next »

[hcoin]

It would be really nice for semi-graceful failover if the pfSense GUI would allow siproxd to specify virtual ips in addition for the incoming and outgoing interfaces as well as offering the native interface addresses.

[torontob]

Hi Guys,

I am using multiple Asterisk servers to connect to multiple providers on the internet. I also have enpoints from outside connecting to these Asterisk servers.

Endpoints connecting from outside to one of the Asterisk servers I have work just find as I have NAT forward port 5060 and RTP ports to one Asterisk server.

However, only one of my Asterisk servers can connect to the provider outside. If I try to connect more than one then the others stop working.

Should Siproxd be the answer for both inbound and outbound SIP?

Here is a diagram of what I have:


-Asterisk A -Asterisk B -Asterisk C -Asterisk D-->***pfsense1.2.3***INTERNET<--Provider(s) AND <--Endpoints

Thanks

[jmwilson86]

I am having a similiar issue. We are Running ver 1.2.3. with 3 Fonality hosted phones, and a full T1. We are also running ntop, siproxd, and a few other packages. The issue is with call quality even at low bandwidth utlilization by other network devices.  We are using RTP 10000-20000 ports with firewall rule to allow traffic from IP address.(Fonality)  Fonality gave us a host range and we are still trying to figure out how to get a DNS name from them since we cant enter a range on PFsesne? Any ideas?

We are getting the calls cut off for a few seconds every minute or two and not dropped.  We are loosing about 2-3 seconds of call quality ever 60-80 seconds.  Have ran traffic shapper till I am blue in the face and not sure what else to do!!  Any ideas.  See errors below from system log.

Jan 24 16:58:37    siproxd[49015]: siproxd.c:287 INFO:siproxd-0.7.0-4577 i386-unknown-freebsd7.0 started
Jan 24 16:58:37    siproxd[49015]: sock.c:65 INFO:bound to port 5060
Jan 24 16:58:37    siproxd[49015]: siproxd.c:241 INFO:daemonized, pid=49015
Jan 24 16:58:37    siproxd[49013]: siproxd.c:193 INFO:siproxd-0.7.0-4577 i386-unknown-freebsd7.0 starting up
Jan 24 16:58:37    siproxd[49013]: readconf.c:309 ERROR:unknown keyword in config file, line:"load_plugin=plugin_logcall.la"
Jan 24 16:58:37    siproxd[49013]: readconf.c:309 ERROR:unknown keyword in config file, line:"plugindir=/usr/local/lib/siproxd/"
Jan 24 16:51:27    siproxd[20210]: dejitter.c:404 WARNING:stopping opposite stream
Jan 24 16:51:27    siproxd[20210]: dejitter.c:397 ERROR:sendto() [74.115.98.40:13714 size=32] delayed call failed: Bad file descriptor
Jan 24 16:32:41    check_reload_status: reloading filter

also set my service curve to: 512=m1  5000=d  300=m2 for VOIP up and down.  Have made priority of 7 in parent q?  We have tried also just 300=m2 and no real difference for the voip ques.. I am beginning to think the issue is bc of my t1 but all seems ok there!

Thanks for help and insight.  I am willing to look at any and all ways to fix.

[MicroMasters]

Hi Guys,

I am using multiple Asterisk servers to connect to multiple providers on the internet. I also have enpoints from outside connecting to these Asterisk servers.

Endpoints connecting from outside to one of the Asterisk servers I have work just find as I have NAT forward port 5060 and RTP ports to one Asterisk server.

As you have pointed out, you are using the firewall and NAT. The problem with NAT is that an inbound port can be assigned to an internal address, but not multiple addresses. There are a couple of ways you can work around this issue with multiple Asterisk systems. One, you could assign each box to listen to a specific port such as one being on 5060, another on 5068, and another on 5046. Notice the span between port numbers? That is because in some cases sequential ports are used by one machine and you don't want them overlapping one another.

Another solution and generally the best solution is to put a pfSense firewall in bridged mode in front of your Asterisk servers and then all ports and functions can remain the same on all boxes. I prefer running the firewall in bridged mode as it gives me the most flexibility and standard network device installations. You will no longer have complications with ports and your rules can be very well defined for access.

For Asterisk VOIP systems it is extremely important to protect your ports from malicious intent. When you setup your rules make sure they only allow your endpoints access. I can't tell you how many times our clients have been compromised and systems rebuilt because the client insisted on public access. You should also make sure you have a very complicated / complex registration password for each account.

Bottom line, the pfSense in bridged mode will eliminate the complications NAT presents in a VOIP environment and make it much more flexible to manage access to multiple servers.

[mus1k17]

Hello
I have a question like all set and outgoing calls go and do not pass inside.
and sorry for my bad english.

[gabrielpc1190]

And what will happen if I have CARP, so my WAN have a private ip address?
I will have to use host_outbound = mypublicip in the configuration file, but how to edit the file and avoid pfsense gui to overwrite it?