Well - I found the problem. It wasn't a pfSense issue at all - it was the fact that I had enabled SIP Keepalive timer's on the ITSP advanced settings. Every 20 seconds it was sending an empty ISP packet that would cause the 'SINGLE:NO_TRAFFIC' state and that would lock me out of inbound and outbound calls. After setting SIP Keepalives to "None" the problem is gone.
On the off chance anybody else is having this problem - that may be your solution. Peter Talbot "The information in this electronic mail message is the sender's confidential business and may be legally privileged. It is intended solely for the addressee(s). Access to this internet electronic mail message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful." "The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening any attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects. The sender's employer is not liable for any loss or damage arising in any way from this message or its attachments." [v1.0.07.109] From: [email protected] [mailto:[email protected]] On Behalf Of Talbot, Peter Sent: Monday, August 16, 2010 10:49 AM To: [email protected] Subject: [sipx-users] pfSense Oddities NO_TRAFFIC:SINGLE Hi All, After using Tony's template to get our pfSense firewall set up and handling our sipXecs bridge traffic to our ITSP we have run into a snag. I did scan the forums, but haven't found any solutions online as of yet - merely suggestions, of which most of I've looked at and tried (or double-checked settings). So clearly I am missing something, that perhaps one of you can easily point out. The one thing we are doing different from Tony's template is that our ITSP sends us signaling on port 5080, so we do have an inbound port redirect from their IP port 5080 to the Bridge on port 5060. We have a Bridge server sitting on our DMZ behind a pfSense firewall. We have a Manual Outbound NAT (static ports!) that directs anything coming from the bridge server IP to be NATted to its outside IP address. And for the most part, everything works, until.. The issue I am having is that after some period of inactivity, I get a state 'mismatch' (is the best I can describe it) where we'll see a set of connections from Bridge -> ITSP and ITSP -> bridge that are stuck in a 'NO_TRAFFIC:SINGLE' state: udp INSIDE-BRIDGE-IP:5080 <- OUTSIDE-BRIDGE-IP:5060 <- ITSP-IP:5060 SINGLE:NO_TRAFFIC udp ITSP-IP:5060 -> INSIDE-BRIDGE-IP:5080 NO_TRAFFIC:SINGLE If I clear each state, and I attempt a call, the connection comes up as expected (MULTIPLE:MULTIPLE) and everything seems to work fine after that. If sending along my pfSense config would help, I'd be willing to pass it along to someone. Thanks for any assistance! Peter Talbot "The information in this electronic mail message is the sender's confidential business and may be legally privileged. It is intended solely for the addressee(s). Access to this internet electronic mail message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful." "The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening any attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects. The sender's employer is not liable for any loss or damage arising in any way from this message or its attachments." [v1.0.07.109]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
