure enabled provide a workaround resolution for you?
 I'm referring to https://redmine.pfsense.org/issues/3181 which is referenced
 from #1629.

 Also it's clear that bug #1629 is pushed out to 2.2, although the latest
 comment is for it to be addressed, or to push it out to 2.3. It's probably
 not good news for you, but it looks like there is a schedule for it to be
 fixed just not very quickly.

 Do bear in mind that the original PPP software was designed for
 opportunistic on-demand dial-up connections, and isn't perfectly suited for
 running server side applications on the client end. PPPoE  PPPoA built on
 this, I guess, to allow ISPs to continue to use their RADIUS infrastructure
 for customers authentication as they moved to broadband / cable based
 connections.


 --
 Regards,

 Giles Coochey, CCNP, CCNA, CCNAS
 NetSecSpec Ltd
 +44 (0) 8444 780677
 +44 (0) 7584 634135
 http://www.coochey.net
 http://www.netsecspec.co.uk
 gi...@coochey.net



 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Odette Nsaka
Not too much related, but I am.

I'm using a multi-wan connection to different ISP who give me dynamic IP 
address. I set up the Internet connection via a couple of different routers, 
one for each ISP.

The difference in my configuration is that the routers connect to the ISP via 
PPPoA and PF is connected to the routers via regular IP local subnet 
connection (no PPPoE/PPPoA on PF).

This way everything works fine, asterisk on the LAN side of PF too, even when 
one or both of the public IPs are changed.

In case of failure of one (or the other) of the ISP connections, asterisk 
connects with no problem to the VoIP provider, no matter on which is the 
active or preferred gateway.

O.

-- 

On Sept. 26th 2014 15:51:37, Hannes Werner wrote:
 thank you very much Giles, but unfortunately it doesn't help.
 
 anyone here who is using asterisk behind pfSense on a dynamic IP WAN
 successfully?
 
 On Fri, Sep 26, 2014 at 2:44 PM, Giles Coochey gi...@coochey.net wrote:
  On 26/09/2014 12:42, Hannes Werner wrote:
  are you saying that people with dynamic IP shouldn't use pfSense
  behind an Asterisk service? I've had asterisk running behind Fritz-Box
  for years without any trouble. I've seen the cheapest router being
  able to handle this like the speedports. I can't believe pfSense is
  unable to do this, but it doesn't matter a clear word would solve the
  problem for all the time and you do not have to worry again about this
  issue.
  
  maybe you guys do better telling those users to change there router?
  
  It's not my place, either, to pass comment on what free software you
  should
  decide to use, I am also none other than a happy end user (with a PPPoE
  service on at least one of my pfsense boxes, but with a static IP).
  
  Doesn't ensuring that you have Gateway monitoring enabled, and then
  ensuring that you have, under System -- Advanced -- Miscelleaneous --
  State Killing on Gateway Failure enabled provide a workaround
  resolution for you? I'm referring to
  https://redmine.pfsense.org/issues/3181 which is referenced from #1629.
  
  Also it's clear that bug #1629 is pushed out to 2.2, although the latest
  comment is for it to be addressed, or to push it out to 2.3. It's probably
  not good news for you, but it looks like there is a schedule for it to be
  fixed just not very quickly.
  
  Do bear in mind that the original PPP software was designed for
  opportunistic on-demand dial-up connections, and isn't perfectly suited
  for
  running server side applications on the client end. PPPoE  PPPoA built on
  this, I guess, to allow ISPs to continue to use their RADIUS
  infrastructure
  for customers authentication as they moved to broadband / cable based
  connections.
  
  
  --
  Regards,
  
  Giles Coochey, CCNP, CCNA, CCNAS
  NetSecSpec Ltd
  +44 (0) 8444 780677
  +44 (0) 7584 634135
  http://www.coochey.net
  http://www.netsecspec.co.uk
  gi...@coochey.net
  
  
  
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Vassilis V.


Hannes Werner wrote on 26.09.2014 16:51:
 thank you very much Giles, but unfortunately it doesn't help.
 
 anyone here who is using asterisk behind pfSense on a dynamic IP WAN
 successfully?
 

Hello Hannes!

I have also used asterisk behind a dynamic PPPoE WAN. I had the exact
same issues that the bug report is describing.

I tried different ways to get it to work and I found that some solutions
work with some providers, but fail at others. There seems to be alot of
black magic involved when configuring SIP to work in such a configuration :)

What worked best was to set nat=no and externip=the local asterisk IP.
I had also not done any port forwards whatsoever on pfsense,  outgoing
NAT was set to automatic.

I certainly cannot explain why it was working that way!


Hope it helps!
Vassilis
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Odette Nsaka
In the different environments where I use PF I'm using different appliances 
acting as modem/routers.
In most cases I use those supplied by the ISP.
In other cases I use some other low-medium level modem/routers.
As an example some are Tp-link TD-W8968.
All these modem/routers connect:
- to the ISP on the phone line over ADSL and PPPoE/PPPoA
- to the pfSense WAN port via Ethernet port

They are just enough to act as
- ADSL2+ modem on the 20 mbit/sec ADSL lines
- inbound NATP towards the PF WAN IP.

pfSense act as routing firewalls, sometimes as VPN endpoints, never as 
ADSL modem.

O.
-- 

In data venerdì 26 settembre 2014 20:00:59, Hannes Werner ha scritto:
 Thank you very much Odette,
 
 what type of router do you use? Those who are doing the PPPoA? So you
 use  pfSense as a strict Firewall?
 
 On Fri, Sep 26, 2014 at 4:35 PM, Odette Nsaka 
odette.ns...@libero.it wrote:
  Not too much related, but I am.
  
  I'm using a multi-wan connection to different ISP who give me dynamic 
IP
  address. I set up the Internet connection via a couple of different
  routers, one for each ISP.
  
  The difference in my configuration is that the routers connect to the 
ISP
  via PPPoA and PF is connected to the routers via regular IP local 
subnet
  connection (no PPPoE/PPPoA on PF).
  
  This way everything works fine, asterisk on the LAN side of PF too, 
even
  when one or both of the public IPs are changed.
  
  In case of failure of one (or the other) of the ISP connections, asterisk
  connects with no problem to the VoIP provider, no matter on which is 
the
  active or preferred gateway.
  
  O.
  
  --
  
  On Sept. 26th 2014 15:51:37, Hannes Werner wrote:
  thank you very much Giles, but unfortunately it doesn't help.
  
  anyone here who is using asterisk behind pfSense on a dynamic IP 
WAN
  successfully?
  
  On Fri, Sep 26, 2014 at 2:44 PM, Giles Coochey gi...@coochey.net 
wrote:
   On 26/09/2014 12:42, Hannes Werner wrote:
   are you saying that people with dynamic IP shouldn't use 
pfSense
   behind an Asterisk service? I've had asterisk running behind Fritz-
Box
   for years without any trouble. I've seen the cheapest router 
being
   able to handle this like the speedports. I can't believe pfSense is
   unable to do this, but it doesn't matter a clear word would solve 
the
   problem for all the time and you do not have to worry again 
about this
   issue.
   
   maybe you guys do better telling those users to change there 
router?
   
   It's not my place, either, to pass comment on what free software 
you
   should
   decide to use, I am also none other than a happy end user (with a 
PPPoE
   service on at least one of my pfsense boxes, but with a static IP).
   
   Doesn't ensuring that you have Gateway monitoring enabled, and 
then
   ensuring that you have, under System -- Advanced -- 
Miscelleaneous
   --
   State Killing on Gateway Failure enabled provide a workaround
   resolution for you? I'm referring to
   https://redmine.pfsense.org/issues/3181 which is referenced from 
#1629.
   
   Also it's clear that bug #1629 is pushed out to 2.2, although the
   latest
   comment is for it to be addressed, or to push it out to 2.3. It's
   probably
   not good news for you, but it looks like there is a schedule for it to
   be
   fixed just not very quickly.
   
   Do bear in mind that the original PPP software was designed for
   opportunistic on-demand dial-up connections, and isn't perfectly 
suited
   for
   running server side applications on the client end. PPPoE  PPPoA 
built
   on
   this, I guess, to allow ISPs to continue to use their RADIUS
   infrastructure
   for customers authentication as they moved to broadband / cable 
based
   connections.
   
   
   --
   Regards,
   
   Giles Coochey, CCNP, CCNA, CCNAS
   NetSecSpec Ltd
   +44 (0) 8444 780677
   +44 (0) 7584 634135
   http://www.coochey.net
   http://www.netsecspec.co.uk
   gi...@coochey.net
   
   
   
   ___
   List mailing list
   List@lists.pfsense.org___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-26 Thread Hannes Werner
Thanks Vassilis,

I've these settings already - without any success.

On Fri, Sep 26, 2014 at 9:03 PM, Vassilis V. bigracc...@gmx.net wrote:


 Hannes Werner wrote on 26.09.2014 16:51:
 thank you very much Giles, but unfortunately it doesn't help.

 anyone here who is using asterisk behind pfSense on a dynamic IP WAN
 successfully?


 Hello Hannes!

 I have also used asterisk behind a dynamic PPPoE WAN. I had the exact
 same issues that the bug report is describing.

 I tried different ways to get it to work and I found that some solutions
 work with some providers, but fail at others. There seems to be alot of
 black magic involved when configuring SIP to work in such a configuration :)

 What worked best was to set nat=no and externip=the local asterisk IP.
 I had also not done any port forwards whatsoever on pfsense,  outgoing
 NAT was set to automatic.

 I certainly cannot explain why it was working that way!


 Hope it helps!
 Vassilis
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list