Re: [pfSense Support] pfSensce - SIP Limitations

Thu, 17 Apr 2008 01:17:29 -0700 

Hi Lloyd,
I don't know of a solution for your specific issue, but I thought I'd at least suggest an alternative that I currently use. 

I have this setup:

Network 1
-----------------

- Asterisk Server running with a private IP address - avoids security  
issues with SIP registration, since my setup 1.4.x doesn't support  
registration over TLS/SSL.

- pfSense openvpnserver

Network 2
-----------------
- Several soft and hard IP phones behind pfsense openvpn client


The two networks are joined using a SSL VPN over UDP and I can have as  
many devices in either network.



I know this is not a direct solution to your requirements, but thought  
I'd suggest it as an alternative. It also has the advantage of  
securing your currently public Asterisk server.


BR

Merul

On 16 Apr 2008, at 16:30, Aloysius Thevarajah Lloyd wrote:

Hello,

I am having trouble to configure the pfsense. Any help appreciate.


I am using the most recent pfSense 1.2-RELEASE built on Sun Feb 24  
17:04:58 EST 2008


Newtwork 1
-----------------

- Asterisk server running with a Public IP address. No Firewalls.


Network 2 with pfSense
----------------------------------


- Two Astra Phones behind the pfsense firewall trying to register  
with the Remote asterisk server.


- Only one client can connect at a time?

- But when I use a Linksys or snapgear it works works for me.



Is this a pfSense Limitaion related to SIP or Am I missing something  
in the pfsense settings ?




Also I find the following from the pfSense web site ... www.pfsense.com 
 -> info -> features



SIP Limitation - By default, all TCP and UDP traffic other than SIP  
and IPsec gets the source port rewritten. More information on this  
can be found in the static port documentation. Because this source  
port rewriting is how pf tracks which internal IP made the  
connection to the given external server, and most all SIP traffic  
uses the same source port, only one SIP device can connect  
simultaneously to a single server on the Internet. Unless your SIP  
devices can operate with source port rewriting (most can't), you  
cannot use multiple phones with a single outside server without  
using a dedicated public IP per device. The sipproxd package will  
provide a work around for this issue, and is currently under  
development.


Any help help appreciate.



Thank you
Lloyd



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to