Hi, We found another better solution for users that should use openvpn. They will set on their routers additional sip proxy that will help everything to work as expected ( milkfish ). This way they will not use openvpn and we can use sipxecs directly on host machine with the public ip address.
I don't have this option of installing pfsense, but outbound NAT port randomization makes sense. I will do more additional tests and try to get it working right. Thanks again for everything. Probably i will install pfsense on a separate machine and sipxecs, just for tests to see how all will work this way too. Thanks again for everything! On Fri, 2010-07-09 at 04:47 -0400, Michael Picher wrote: > Could this be outbound NAT port randomization? We use the static NAT > option in pfSense to fix this... > > On Thu, Jul 8, 2010 at 10:58 AM, [email protected] > <[email protected]> wrote: > In vpn call trace i see another thing that is also strange: > > on frame 22 we get this: > > o=CARRIER 1278507465 1278507465 IN IP4 194.221.62.154 > s=SIP Call > c=IN IP4 194.221.62.154 > t=0 0 > m=audio 41524 RTP/AVP 0 101 > a=rtpmap:0 PCMU/8000 > a=rtpmap:101 telephone-event/8000 > a=ptime:20 > > In non vpn call trace we get this: > > o=CARRIER 1278510709 1278510709 IN IP4 77.72.168.78 > s=SIP Call > c=IN IP4 77.72.168.78 > t=0 0 > m=audio 41302 RTP/AVP 0 101 > > a=rtpmap:0 PCMU/8000 > a=rtpmap:101 telephone-event/8000 > a=ptime:20 > > > You can see the difference of the IP address that it returns. > I have > know idea why. > > > > On Thu, 2010-07-08 at 10:38 -0400, Tony Graziano wrote: > > (if it were me, and its not, I would do this... > > > > > > http://blog.simpa.ba/2009/05/pfsense-on-virtualbox/ > > > > > > and do pfsense as one install on virtual box and forego > iptables, > > since pfsense has openvpn, ipsec and pptp too). > > > > On Thu, Jul 8, 2010 at 10:32 AM, Tony Graziano > > <[email protected]> wrote: > > on the vpn calls, are you using the internal ip > address of the > > pc to register or the vpn address? What happens when > you have > > the softphone use the VPN ip address? When the vpn > softphone > > registers does it show NAT or NONAT in the > registration? > > > > On Thu, Jul 8, 2010 at 4:21 AM, [email protected] > > <[email protected]> wrote: > > > > > > Hi, > > > > we have installed as you already know > sipxecs behind > > NAT on a virtual > > box guest machine. You can see my expalation > for our > > topology here in my > > previous topic: > > > > http://forum.sipfoundry.org/index.php?t=msg&th=13717&start=0&S=60af1c90c584a680911ac1565d16b0ea > > > > Now we have problem with one way audio on > outgoing > > calls and a strange > > issue related with outgoing calls when we > call via VPN > > network. > > > > In the link above you will see that Tony > Graziano sent > > to me a link with > > a diagram that is very useful. > > > > I think that our problem is that RTP ports > used in > > both legs are > > different and probably this is an issue with > iptables > > rules, but i'm i > > would like someone to confirm me this that > ports are > > different and if is > > possible to help me to solve this problem. > > > > What i see in trace is that when the invite > is sent to > > sipXproxy the > > audio port is one (30000), but in INVITE > request from > > sipXproxy to > > sipxbridge is on different port ( 30248 ). > Is that > > normal? > > > > In traces i see also that when the user that > do the > > call receive "183 > > Session In Progress" then audio port is also > different > > ( 30498 ). I > > suppose this is also wrong. Can you confirm > this? > > > > > > I attached also the iptables rules that i > use right > > now. I followed Tony > > Graziano rules from his posts in my previous > thread > > and also followed > > this article too: > > > > > > http://sipx-wiki.calivia.com/index.php/SipXbridge_Overview_and_Configuration#Firewall.2FNAT_Configuration > > > > The other problem that we experience is > related with > > calls from VPN > > network. > > > > In trace that i have attached you can see on > frame 23 > > that ACK package > > is sent to user's public IP address, not to > the VPN > > address. Also in > > frame 23 is added a new VIA line that is > wrong and > > this totally mess up > > the cominucation between sipx and user > ( using vpn ): > > Via: SIP/2.0/UDP > > > > 192.168.0.23:30256;branch=z9hG4bK-d8754z-8375c91b95668768-1---d8754z-;rport > > Contact: <sip:[email protected]:30256> > > > > So what can be the reason for this and how > to solve > > this problem? > > > > > > P.S. We have these DNS records set: > > > > ; SIP > > @ IN NAPTR 10 0 "s" "SIPS+D2T" "" > > _sips._tcp.mydomain.net. > > @ IN NAPTR 20 0 "s" "SIP+D2U" "" > > _sip._udp.mydomain.net. > > @ IN NAPTR 30 0 "s" "SIP+D2T" "" > > _sip._tcp.mydomain.net. > > > > ; SRV RECORDS > > > > ; SIP > > _sips._tcp IN SRV 10 0 5060 > sipx.mydomain.com. > > _sip._udp IN SRV 20 0 5060 > sipx.mydomain.com. > > _sip._tcp IN SRV 30 0 5060 > sipx.iguanait.com. > > > > _sips._tcp IN SRV 40 0 5060 > odin.mydomain.com. > > _sip._udp IN SRV 50 0 5060 > odin.mydomain.com. > > _sip._tcp IN SRV 60 0 5060 > odin.mydomain.com. > > > > > > odin.mydomain.com is the server with public > ip address > > 87.xxx.xxx.43 > > sipx.mydomain.com is sipxecs server located > behind NAt > > on virtual box. > > It has ip 10.1.1.2. > > > > In traces the real domain is changed with > 'mydomain' > > string and the > > public ip address is changed to > 87.xxx.xxx.43. > > > > IP: 91.2xx.xxx.17 is the user's public ip > address that > > do the outgoing > > call. > > > > IP: 10.1.1.5 is user's VPN address. > > IP: 192.168.0.23 is user's private IP > address from his > > LAN's DHCP > > server. > > > > The called number is: 883495466 > > > > > > > > > _______________________________________________ > > sipx-users mailing list > [email protected] > > List Archive: > > > http://list.sipfoundry.org/archive/sipx-users > > Unsubscribe: > > > http://list.sipfoundry.org/mailman/listinfo/sipx-users > > sipXecs IP PBX -- http://www.sipfoundry.org/ > > > > > > > > > > > > -- > > ====================== > > Tony Graziano, Manager > > Telephone: 434.984.8430 > > sip: [email protected] > > Fax: 434.984.8431 > > > > Email: [email protected] > > > > LAN/Telephony/Security and Control Systems Helpdesk: > > Telephone: 434.984.8426 > > sip: [email protected] > > Fax: 434.984.8427 > > > > Helpdesk Contract Customers: > > http://www.myitdepartment.net/gethelp/ > > > > Why do mathematicians always confuse Halloween and > Christmas? > > Because 31 Oct = 25 Dec. > > > > > > > > > > > > -- > > ====================== > > Tony Graziano, Manager > > Telephone: 434.984.8430 > > sip: [email protected] > > Fax: 434.984.8431 > > > > Email: [email protected] > > > > LAN/Telephony/Security and Control Systems Helpdesk: > > Telephone: 434.984.8426 > > sip: [email protected] > > Fax: 434.984.8427 > > > > Helpdesk Contract Customers: > > http://www.myitdepartment.net/gethelp/ > > > > Why do mathematicians always confuse Halloween and > Christmas? > > Because 31 Oct = 25 Dec. > > > > > > > _______________________________________________ > sipx-users mailing list [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users > Unsubscribe: > http://list.sipfoundry.org/mailman/listinfo/sipx-users > sipXecs IP PBX -- http://www.sipfoundry.org/ > > > > > -- > There are 10 kinds of people in this world, those who understand > binary and those who don't. > > [email protected] > blog: http://www.sipxecs.info > call: sip:[email protected] _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
