The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - maximilian500

Pages: [1]
1
IPsec / Re: VPN VoIP Problems
« on: January 03, 2018, 04:04:36 pm »
All is good with a new Fritzbox 6590. The Thread can be marked as solved.

2
IPsec / VPN VoIP Problems
« on: December 24, 2017, 08:21:00 am »
Hello everybody,
I have been running a VPN for months and no I am on the location.

PfSense 2.4.2 --------------------------------- Fritzbox 6490
VDSL Telecom                                            KDG / Vodafone 100
50 Mbit Download                                     200 Mbit Download
10Mbit Upload                                              12 Mbit Upload
Unify OpenScape Business V2                   OpenScape Deskphone IP 55G HFA
                                                                  SIP DECT phones


Everything works so far, VPN is also great. On the side of the Fritzbox stand several OpenScape Deskphone IP 55G telephones as well as several SIP DECT telephones. Before 3 years were on both sides Fritzboxes in the employment around to manage the VPN. The voice quality was outstanding. On the one hand, the Fritzbox was now replaced by a PfSense. On the side of the Fritzbox always occurs again small milliseconds dropouts in conversation. This seems to concern only the download direction of the Fritzbox or the upload direction of the PfSense. There can be no traffic on both sides, but the interruptions are still there. On the side of the PfSense is an Unify OpenScape Business telephone system. This is where the phones of the other location register. At the location of the telephone system are different SIP Provider connected, also there is the speech quality very good. So somewhere always packages or small pieces hang. The IPSEC VPN has also been set higher with the traffic shaper. But this has not brought anything yet. Does one of you have an idea?

In addition, data transmission via SMB or via HTTP, the transmission varies between 300-700 kbyte / s. This should be actually 1 Mbyte / s

As an attachment (you will see it after you login to the forum)
-the outbound and portforward of the PFSense Figure 1-4
Configuration VPN of the PFSense Figure 5-11

Config of AVM Fritzbox:

vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "VPN MS Firewall";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remoteip = 0.0.0.0;
                remote_virtualip = 0.0.0.0;
                remotehostname = "DYNDNS NAME";
                localid {

                       
                }
                remoteid {
                        fqdn = "DYNDNS NAME";
                }
                mode = phase1_mode_aggressive;
                phase1ss = "def/3des/sha";
                keytype = connkeytype_pre_shared;
                key = "KEY PSK";
                cert_do_server_auth = no;
                use_nat_t = no;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 192.168.0.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2remoteid {
                        ipnet {
                                ipaddr = 192.168.2.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "esp-3des-sha/ah-no/comp-no/pfs";
                accesslist = "permit ip any 192.168.2.0 255.255.255.0";
        }
        ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                            "udp 0.0.0.0:4500 0.0.0.0:4500";
}


// EOF



Sincerely, and thank you for replies

maximilian500

3
IPsec / Re: VPN Dropouts and speed varies
« on: January 01, 2017, 09:11:47 am »
How can I ask the support team a question ?

4
Deutsch / Re: VPN Voip zwischen PFSense und Fritzbox
« on: December 29, 2016, 04:48:54 pm »
So habe es soweit so eingestellt, allerdings merkt man immernoch Geschwindigkeitsschwankungen, was auch die Aussetzer bei der Telefonie verantworten könnte. Bzw. es klingt so als würde Paket in Reihenfolge 1 2 3 4 5 6 7 8 geschickt werden und kommt an als 1 3 2 4 5 8 7 und das alle ca alle 8-10 Sekunden.

5
IPsec / VPN Dropouts and speed varies
« on: December 29, 2016, 01:58:41 pm »
Hello everybody,
I have been running a VPN for months

PfSense 2.3.2 --------------------------------- Fritzbox 6490
VDSL Telecom                                            KDG / Vodafone 100
50 Mbit Download                                     100 Mbit Download
10Mbit Upload                                              6 Mbit Upload
Unify OpenScape Business V2                   OpenScape Deskphone IP 55G HFA
                                                                  SIP DECT phones


Everything works so far, VPN is also great. On the side of the Fritzbox stand several OpenScape Deskphone IP 55G telephones as well as several SIP DECT telephones. Before 3 years were on both sides Fritzboxes in the employment around to manage the VPN. The voice quality was outstanding. On the one hand, the Fritzbox was now replaced by a PfSense. On the side of the Fritzbox always occurs again small milliseconds dropouts in conversation. This seems to concern only the download direction of the Fritzbox or the upload direction of the PfSense. There can be no traffic on both sides, but the interruptions are still there. On the side of the PfSense is an Unify OpenScape Business telephone system. This is where the phones of the other location register. At the location of the telephone system are different SIP Provider connected, also there is the speech quality very good. So somewhere always packages or small pieces hang. The IPSEC VPN has also been set higher with the traffic shaper. But this has not brought anything yet. Does one of you have an idea?

In addition, data transmission via SMB or via HTTP, the transmission varies between 300-700 kbyte / s. This should be actually 1 Mbyte / s

As an attachment (you will see it after you login to the forum)
-the outbound and portforward of the PFSense Figure 1-4
Configuration VPN of the PFSense Figure 5-11

Config of AVM Fritzbox:

vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "VPN MS Firewall";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remoteip = 0.0.0.0;
                remote_virtualip = 0.0.0.0;
                remotehostname = "DYNDNS NAME";
                localid {

                       
                }
                remoteid {
                        fqdn = "DYNDNS NAME";
                }
                mode = phase1_mode_aggressive;
                phase1ss = "def/3des/sha";
                keytype = connkeytype_pre_shared;
                key = "KEY PSK";
                cert_do_server_auth = no;
                use_nat_t = no;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 192.168.0.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2remoteid {
                        ipnet {
                                ipaddr = 192.168.2.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "esp-3des-sha/ah-no/comp-no/pfs";
                accesslist = "permit ip any 192.168.2.0 255.255.255.0";
        }
        ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                            "udp 0.0.0.0:4500 0.0.0.0:4500";
}


// EOF



Sincerely, and thank you for replies

maximilian500

6
Deutsch / Re: VPN Voip zwischen PFSense und Fritzbox
« on: December 28, 2016, 02:41:24 pm »
So, also inzwischen wird deutlich das die Geschwindigkeit des Tunnels wohl permanent schwankt. Das ganze sieht so aus, das man am Telefon abhebt und das Telefon weiterklingelt. Nach ein paar Sekunden ist man dann verbunden. Irgendwo scheint extrem Packet Loss aufzutreten. Ich weiss nur nicht wo. Vielleicht habt ihr ja noch eine Idee ? Die Internetverbindungsgeschwindigkeit und auch Ping schwankt nicht.

7
Deutsch / Re: VPN Voip zwischen PFSense und Fritzbox
« on: December 27, 2016, 04:55:17 pm »
Ich habe mir jetzt auch eine floating Regel erstellt. Dabei als Match alles was an eine bestimmte IP der Telefonanlage geht, als qVoip kennzeichnen lassen. Man kann es im Traffic Shaper sehen. Allerdings wird immer noch leicht Gehacktes erzeugt. Es fehlen alle paar Sekunden  Sekundenbruchteile. Wenn ich nicht so genau hinhören würde, würde man sagen ok. Aber das ist einfach schlecht. Hat denn keiner mehr eine Idee, was man noch machen kann ?

8
Deutsch / Re: VPN Voip zwischen PFSense und Fritzbox
« on: December 26, 2016, 05:12:48 am »
Hallo,
hier die Konfig der FB:

vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "VPN MS Firewall";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remoteip = 0.0.0.0;
                remote_virtualip = 0.0.0.0;
                remotehostname = "DYNDNS NAME";
                localid {

                       
                }
                remoteid {
                        fqdn = "DYNDNS NAME";
                }
                mode = phase1_mode_aggressive;
                phase1ss = "def/3des/sha";
                keytype = connkeytype_pre_shared;
                key = "KEY PSK";
                cert_do_server_auth = no;
                use_nat_t = no;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 192.168.0.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2remoteid {
                        ipnet {
                                ipaddr = 192.168.2.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "esp-3des-sha/ah-no/comp-no/pfs";
                accesslist = "permit ip any 192.168.2.0 255.255.255.0";
        }
        ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                            "udp 0.0.0.0:4500 0.0.0.0:4500";
}


// EOF

Als Anlage
-die Outbound und Portforwards der PFSense Bild 1-4
-Konfiguration VPN der PFSense Bild 5-11

Vielen Dank für eure Hilfe


9
Deutsch / VPN Voip zwischen PFSense und Fritzbox
« on: December 25, 2016, 04:43:59 pm »
Hallo zusammen,
ich habe seit Monaten eine VPN am Laufen zwischen

PfSense 2.3.2 --------------------------------- Fritzbox 6490
VDSL Telekom                                           KDG/Vodafone 100
50 Mbit Download                                    100 Mbit Download
10Mbit Upload                                              6 Mbit Upload
Unify OpenScape Business V2                  OpenScape Deskphone IP 55G HFA
                                                                 SIP DECT Telefone


Alles funktioniert soweit, VPN läuft auch prima. Auf der Seite der Fritzbox stehen mehrere OpenScape Deskphone IP 55G Telefone sowie mehrere SIP DECT Telefone. Vorher waren 3 Jahre lang auf beiden Seiten Fritzboxen im Einsatz um den VPN herzustellen. Hierbei war die Sprachqualität hervorragend. Auf der einen Seite wurde die Fritzbox jetzt gegen eine PfSense ersetzt. Dabei tritt auf der Seite der Fritzbox immer mal wieder kleine Milisekunden Aussetzer im Gespräch auf. Dies scheint nur die Download Richtung der Fritzbox bzw.  die Upload Richtung der PfSense zu betreffen. Dabei kann auch auf beiden Seiten kein Traffic stattfinden, die Unterbrechungen sind trotzdem da. Auf der Seite der PfSense steht eine Unify OpenScape Business Telefonanlage. An dieser registrieren sich die Telefone des anderen Standorts. Am Standort der Telefonanlage sind verschiedene SIP Provider angebunden, auch dort ist die Sprachqualität super. Also irgendwo bleiben immer Pakete bzw. kleinste Stückchen hängen. Auch mit dem Traffic Shaper wurde schon der IPSEC VPN von der Priorität höher gesetzt. Das hat allerdings auch noch nichts gebracht. Hat vielleicht von euch noch einer eine Idee ?

Mit freundlichen Grüßen und vielen Dank für Antworten

maximilian500

Pages: [1]