I never understood why you had to use a vpn cpnection at all other than you had a security requirement to do so. Milkfish should be unnecessary as well. If the remote router turns off SPI and any sip alg, the remote user should be functional. Why you keep adding more stuff between the remote user and the sipx system is beyond me.
On Mon, Jul 12, 2010 at 3:39 AM, [email protected] <[email protected]>wrote: > Hi, > > We found another better solution for users that should use openvpn. They > will set on their routers additional sip proxy that will help everything > to work as expected ( milkfish ). This way they will not use openvpn and > we can use sipxecs directly on host machine with the public ip address. > > I don't have this option of installing pfsense, but outbound NAT port > randomization makes sense. I will do more additional tests and try to > get it working right. > > Thanks again for everything. Probably i will install pfsense on a > separate machine and sipxecs, just for tests to see how all will work > this way too. > > Thanks again for everything! > > On Fri, 2010-07-09 at 04:47 -0400, Michael Picher wrote: > > Could this be outbound NAT port randomization? We use the static NAT > > option in pfSense to fix this... > > > > On Thu, Jul 8, 2010 at 10:58 AM, [email protected] > > <[email protected]> wrote: > > In vpn call trace i see another thing that is also strange: > > > > on frame 22 we get this: > > > > o=CARRIER 1278507465 1278507465 IN IP4 194.221.62.154 > > s=SIP Call > > c=IN IP4 194.221.62.154 > > t=0 0 > > m=audio 41524 RTP/AVP 0 101 > > a=rtpmap:0 PCMU/8000 > > a=rtpmap:101 telephone-event/8000 > > a=ptime:20 > > > > In non vpn call trace we get this: > > > > o=CARRIER 1278510709 1278510709 IN IP4 77.72.168.78 > > s=SIP Call > > c=IN IP4 77.72.168.78 > > t=0 0 > > m=audio 41302 RTP/AVP 0 101 > > > > a=rtpmap:0 PCMU/8000 > > a=rtpmap:101 telephone-event/8000 > > a=ptime:20 > > > > > > You can see the difference of the IP address that it returns. > > I have > > know idea why. > > > > > > > > On Thu, 2010-07-08 at 10:38 -0400, Tony Graziano wrote: > > > (if it were me, and its not, I would do this... > > > > > > > > > http://blog.simpa.ba/2009/05/pfsense-on-virtualbox/ > > > > > > > > > and do pfsense as one install on virtual box and forego > > iptables, > > > since pfsense has openvpn, ipsec and pptp too). > > > > > > On Thu, Jul 8, 2010 at 10:32 AM, Tony Graziano > > > <[email protected]> wrote: > > > on the vpn calls, are you using the internal ip > > address of the > > > pc to register or the vpn address? What happens when > > you have > > > the softphone use the VPN ip address? When the vpn > > softphone > > > registers does it show NAT or NONAT in the > > registration? > > > > > > On Thu, Jul 8, 2010 at 4:21 AM, [email protected] > > > <[email protected]> wrote: > > > > > > > > > Hi, > > > > > > we have installed as you already know > > sipxecs behind > > > NAT on a virtual > > > box guest machine. You can see my expalation > > for our > > > topology here in my > > > previous topic: > > > > > > http://forum.sipfoundry.org/index.php?t=msg&th=13717&start=0&S=60af1c90c584a680911ac1565d16b0ea > > > > > > Now we have problem with one way audio on > > outgoing > > > calls and a strange > > > issue related with outgoing calls when we > > call via VPN > > > network. > > > > > > In the link above you will see that Tony > > Graziano sent > > > to me a link with > > > a diagram that is very useful. > > > > > > I think that our problem is that RTP ports > > used in > > > both legs are > > > different and probably this is an issue with > > iptables > > > rules, but i'm i > > > would like someone to confirm me this that > > ports are > > > different and if is > > > possible to help me to solve this problem. > > > > > > What i see in trace is that when the invite > > is sent to > > > sipXproxy the > > > audio port is one (30000), but in INVITE > > request from > > > sipXproxy to > > > sipxbridge is on different port ( 30248 ). > > Is that > > > normal? > > > > > > In traces i see also that when the user that > > do the > > > call receive "183 > > > Session In Progress" then audio port is also > > different > > > ( 30498 ). I > > > suppose this is also wrong. Can you confirm > > this? > > > > > > > > > I attached also the iptables rules that i > > use right > > > now. I followed Tony > > > Graziano rules from his posts in my previous > > thread > > > and also followed > > > this article too: > > > > > > > > > http://sipx-wiki.calivia.com/index.php/SipXbridge_Overview_and_Configuration#Firewall.2FNAT_Configuration > > > > > > The other problem that we experience is > > related with > > > calls from VPN > > > network. > > > > > > In trace that i have attached you can see on > > frame 23 > > > that ACK package > > > is sent to user's public IP address, not to > > the VPN > > > address. Also in > > > frame 23 is added a new VIA line that is > > wrong and > > > this totally mess up > > > the cominucation between sipx and user > > ( using vpn ): > > > Via: SIP/2.0/UDP > > > > > 192.168.0.23:30256 > ;branch=z9hG4bK-d8754z-8375c91b95668768-1---d8754z-;rport > > > Contact: <sip:[email protected]:30256> > > > > > > So what can be the reason for this and how > > to solve > > > this problem? > > > > > > > > > P.S. We have these DNS records set: > > > > > > ; SIP > > > @ IN NAPTR 10 0 "s" "SIPS+D2T" "" > > > _sips._tcp.mydomain.net. > > > @ IN NAPTR 20 0 "s" "SIP+D2U" "" > > > _sip._udp.mydomain.net. > > > @ IN NAPTR 30 0 "s" "SIP+D2T" "" > > > _sip._tcp.mydomain.net. > > > > > > ; SRV RECORDS > > > > > > ; SIP > > > _sips._tcp IN SRV 10 0 5060 > > sipx.mydomain.com. > > > _sip._udp IN SRV 20 0 5060 > > sipx.mydomain.com. > > > _sip._tcp IN SRV 30 0 5060 > > sipx.iguanait.com. > > > > > > _sips._tcp IN SRV 40 0 5060 > > odin.mydomain.com. > > > _sip._udp IN SRV 50 0 5060 > > odin.mydomain.com. > > > _sip._tcp IN SRV 60 0 5060 > > odin.mydomain.com. > > > > > > > > > odin.mydomain.com is the server with public > > ip address > > > 87.xxx.xxx.43 > > > sipx.mydomain.com is sipxecs server located > > behind NAt > > > on virtual box. > > > It has ip 10.1.1.2. > > > > > > In traces the real domain is changed with > > 'mydomain' > > > string and the > > > public ip address is changed to > > 87.xxx.xxx.43. > > > > > > IP: 91.2xx.xxx.17 is the user's public ip > > address that > > > do the outgoing > > > call. > > > > > > IP: 10.1.1.5 is user's VPN address. > > > IP: 192.168.0.23 is user's private IP > > address from his > > > LAN's DHCP > > > server. > > > > > > The called number is: 883495466 > > > > > > > > > > > > > > _______________________________________________ > > > sipx-users mailing list > > [email protected] > > > List Archive: > > > > > http://list.sipfoundry.org/archive/sipx-users > > > Unsubscribe: > > > > > http://list.sipfoundry.org/mailman/listinfo/sipx-users > > > sipXecs IP PBX -- http://www.sipfoundry.org/ > > > > > > > > > > > > > > > > > > -- > > > ====================== > > > Tony Graziano, Manager > > > Telephone: 434.984.8430 > > > sip: [email protected] > > > Fax: 434.984.8431 > > > > > > Email: [email protected] > > > > > > LAN/Telephony/Security and Control Systems Helpdesk: > > > Telephone: 434.984.8426 > > > sip: [email protected] > > > Fax: 434.984.8427 > > > > > > Helpdesk Contract Customers: > > > http://www.myitdepartment.net/gethelp/ > > > > > > Why do mathematicians always confuse Halloween and > > Christmas? > > > Because 31 Oct = 25 Dec. > > > > > > > > > > > > > > > > > > -- > > > ====================== > > > Tony Graziano, Manager > > > Telephone: 434.984.8430 > > > sip: [email protected] > > > Fax: 434.984.8431 > > > > > > Email: [email protected] > > > > > > LAN/Telephony/Security and Control Systems Helpdesk: > > > Telephone: 434.984.8426 > > > sip: [email protected] > > > Fax: 434.984.8427 > > > > > > Helpdesk Contract Customers: > > > http://www.myitdepartment.net/gethelp/ > > > > > > Why do mathematicians always confuse Halloween and > > Christmas? > > > Because 31 Oct = 25 Dec. > > > > > > > > > > > > _______________________________________________ > > sipx-users mailing list [email protected] > > List Archive: http://list.sipfoundry.org/archive/sipx-users > > Unsubscribe: > > http://list.sipfoundry.org/mailman/listinfo/sipx-users > > sipXecs IP PBX -- http://www.sipfoundry.org/ > > > > > > > > > > -- > > There are 10 kinds of people in this world, those who understand > > binary and those who don't. > > > > [email protected] > > blog: http://www.sipxecs.info > > call: sip:[email protected] <sip%[email protected]> > > > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec.
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
