next »

[Boardercrime]

I've got a Asterisk and a SIP Adapter behind the pfsense Wrap Box.
Forwarded Natports and Firewall Rules are following:

WAN
Proto     Source Port       Destination       Port              Gateway
TCP/UPD   *        *        IP of Asterisk    5060               *
TCP/UDP   *        *        IP of Asterisk    10000-20000    *

IF i reset the states everything is okay, but after a while there is no connection anymore.
I disabled the traffic shaper and activated the advanced nat. Still no luck. Any hints ?
Before i had a M0n0wall on the WRAP,then the SIP worked.

[hoba]

What is "a while"?  You might try to add a long state timeout for these firewallrules (edit the rules, statetimout option is hiding behind one of the advanced option buttons). Maybe the state times out when the connection is idle for some time.

[Boardercrime]

How long i should set the timeout ?
I think after 1-2 minutes it hangs..not sure.

[hoba]

1-2 minutes? that sounds like something is closing the state. that's just too short to be a problem with state timout imo but try something like an hour just to test if something changes.

[Boardercrime]

I seems the timeout settings is not the problem.
Any ideas ?

[Helix26404]

In Asterisk, try setting qualify=yes for the extension that is affected. This will force Asterisk to send "keep alive" packets to the device.

[Boardercrime]

I've got this setting already.

[SpLord]

any solution yet, same problem here.

After resetting the State table everything is working for round a day, then you has to reset the states

Carsten

[hoba]

You probably need some kind of keepalive setting for your SIP-client. I have seen devices that have a setting for this (like the AVM Fritzbox for example). Check the manuals of your device to see if it supports such a setting.

[SpLord]

You probably need some kind of keepalive setting for your SIP-client. I have seen devices that have a setting for this (like the AVM Fritzbox for example). Check the manuals of your device to see if it supports such a setting.

keepalive is active, i'm using an asterisk server which connects too some sip providers.

[Slam]

More settings for you guys to play with if you have a Sipura/Linksys ATA

(under NAT Support Parameters):
STUN Enable=yes, STUN Test Enable=yes, Substitute VIA Addr=yes, Send Resp To Src Port=yes, NAT Keep Alive Intvl=15, other VIA parameters=no

(under Line 1):
NAT Mapping Enable=yes, NAT Keep Alive Enable=yes

Regards

[hoba]

Try this solution: http://forum.pfsense.org/index.php/topic,4364.msg26872.html#msg26872

[SpLord]

Nope doesn't work.

Is there a possibility to trigger a state table reset when a re-dial(PPPoe) occurs?

[maldex]

Try to decrease the register times to 60seconds. PFsense, along with some expesive-firewalls, have UDP timeouts of 30/60 seconds... after 60 seconds the incomming INVITE will be dropped.

Using STUN doesnt solve the problem. stun is only used to let the phone know the public(masqueraded) address, and how it can open up UDP sessions.

the public IP is needed because SIP (which is osi-layer7) does also contain the IP adress, and some SIP-devices will answer only on that and not on the layer3 ip...(workaround in asterisk is NAT=Yes)

another good idea is to create a NAT rule which does static-port-mapping on the SIP & RTP sessions so that port 5060 stay's always 5060.....

things i haven't checked yet for myself:
- SIP over TCP. TCP-sessions have much longer timeouts...but is rarely supported
- Conservative mode.

good luck