Re: [pfSense] States Issue with Asterisk behind pfSense
I would like to repeat Vassilis questions: Has this been implemented? Could this be implemented? Do the pfsense dev's need some more info? Can we help with testing? On Sat, Sep 27, 2014 at 1:02 PM, Vassilis V. bigracc...@gmx.net wrote: ADSL over PPPoE with constant changing IPs is the standard in some countries, we do not have such connections because we chose them and we like the challenge.. Reading again the whole bug report, there seems to be alot of people affected by this and Tom De Coninck has made alot of effort to figure out what might be the issue. In the last post of Tom, he comes to a very exact conclusion: I think this proves that pfsense not only needs to kill states on 'WAN DOWN' , but also on 'WAN UP'. I can't see how it could work otherwise Has this been implemented? Could this be implemented? Do the pfsense dev's need some more info? Can we help with testing? Vassilis Hannes Werner wrote on 26.09.2014 22:53: Thanks Vassilis, I've these settings already - without any success. On Fri, Sep 26, 2014 at 9:03 PM, Vassilis V. bigracc...@gmx.net wrote: Hannes Werner wrote on 26.09.2014 16:51: thank you very much Giles, but unfortunately it doesn't help. anyone here who is using asterisk behind pfSense on a dynamic IP WAN successfully? Hello Hannes! I have also used asterisk behind a dynamic PPPoE WAN. I had the exact same issues that the bug report is describing. I tried different ways to get it to work and I found that some solutions work with some providers, but fail at others. There seems to be alot of black magic involved when configuring SIP to work in such a configuration :) What worked best was to set nat=no and externip=the local asterisk IP. I had also not done any port forwards whatsoever on pfsense, outgoing NAT was set to automatic. I certainly cannot explain why it was working that way! Hope it helps! Vassilis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
If this is to be implemented it should be a tick box on each interfance. Dropping all states if you want to move a cable/reroute it is not a good idea. This needs to be user controllable or only affect interface if is_interface_type=pppoe. Just my 2 cents. -lsf 28. sep. 2014 19:19 skrev Hannes Werner jgoe...@gmail.com følgende: I would like to repeat Vassilis questions: Has this been implemented? Could this be implemented? Do the pfsense dev's need some more info? Can we help with testing? On Sat, Sep 27, 2014 at 1:02 PM, Vassilis V. bigracc...@gmx.net wrote: ADSL over PPPoE with constant changing IPs is the standard in some countries, we do not have such connections because we chose them and we like the challenge.. Reading again the whole bug report, there seems to be alot of people affected by this and Tom De Coninck has made alot of effort to figure out what might be the issue. In the last post of Tom, he comes to a very exact conclusion: I think this proves that pfsense not only needs to kill states on 'WAN DOWN' , but also on 'WAN UP'. I can't see how it could work otherwise Has this been implemented? Could this be implemented? Do the pfsense dev's need some more info? Can we help with testing? Vassilis Hannes Werner wrote on 26.09.2014 22:53: Thanks Vassilis, I've these settings already - without any success. On Fri, Sep 26, 2014 at 9:03 PM, Vassilis V. bigracc...@gmx.net wrote: Hannes Werner wrote on 26.09.2014 16:51: thank you very much Giles, but unfortunately it doesn't help. anyone here who is using asterisk behind pfSense on a dynamic IP WAN successfully? Hello Hannes! I have also used asterisk behind a dynamic PPPoE WAN. I had the exact same issues that the bug report is describing. I tried different ways to get it to work and I found that some solutions work with some providers, but fail at others. There seems to be alot of black magic involved when configuring SIP to work in such a configuration :) What worked best was to set nat=no and externip=the local asterisk IP. I had also not done any port forwards whatsoever on pfsense, outgoing NAT was set to automatic. I certainly cannot explain why it was working that way! Hope it helps! Vassilis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
Hi Guy's, Anyone care to test if this fixes the issue? I dont have a pppoe myself , but do think everyone with a changing wan ip is affected by old udp states that stay alive long after a outbound natted ip has changed.. I think there is no danger in dropping all states that use that specific old ip, as it nolonger is used by pfSense and you wouldnt know where might exist now.. Place the code below in the file /etc/rc.newwanip at the bottom of the file just before the ? -- if (is_ipaddr($oldip) $curwanip != $oldip) { /* Reset states that are using the wan-ip, for example outbound natted udp traffic would otherwise stay natted using the old wan-ip */ mwexec_bg(/sbin/pfctl -k $oldip); } -- Please report back if this fixes the issue, or if any unwanted side-effects occur.. Ive send a pull-request for pfSense 2.2 containing this change: https://github.com/pfsense/pfsense/pull/1299/files p.s. im not a 'pfSense dev' , just a user and contributer.. use it at your own risk ;).. Greets PiBa-NL Espen Johansen schreef op 28-9-2014 19:26: If this is to be implemented it should be a tick box on each interfance. Dropping all states if you want to move a cable/reroute it is not a good idea. This needs to be user controllable or only affect interface if is_interface_type=pppoe. Just my 2 cents. -lsf 28. sep. 2014 19:19 skrev Hannes Werner jgoe...@gmail.com mailto:jgoe...@gmail.com følgende: I would like to repeat Vassilis questions: Has this been implemented? Could this be implemented? Do the pfsense dev's need some more info? Can we help with testing? On Sat, Sep 27, 2014 at 1:02 PM, Vassilis V. bigracc...@gmx.net mailto:bigracc...@gmx.net wrote: ADSL over PPPoE with constant changing IPs is the standard in some countries, we do not have such connections because we chose them and we like the challenge.. Reading again the whole bug report, there seems to be alot of people affected by this and Tom De Coninck has made alot of effort to figure out what might be the issue. In the last post of Tom, he comes to a very exact conclusion: I think this proves that pfsense not only needs to kill states on 'WAN DOWN' , but also on 'WAN UP'. I can't see how it could work otherwise Has this been implemented? Could this be implemented? Do the pfsense dev's need some more info? Can we help with testing? Vassilis Hannes Werner wrote on 26.09.2014 22 tel:26.09.2014%2022:53: Thanks Vassilis, I've these settings already - without any success. On Fri, Sep 26, 2014 at 9:03 PM, Vassilis V. bigracc...@gmx.net mailto:bigracc...@gmx.net wrote: Hannes Werner wrote on 26.09.2014 16 tel:26.09.2014%2016:51: thank you very much Giles, but unfortunately it doesn't help. anyone here who is using asterisk behind pfSense on a dynamic IP WAN successfully? Hello Hannes! I have also used asterisk behind a dynamic PPPoE WAN. I had the exact same issues that the bug report is describing. I tried different ways to get it to work and I found that some solutions work with some providers, but fail at others. There seems to be alot of black magic involved when configuring SIP to work in such a configuration :) What worked best was to set nat=no and externip=the local asterisk IP. I had also not done any port forwards whatsoever on pfsense, outgoing NAT was set to automatic. I certainly cannot explain why it was working that way! Hope it helps! Vassilis ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
First off, let me point out that I am a user, not a developer. Secondly you may want to tone down the attitude. Since many of the developers volunteer, they won't bother taking on a bug that is a) limited in scope b) having someone pester them about. that being said, the bug is NOT exclusive to pfsense. While pfsense may be able to implement some workarounds, this is ultimately an asterisks issue. You may have more luck asking the asterisks community to fix it. Yes, it works on some routers, but from what I was able to find the bug is very narrow in scope, such as what someone already replied : The triggers for this issue seem to be, specifically: - PPPoE WAN interface - dynamic WAN IP - SIP service provider Not having a PPoE WAN would fix this too. As for the idea of asterisks on a dynamic address; the idea of having many services hosted on a dynamic address is generally discouraged because of the extra complexity and lack of reliability that comes with it. This is not specifically about asterisks. Now, back to the bug. From what I have read, this seems to be an issue with the states table, which probably means that the WAN address is changing and the states are not being update. I'm not sure why your ISP would be changing your IP all the time. Most simply give you one when you connect and you keep it until you are no longer connected. Without knowing the exact problem, it would probably involve clearing the state table every time the address changes and that may have other considerations. On 9/26/2014 7:42 AM, Hannes Werner wrote: are you saying that people with dynamic IP shouldn't use pfSense behind an Asterisk service? I've had asterisk running behind Fritz-Box for years without any trouble. I've seen the cheapest router being able to handle this like the speedports. I can't believe pfSense is unable to do this, but it doesn't matter a clear word would solve the problem for all the time and you do not have to worry again about this issue. maybe you guys do better telling those users to change there router? On Fri, Sep 26, 2014 at 1:33 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 26/9/14 12:06 pm, Giles Coochey wrote: I can think of many reasons, why running a service such as Asterisk, on an IP address that you have a temporary lease for (thus only have a passing relationship with, before it is passed to someone else), would be pretty bad practice. I think Giles has put it far better than I did :-) In short, Asterisk is temperamental with dynamic IPs _in general_, it's not necessarily specific to pfSense (though I appreciate this bug report relates specifically to pfSense). I've seen the same symptoms with Asterisk servers behind Draytek routers, for example - as with pfSense, it's usually solved with a state table reset. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
On 26/9/14 11:43 am, Hannes Werner wrote: I wonder what the reason for not getting https://redmine.pfsense.org/issues/1629 fixed? Many gave up waiting for this, but it seems there must be a proper reason for it. May I ask what the problem is not being able to use pfSense with Asterisk? Worth mentioning here that many of us are using Asterisk behind pfSense without any issue at all. The triggers for this issue seem to be, specifically: - PPPoE WAN interface - dynamic WAN IP - SIP service provider We (one of my $dayjobs is a VoIP service provider) have dozens of clients using Asterisk with PPPoE WAN without any problem, but they're all using static WAN IPs provided by the ISP(s) in question. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
I'm sure more people are with dynamic WAN IPs and facing this problem. The issue #1629 is showing this clearly. If at least there would be a report saying we are not going to fix it than all of those could decide to use or not to use pfsense. On Fri, Sep 26, 2014 at 12:58 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 26/9/14 11:43 am, Hannes Werner wrote: I wonder what the reason for not getting https://redmine.pfsense.org/issues/1629 fixed? Many gave up waiting for this, but it seems there must be a proper reason for it. May I ask what the problem is not being able to use pfSense with Asterisk? Worth mentioning here that many of us are using Asterisk behind pfSense without any issue at all. The triggers for this issue seem to be, specifically: - PPPoE WAN interface - dynamic WAN IP - SIP service provider We (one of my $dayjobs is a VoIP service provider) have dozens of clients using Asterisk with PPPoE WAN without any problem, but they're all using static WAN IPs provided by the ISP(s) in question. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
On 26/09/2014 11:58, Chris Bagnall wrote: Worth mentioning here that many of us are using Asterisk behind pfSense without any issue at all. The triggers for this issue seem to be, specifically: - PPPoE WAN interface - dynamic WAN IP - SIP service provider We (one of my $dayjobs is a VoIP service provider) have dozens of clients using Asterisk with PPPoE WAN without any problem, but they're all using static WAN IPs provided by the ISP(s) in question. I can think of many reasons, why running a service such as Asterisk, on an IP address that you have a temporary lease for (thus only have a passing relationship with, before it is passed to someone else), would be pretty bad practice. The bug itself seems to be a genuine problem, the way the bug is put forward doesn't do much for motivating its resolution. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.netsecspec.co.uk giles.cooc...@netsecspec.co.uk -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net smime.p7s Description: S/MIME Cryptographic Signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
On 26/9/14 12:06 pm, Giles Coochey wrote: I can think of many reasons, why running a service such as Asterisk, on an IP address that you have a temporary lease for (thus only have a passing relationship with, before it is passed to someone else), would be pretty bad practice. I think Giles has put it far better than I did :-) In short, Asterisk is temperamental with dynamic IPs _in general_, it's not necessarily specific to pfSense (though I appreciate this bug report relates specifically to pfSense). I've seen the same symptoms with Asterisk servers behind Draytek routers, for example - as with pfSense, it's usually solved with a state table reset. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
are you saying that people with dynamic IP shouldn't use pfSense behind an Asterisk service? I've had asterisk running behind Fritz-Box for years without any trouble. I've seen the cheapest router being able to handle this like the speedports. I can't believe pfSense is unable to do this, but it doesn't matter a clear word would solve the problem for all the time and you do not have to worry again about this issue. maybe you guys do better telling those users to change there router? On Fri, Sep 26, 2014 at 1:33 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 26/9/14 12:06 pm, Giles Coochey wrote: I can think of many reasons, why running a service such as Asterisk, on an IP address that you have a temporary lease for (thus only have a passing relationship with, before it is passed to someone else), would be pretty bad practice. I think Giles has put it far better than I did :-) In short, Asterisk is temperamental with dynamic IPs _in general_, it's not necessarily specific to pfSense (though I appreciate this bug report relates specifically to pfSense). I've seen the same symptoms with Asterisk servers behind Draytek routers, for example - as with pfSense, it's usually solved with a state table reset. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
On 26/9/14 12:42 pm, Hannes Werner wrote: are you saying that people with dynamic IP shouldn't use pfSense behind an Asterisk service? Firstly - it's not my place to say anything of the sort - I have no connection to the pfSense team (apart from as a satisfied user). I suspect one of the pfSense devs will reply to this thread at an appropriate time. The point I was trying to make is that this is not exclusively a pfSense problem. Asterisk (and SIP in general) is far from perfect when behind a frequently changing dynamic IP. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
On 26/09/2014 12:42, Hannes Werner wrote: are you saying that people with dynamic IP shouldn't use pfSense behind an Asterisk service? I've had asterisk running behind Fritz-Box for years without any trouble. I've seen the cheapest router being able to handle this like the speedports. I can't believe pfSense is unable to do this, but it doesn't matter a clear word would solve the problem for all the time and you do not have to worry again about this issue. maybe you guys do better telling those users to change there router? It's not my place, either, to pass comment on what free software you should decide to use, I am also none other than a happy end user (with a PPPoE service on at least one of my pfsense boxes, but with a static IP). Doesn't ensuring that you have Gateway monitoring enabled, and then ensuring that you have, under System -- Advanced -- Miscelleaneous -- State Killing on Gateway Failure enabled provide a workaround resolution for you? I'm referring to https://redmine.pfsense.org/issues/3181 which is referenced from #1629. Also it's clear that bug #1629 is pushed out to 2.2, although the latest comment is for it to be addressed, or to push it out to 2.3. It's probably not good news for you, but it looks like there is a schedule for it to be fixed just not very quickly. Do bear in mind that the original PPP software was designed for opportunistic on-demand dial-up connections, and isn't perfectly suited for running server side applications on the client end. PPPoE PPPoA built on this, I guess, to allow ISPs to continue to use their RADIUS infrastructure for customers authentication as they moved to broadband / cable based connections. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net smime.p7s Description: S/MIME Cryptographic Signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
thank you very much Giles, but unfortunately it doesn't help. anyone here who is using asterisk behind pfSense on a dynamic IP WAN successfully? On Fri, Sep 26, 2014 at 2:44 PM, Giles Coochey gi...@coochey.net wrote: On 26/09/2014 12:42, Hannes Werner wrote: are you saying that people with dynamic IP shouldn't use pfSense behind an Asterisk service? I've had asterisk running behind Fritz-Box for years without any trouble. I've seen the cheapest router being able to handle this like the speedports. I can't believe pfSense is unable to do this, but it doesn't matter a clear word would solve the problem for all the time and you do not have to worry again about this issue. maybe you guys do better telling those users to change there router? It's not my place, either, to pass comment on what free software you should decide to use, I am also none other than a happy end user (with a PPPoE service on at least one of my pfsense boxes, but with a static IP). Doesn't ensuring that you have Gateway monitoring enabled, and then ensuring that you have, under System -- Advanced -- Miscelleaneous -- State Killing on Gateway Failure enabled provide a workaround resolution for you? I'm referring to https://redmine.pfsense.org/issues/3181 which is referenced from #1629. Also it's clear that bug #1629 is pushed out to 2.2, although the latest comment is for it to be addressed, or to push it out to 2.3. It's probably not good news for you, but it looks like there is a schedule for it to be fixed just not very quickly. Do bear in mind that the original PPP software was designed for opportunistic on-demand dial-up connections, and isn't perfectly suited for running server side applications on the client end. PPPoE PPPoA built on this, I guess, to allow ISPs to continue to use their RADIUS infrastructure for customers authentication as they moved to broadband / cable based connections. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
Not too much related, but I am. I'm using a multi-wan connection to different ISP who give me dynamic IP address. I set up the Internet connection via a couple of different routers, one for each ISP. The difference in my configuration is that the routers connect to the ISP via PPPoA and PF is connected to the routers via regular IP local subnet connection (no PPPoE/PPPoA on PF). This way everything works fine, asterisk on the LAN side of PF too, even when one or both of the public IPs are changed. In case of failure of one (or the other) of the ISP connections, asterisk connects with no problem to the VoIP provider, no matter on which is the active or preferred gateway. O. -- On Sept. 26th 2014 15:51:37, Hannes Werner wrote: thank you very much Giles, but unfortunately it doesn't help. anyone here who is using asterisk behind pfSense on a dynamic IP WAN successfully? On Fri, Sep 26, 2014 at 2:44 PM, Giles Coochey gi...@coochey.net wrote: On 26/09/2014 12:42, Hannes Werner wrote: are you saying that people with dynamic IP shouldn't use pfSense behind an Asterisk service? I've had asterisk running behind Fritz-Box for years without any trouble. I've seen the cheapest router being able to handle this like the speedports. I can't believe pfSense is unable to do this, but it doesn't matter a clear word would solve the problem for all the time and you do not have to worry again about this issue. maybe you guys do better telling those users to change there router? It's not my place, either, to pass comment on what free software you should decide to use, I am also none other than a happy end user (with a PPPoE service on at least one of my pfsense boxes, but with a static IP). Doesn't ensuring that you have Gateway monitoring enabled, and then ensuring that you have, under System -- Advanced -- Miscelleaneous -- State Killing on Gateway Failure enabled provide a workaround resolution for you? I'm referring to https://redmine.pfsense.org/issues/3181 which is referenced from #1629. Also it's clear that bug #1629 is pushed out to 2.2, although the latest comment is for it to be addressed, or to push it out to 2.3. It's probably not good news for you, but it looks like there is a schedule for it to be fixed just not very quickly. Do bear in mind that the original PPP software was designed for opportunistic on-demand dial-up connections, and isn't perfectly suited for running server side applications on the client end. PPPoE PPPoA built on this, I guess, to allow ISPs to continue to use their RADIUS infrastructure for customers authentication as they moved to broadband / cable based connections. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
Hannes Werner wrote on 26.09.2014 16:51: thank you very much Giles, but unfortunately it doesn't help. anyone here who is using asterisk behind pfSense on a dynamic IP WAN successfully? Hello Hannes! I have also used asterisk behind a dynamic PPPoE WAN. I had the exact same issues that the bug report is describing. I tried different ways to get it to work and I found that some solutions work with some providers, but fail at others. There seems to be alot of black magic involved when configuring SIP to work in such a configuration :) What worked best was to set nat=no and externip=the local asterisk IP. I had also not done any port forwards whatsoever on pfsense, outgoing NAT was set to automatic. I certainly cannot explain why it was working that way! Hope it helps! Vassilis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
In the different environments where I use PF I'm using different appliances acting as modem/routers. In most cases I use those supplied by the ISP. In other cases I use some other low-medium level modem/routers. As an example some are Tp-link TD-W8968. All these modem/routers connect: - to the ISP on the phone line over ADSL and PPPoE/PPPoA - to the pfSense WAN port via Ethernet port They are just enough to act as - ADSL2+ modem on the 20 mbit/sec ADSL lines - inbound NATP towards the PF WAN IP. pfSense act as routing firewalls, sometimes as VPN endpoints, never as ADSL modem. O. -- In data venerdì 26 settembre 2014 20:00:59, Hannes Werner ha scritto: Thank you very much Odette, what type of router do you use? Those who are doing the PPPoA? So you use pfSense as a strict Firewall? On Fri, Sep 26, 2014 at 4:35 PM, Odette Nsaka odette.ns...@libero.it wrote: Not too much related, but I am. I'm using a multi-wan connection to different ISP who give me dynamic IP address. I set up the Internet connection via a couple of different routers, one for each ISP. The difference in my configuration is that the routers connect to the ISP via PPPoA and PF is connected to the routers via regular IP local subnet connection (no PPPoE/PPPoA on PF). This way everything works fine, asterisk on the LAN side of PF too, even when one or both of the public IPs are changed. In case of failure of one (or the other) of the ISP connections, asterisk connects with no problem to the VoIP provider, no matter on which is the active or preferred gateway. O. -- On Sept. 26th 2014 15:51:37, Hannes Werner wrote: thank you very much Giles, but unfortunately it doesn't help. anyone here who is using asterisk behind pfSense on a dynamic IP WAN successfully? On Fri, Sep 26, 2014 at 2:44 PM, Giles Coochey gi...@coochey.net wrote: On 26/09/2014 12:42, Hannes Werner wrote: are you saying that people with dynamic IP shouldn't use pfSense behind an Asterisk service? I've had asterisk running behind Fritz- Box for years without any trouble. I've seen the cheapest router being able to handle this like the speedports. I can't believe pfSense is unable to do this, but it doesn't matter a clear word would solve the problem for all the time and you do not have to worry again about this issue. maybe you guys do better telling those users to change there router? It's not my place, either, to pass comment on what free software you should decide to use, I am also none other than a happy end user (with a PPPoE service on at least one of my pfsense boxes, but with a static IP). Doesn't ensuring that you have Gateway monitoring enabled, and then ensuring that you have, under System -- Advanced -- Miscelleaneous -- State Killing on Gateway Failure enabled provide a workaround resolution for you? I'm referring to https://redmine.pfsense.org/issues/3181 which is referenced from #1629. Also it's clear that bug #1629 is pushed out to 2.2, although the latest comment is for it to be addressed, or to push it out to 2.3. It's probably not good news for you, but it looks like there is a schedule for it to be fixed just not very quickly. Do bear in mind that the original PPP software was designed for opportunistic on-demand dial-up connections, and isn't perfectly suited for running server side applications on the client end. PPPoE PPPoA built on this, I guess, to allow ISPs to continue to use their RADIUS infrastructure for customers authentication as they moved to broadband / cable based connections. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ List mailing list List@lists.pfsense.org___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] States Issue with Asterisk behind pfSense
Thanks Vassilis, I've these settings already - without any success. On Fri, Sep 26, 2014 at 9:03 PM, Vassilis V. bigracc...@gmx.net wrote: Hannes Werner wrote on 26.09.2014 16:51: thank you very much Giles, but unfortunately it doesn't help. anyone here who is using asterisk behind pfSense on a dynamic IP WAN successfully? Hello Hannes! I have also used asterisk behind a dynamic PPPoE WAN. I had the exact same issues that the bug report is describing. I tried different ways to get it to work and I found that some solutions work with some providers, but fail at others. There seems to be alot of black magic involved when configuring SIP to work in such a configuration :) What worked best was to set nat=no and externip=the local asterisk IP. I had also not done any port forwards whatsoever on pfsense, outgoing NAT was set to automatic. I certainly cannot explain why it was working that way! Hope it helps! Vassilis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list