Pfsense and Asterisk….one-way audio problem with SIP

bmacauley

I have a setup with an Asterisk server in the DMZ. This Asterisk server  connects to 3 SIP voip providers…Sipgate, Gossiptel and Broadvoice.
Unfortunately I have a one way audio problem with inbound calls....ie I can't hear the external caller speak, but he can hear me speak.

I have put the usual port forwarding rules in place.....port 5060 udp and ports 10000-20000 udp. The configs for the providers seem to register correctly. I have watched the calls setting up on the asterisk console, and I have watched the network traffic on the firewall using tcpdump and its seems to be passing the audio to the correct port number.

Has anyone else come across this and what is the workaround?
I have played around with every conceivable config in sip.conf in asterisk

Is this a symptom of Pfsense(and monowall) being a symmetric nat firewall?  Is siproxd a solution?

Thanks,
Brian

sullrich

@bmacauley:

Is this a symptom of Pfsense(and monowall) being a symmetric nat firewall?  Is siproxd a solution?

Could be.  Did you try the static port option in advanced outbound nat?  Also, you could try a 1:1 NAT.

bmacauley

1:1 NAT is not available to me as an option.

Is the static port an option in v1 beta 1?

How would this correct the problem?

Thanks,
Brian

sullrich

Nope, you need to run the newer version located at http://www.pfsense.com/~sullrich/BETA2-BUGVALIDATION5/

bmacauley

How would I use the static port fuctionality for a large range of ports..,ie 10000-20000 for SIP RTP ?

Maybe siproxd is a better option…is the package working in pre-BETA2?

Thanks,
Brian

Emab

What version of Asterisk are you running?

I read that version 1.2.2 have a bug (I think similar to yours) and is resolved by version 1.2.3

bmacauley

Yep…I read that yesterday.
I'm running Asterisk 1.2.1.

Unfortunately, I've been unable to clearly understand what the bug is, or what its symptoms are.

Can you give me some insight?

My usage scenario is as follows...

I'm using 3 SIP providers...Broadvoice, SIPgate and Gossiptel. Each of these providers register correctly. A call can be made inbound via the PSTN number issued by the provider, but I can't hear the inbound caller speaking. This shows up on voicemail as well...Asterisk hangs up immediately as it cannot hear any audio. The inbound caller can hear me speaking.

My thoughts are that this is the classic 'one-way audio over SIP' problem, which can be found on certain firewall types/configurations ie symmetric firewalls. The static port feature may be the way around this. This article on pf configuration for voip suggests that static ports may be the correct method of configuring the firewall for SIP devices....
http://www.bastard.net/~kos/pf-voip.html

Thanks,
Brian

bmacauley

The bug is unrelated and affects Asterisk 1.2.2 only

http://bugs.digium.com/view.php?id=6349

Thanks,
Brian

schlouf

Brian,

I had the same issues with my SPA-3000, siproxd solves the problem but you have to declare it as an outbound proxy in you configuration. The problem I had some time ago was with the fact that I couldn't declare an outboud proxy (gateway functions of the SPA-3000 don't allow you to do so) and this was solved by the static port option. I don't know Asterisk at all, but the mechanisms should be about the same…

BTW, the siproxd package works well, the only thing that is not OK is that you have to manually adjust the outgoing interface in the config file if you are on DSL.

bmacauley

Great info, thanks!!

That confirms my thoughts. There are 2 solutions to the SIP 'one-way audio' problem…

(1)  Use static port(s) on the firewall ...available in versions higher than v1.0 beta1

(2)  Use Siproxd as an outbound proxy

My next questions are...

How do you configure static port ranges, as opposed to singular ports? ie 10000-20000 which is the standard RTP range in Asterisk

How did you install and configure Siproxd on PFsense? In the current version(v1.0 beta 1) of Pfsense the package install system isn't working for Siproxd. Does Siproxd install correctly on v1.0 beta2 or did you manaually install it?

Thanks,
Brian

schlouf

Brian,

I opened the port range in 'Rules'. My SPA-3000 uses 16384-16482 as RTP range and this is what I configured in siproxd.

Unfortunately, I have no idea how installation of siproxd goes in the current version. As of now, I  am using 1.0-PREBETA2-BUG-VALIDATION-EDITION2, but my siproxd is installed from 0.7x. If the siproxd install is broken in the current version, I guess you could always install an earlier version an put a PREBETA2 on top of it. My siproxd never ceased to function throughout the numerous upgrades. Someone else in the forum might have a better advice…

hoba

Package install should work again with the latest snapshot: http://pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-1-29-06/
Give it a try.

bmacauley

Thanks for that….I'll give it a go

Brian

kcallis

Not so much a solution as opposed to a question. I am running Asterisk as well, soon to be 1.2.2. I persuaded my provider to switch to pfsense, strictly to make use of siproxd (actually, he allowed me to install because I thought it was good for the client… Of course, my agenda was to get my sip working properly!  ;)).

I have several providers, that are SIP based, although I do shoot for IAX2 only. The question is, how do I get asterisk and siproxd to play together? Any pointers would be greatly appreciated!

K.

hoba

Did you already try to get it working following the siproxd docs http://siproxd.sourceforge.net/index.php?op=odoc ? Chapter 6.5 seems to be what you are looking for. If you get it working we would be happy to get some documentation on the process at http://doc.pfsense.org/index.php/Chapter_8:_Packages  ;D

bmacauley

I'm currently testing with…
http://pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-1-29-06/

The first step of the process is to install the Pfsense siproxd packageand this seems to install correctly in the above version.

I'll let you know how I get on with siproxd and Asterisk as I progress

Thanks,
Brian

bmacauley

I've been continuing to test this Pfsense build with siproxd and asterisk.

My finding are as follows…

(1) Siproxd

I've made several observations while trying to set up siproxd
(a)  When configuring the interfaces for siproxd using the configuration option, the display does not seem to hold my choices. On further investigation(downloaded the XML config) my settings do seem to be recorded, although there are multiple repeats due to my attempts to make the settings display

(b) I'm not really sure how to set up firewall rules on Pfsense to redirect any traffic on port 5060 within the DMZ to siproxd.

The siproxd guide details an example for linux iptables...
http://siproxd.sourceforge.net/index.php?op=odoc
What is the equivalent for pf and pfsense?

To summarize....no success with siproxd as yet

(2) Static ports

As an alternative to siproxd, I thought I'd try the new static ports option .

This fixes the 'one-way audio' problem on SIP. I now have audio both in and out using a SIP voip provider.
I've tested this with Broadvoice, Sipgate and Gossiptel.

My config in the advanced outbound NAT screen was as follows…

Iface    Src                  Src prt  Dest  Dest Prt  NAT Add  NAT Prt  Stat Port  Desc

WAN    192.168.10.0/24    *        *          *                  *                  *                YES            DMZ->WAN

Can anyone help with the firewall rules for Siproxd?

Thanks,
Brian

kcallis

I did not get things working with siproxd and asterisk. Maybe I am feeling slow to day, but I am not getting it. Where should my asterisk box be pointing. I have a connection with iconnecthere and sipphone, and fortunately these are my only 2 SIP based providers. So what I need to do to the asterisk side so I can route my SIP accounts through siproxd on the pfsense box?

K