(if it were me, and its not, I would do this... http://blog.simpa.ba/2009/05/pfsense-on-virtualbox/
<http://blog.simpa.ba/2009/05/pfsense-on-virtualbox/>and do pfsense as one install on virtual box and forego iptables, since pfsense has openvpn, ipsec and pptp too). On Thu, Jul 8, 2010 at 10:32 AM, Tony Graziano <[email protected] > wrote: > on the vpn calls, are you using the internal ip address of the pc to > register or the vpn address? What happens when you have the softphone use > the VPN ip address? When the vpn softphone registers does it show NAT or > NONAT in the registration? > > On Thu, Jul 8, 2010 at 4:21 AM, [email protected] <[email protected]>wrote: > >> Hi, >> >> we have installed as you already know sipxecs behind NAT on a virtual >> box guest machine. You can see my expalation for our topology here in my >> previous topic: >> >> http://forum.sipfoundry.org/index.php?t=msg&th=13717&start=0&S=60af1c90c584a680911ac1565d16b0ea >> >> Now we have problem with one way audio on outgoing calls and a strange >> issue related with outgoing calls when we call via VPN network. >> >> In the link above you will see that Tony Graziano sent to me a link with >> a diagram that is very useful. >> >> I think that our problem is that RTP ports used in both legs are >> different and probably this is an issue with iptables rules, but i'm i >> would like someone to confirm me this that ports are different and if is >> possible to help me to solve this problem. >> >> What i see in trace is that when the invite is sent to sipXproxy the >> audio port is one (30000), but in INVITE request from sipXproxy to >> sipxbridge is on different port ( 30248 ). Is that normal? >> >> In traces i see also that when the user that do the call receive "183 >> Session In Progress" then audio port is also different ( 30498 ). I >> suppose this is also wrong. Can you confirm this? >> >> >> I attached also the iptables rules that i use right now. I followed Tony >> Graziano rules from his posts in my previous thread and also followed >> this article too: >> >> >> http://sipx-wiki.calivia.com/index.php/SipXbridge_Overview_and_Configuration#Firewall.2FNAT_Configuration >> >> The other problem that we experience is related with calls from VPN >> network. >> >> In trace that i have attached you can see on frame 23 that ACK package >> is sent to user's public IP address, not to the VPN address. Also in >> frame 23 is added a new VIA line that is wrong and this totally mess up >> the cominucation between sipx and user ( using vpn ): >> Via: SIP/2.0/UDP >> 192.168.0.23:30256 >> ;branch=z9hG4bK-d8754z-8375c91b95668768-1---d8754z-;rport >> Contact: <sip:[email protected]:30256> >> >> So what can be the reason for this and how to solve this problem? >> >> >> P.S. We have these DNS records set: >> >> ; SIP >> @ IN NAPTR 10 0 "s" "SIPS+D2T" "" _sips._tcp.mydomain.net. >> @ IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.mydomain.net. >> @ IN NAPTR 30 0 "s" "SIP+D2T" "" _sip._tcp.mydomain.net. >> >> ; SRV RECORDS >> >> ; SIP >> _sips._tcp IN SRV 10 0 5060 sipx.mydomain.com. >> _sip._udp IN SRV 20 0 5060 sipx.mydomain.com. >> _sip._tcp IN SRV 30 0 5060 sipx.iguanait.com. >> >> _sips._tcp IN SRV 40 0 5060 odin.mydomain.com. >> _sip._udp IN SRV 50 0 5060 odin.mydomain.com. >> _sip._tcp IN SRV 60 0 5060 odin.mydomain.com. >> >> >> odin.mydomain.com is the server with public ip address 87.xxx.xxx.43 >> sipx.mydomain.com is sipxecs server located behind NAt on virtual box. >> It has ip 10.1.1.2. >> >> In traces the real domain is changed with 'mydomain' string and the >> public ip address is changed to 87.xxx.xxx.43. >> >> IP: 91.2xx.xxx.17 is the user's public ip address that do the outgoing >> call. >> >> IP: 10.1.1.5 is user's VPN address. >> IP: 192.168.0.23 is user's private IP address from his LAN's DHCP >> server. >> >> The called number is: 883495466 >> >> >> _______________________________________________ >> sipx-users mailing list [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users >> Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users >> sipXecs IP PBX -- http://www.sipfoundry.org/ >> > > > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: [email protected] > Fax: 434.984.8431 > > Email: [email protected] > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected] > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > Why do mathematicians always confuse Halloween and Christmas? > Because 31 Oct = 25 Dec. > > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec.
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
