On Tue, Nov 10, 2009 at 11:41 AM, [email protected] <[email protected]>wrote:
> After testing yesterday, everything went well consistently, to the point > where I decided > to rebuild the sbc servers into pfsense servers instead. > > I then had both setups working until both stopped working. I suspect too > many firewalls, > too many gateways, routes etc. I turned off the hardware of the previous > build that was > working, got all my weird routes setup, made the pfsense changes using > Tony's config file, > did some fine tuning and we're up again. Took a while for the arp cache > stuff to clear > across a number of switches I guess because things were weird at first but > eventually > settled. > > So now I have one firewall->sipx setup on one wan but need the second one > as well. I need > to set up the second wan set up but since sipx needs to have a NAT IP, not > sure how this > is going to work. > Specifying priority in your DNS SRV records can do a lot: pfsense1=priortity 10 pfsense2=priority 20 or maybe both at priority 1 and see if the registrations balance. There's been a lot of talk on how to do this kind of thing on the list lately. Your two sipx installs perhaps need to be in HA so that if one fails, it will continue to allow registrations and calls. > > Scott says; > >Ultimately, it's a tradeoff. You can buy something that claims to > >police the boundary, but that just shifts the first point of attack to > >the new thing - it's still software and it's still got potential holes. > > Darn good point, very true. The difference even in the above is that a > proprietary piece > of hardware means you're waiting on that manufacturer to fix things while > using an open > source package and good hardware to run it on means that you're dependent > on the open > source community working on that. Perhaps when I have unlimited bucks, I > won't care but > right now, I trust that the open source community would catch problems way > before a > manufacturer would. Well, perhaps a little before at least :). > > A little problem I'm seeing is that when someone registers, then > disconnects, even shut > their laptop down, their connection remains in the pfsense state list. I'm > not sure if > this is coming from sipx or if it is something I need to change on pfsense? > > I think because the initial registration time needs to expire. Even though it might register upon startup and deregister when shutdown on the PC, the "state" has a ttl (time to live) involved that has not expired at the firewall. I don't think it should matter. > An annoying thing is the number of In/Out listings on pfsense, it's hard to > monitor > individual connections because there's too much info. It sure would be nice > to have some > nice gui view of live connections. > > So far so good. > > > Mike > > > _______________________________________________ > sipx-users mailing list [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users > sipXecs IP PBX -- http://www.sipfoundry.org/ >
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
