I think there is a firewall issue. He needs to use openvpn and iptables on the same vbox as sipx.
I suggested and sent him a link on installing the vmware image of pfsense on vbox (which could also do openvpn) and separating it from sipx, but not sure he has that option. I also sent him a working iptables config from another site, but sometimes reading those is like tea leaves. On Fri, Jul 9, 2010 at 4:47 AM, Michael Picher <[email protected]> wrote: > Could this be outbound NAT port randomization? We use the static NAT > option in pfSense to fix this... > > > On Thu, Jul 8, 2010 at 10:58 AM, [email protected] <[email protected]>wrote: > >> In vpn call trace i see another thing that is also strange: >> >> on frame 22 we get this: >> >> o=CARRIER 1278507465 1278507465 IN IP4 194.221.62.154 >> s=SIP Call >> c=IN IP4 194.221.62.154 >> t=0 0 >> m=audio 41524 RTP/AVP 0 101 >> a=rtpmap:0 PCMU/8000 >> a=rtpmap:101 telephone-event/8000 >> a=ptime:20 >> >> In non vpn call trace we get this: >> >> o=CARRIER 1278510709 1278510709 IN IP4 77.72.168.78 >> s=SIP Call >> c=IN IP4 77.72.168.78 >> t=0 0 >> m=audio 41302 RTP/AVP 0 101 >> a=rtpmap:0 PCMU/8000 >> a=rtpmap:101 telephone-event/8000 >> a=ptime:20 >> >> >> You can see the difference of the IP address that it returns. I have >> know idea why. >> >> >> On Thu, 2010-07-08 at 10:38 -0400, Tony Graziano wrote: >> > (if it were me, and its not, I would do this... >> > >> > >> > http://blog.simpa.ba/2009/05/pfsense-on-virtualbox/ >> > >> > >> > and do pfsense as one install on virtual box and forego iptables, >> > since pfsense has openvpn, ipsec and pptp too). >> > >> > On Thu, Jul 8, 2010 at 10:32 AM, Tony Graziano >> > <[email protected]> wrote: >> > on the vpn calls, are you using the internal ip address of the >> > pc to register or the vpn address? What happens when you have >> > the softphone use the VPN ip address? When the vpn softphone >> > registers does it show NAT or NONAT in the registration? >> > >> > On Thu, Jul 8, 2010 at 4:21 AM, [email protected] >> > <[email protected]> wrote: >> > >> > >> > Hi, >> > >> > we have installed as you already know sipxecs behind >> > NAT on a virtual >> > box guest machine. You can see my expalation for our >> > topology here in my >> > previous topic: >> > >> http://forum.sipfoundry.org/index.php?t=msg&th=13717&start=0&S=60af1c90c584a680911ac1565d16b0ea >> > >> > Now we have problem with one way audio on outgoing >> > calls and a strange >> > issue related with outgoing calls when we call via VPN >> > network. >> > >> > In the link above you will see that Tony Graziano sent >> > to me a link with >> > a diagram that is very useful. >> > >> > I think that our problem is that RTP ports used in >> > both legs are >> > different and probably this is an issue with iptables >> > rules, but i'm i >> > would like someone to confirm me this that ports are >> > different and if is >> > possible to help me to solve this problem. >> > >> > What i see in trace is that when the invite is sent to >> > sipXproxy the >> > audio port is one (30000), but in INVITE request from >> > sipXproxy to >> > sipxbridge is on different port ( 30248 ). Is that >> > normal? >> > >> > In traces i see also that when the user that do the >> > call receive "183 >> > Session In Progress" then audio port is also different >> > ( 30498 ). I >> > suppose this is also wrong. Can you confirm this? >> > >> > >> > I attached also the iptables rules that i use right >> > now. I followed Tony >> > Graziano rules from his posts in my previous thread >> > and also followed >> > this article too: >> > >> > >> http://sipx-wiki.calivia.com/index.php/SipXbridge_Overview_and_Configuration#Firewall.2FNAT_Configuration >> > >> > The other problem that we experience is related with >> > calls from VPN >> > network. >> > >> > In trace that i have attached you can see on frame 23 >> > that ACK package >> > is sent to user's public IP address, not to the VPN >> > address. Also in >> > frame 23 is added a new VIA line that is wrong and >> > this totally mess up >> > the cominucation between sipx and user ( using vpn ): >> > Via: SIP/2.0/UDP >> > 192.168.0.23:30256 >> ;branch=z9hG4bK-d8754z-8375c91b95668768-1---d8754z-;rport >> > Contact: <sip:[email protected]:30256> >> > >> > So what can be the reason for this and how to solve >> > this problem? >> > >> > >> > P.S. We have these DNS records set: >> > >> > ; SIP >> > @ IN NAPTR 10 0 "s" "SIPS+D2T" "" >> > _sips._tcp.mydomain.net. >> > @ IN NAPTR 20 0 "s" "SIP+D2U" "" >> > _sip._udp.mydomain.net. >> > @ IN NAPTR 30 0 "s" "SIP+D2T" "" >> > _sip._tcp.mydomain.net. >> > >> > ; SRV RECORDS >> > >> > ; SIP >> > _sips._tcp IN SRV 10 0 5060 sipx.mydomain.com. >> > _sip._udp IN SRV 20 0 5060 sipx.mydomain.com. >> > _sip._tcp IN SRV 30 0 5060 sipx.iguanait.com. >> > >> > _sips._tcp IN SRV 40 0 5060 odin.mydomain.com. >> > _sip._udp IN SRV 50 0 5060 odin.mydomain.com. >> > _sip._tcp IN SRV 60 0 5060 odin.mydomain.com. >> > >> > >> > odin.mydomain.com is the server with public ip address >> > 87.xxx.xxx.43 >> > sipx.mydomain.com is sipxecs server located behind NAt >> > on virtual box. >> > It has ip 10.1.1.2. >> > >> > In traces the real domain is changed with 'mydomain' >> > string and the >> > public ip address is changed to 87.xxx.xxx.43. >> > >> > IP: 91.2xx.xxx.17 is the user's public ip address that >> > do the outgoing >> > call. >> > >> > IP: 10.1.1.5 is user's VPN address. >> > IP: 192.168.0.23 is user's private IP address from his >> > LAN's DHCP >> > server. >> > >> > The called number is: 883495466 >> > >> > >> > >> > _______________________________________________ >> > sipx-users mailing list [email protected] >> > List Archive: >> > http://list.sipfoundry.org/archive/sipx-users >> > Unsubscribe: >> > http://list.sipfoundry.org/mailman/listinfo/sipx-users >> > sipXecs IP PBX -- http://www.sipfoundry.org/ >> > >> > >> > >> > >> > >> > -- >> > ====================== >> > Tony Graziano, Manager >> > Telephone: 434.984.8430 >> > sip: [email protected] >> > Fax: 434.984.8431 >> > >> > Email: [email protected] >> > >> > LAN/Telephony/Security and Control Systems Helpdesk: >> > Telephone: 434.984.8426 >> > sip: [email protected] >> > Fax: 434.984.8427 >> > >> > Helpdesk Contract Customers: >> > http://www.myitdepartment.net/gethelp/ >> > >> > Why do mathematicians always confuse Halloween and Christmas? >> > Because 31 Oct = 25 Dec. >> > >> > >> > >> > >> > >> > -- >> > ====================== >> > Tony Graziano, Manager >> > Telephone: 434.984.8430 >> > sip: [email protected] >> > Fax: 434.984.8431 >> > >> > Email: [email protected] >> > >> > LAN/Telephony/Security and Control Systems Helpdesk: >> > Telephone: 434.984.8426 >> > sip: [email protected] >> > Fax: 434.984.8427 >> > >> > Helpdesk Contract Customers: >> > http://www.myitdepartment.net/gethelp/ >> > >> > Why do mathematicians always confuse Halloween and Christmas? >> > Because 31 Oct = 25 Dec. >> > >> > >> >> >> _______________________________________________ >> sipx-users mailing list [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users >> Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users >> sipXecs IP PBX -- http://www.sipfoundry.org/ >> > > > > -- > There are 10 kinds of people in this world, those who understand binary and > those who don't. > > [email protected] > blog: http://www.sipxecs.info > call: sip:[email protected] <sip%[email protected]> > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec.
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
