Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SIP hangs after a while

    Scheduled Pinned Locked Moved NAT
    14 Posts 6 Posters 8.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Boardercrime
      last edited by

      I've got a Asterisk and a SIP Adapter behind the pfsense Wrap Box.
      Forwarded Natports and Firewall Rules are following:

      WAN
      Proto    Source Port      Destination      Port              Gateway
      TCP/UPD  *        *        IP of Asterisk    5060              *
      TCP/UDP  *        *        IP of Asterisk    10000-20000    *

      IF i reset the states everything is okay, but after a while there is no connection anymore.
      I disabled the traffic shaper and activated the advanced nat. Still no luck. Any hints ?
      Before i had a M0n0wall on the WRAP,then the SIP worked.

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        What is "a while"?  You might try to add a long state timeout for these firewallrules (edit the rules, statetimout option is hiding behind one of the advanced option buttons). Maybe the state times out when the connection is idle for some time.

        1 Reply Last reply Reply Quote 0
        • B
          Boardercrime
          last edited by

          How long i should set the timeout ?
          I think after 1-2 minutes it hangs..not sure.

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            1-2 minutes? that sounds like something is closing the state. that's just too short to be a problem with state timout imo but try something like an hour just to test if something changes.

            1 Reply Last reply Reply Quote 0
            • B
              Boardercrime
              last edited by

              I seems the timeout settings is not the problem.
              Any ideas ?

              1 Reply Last reply Reply Quote 0
              • H
                Helix26404
                last edited by

                In Asterisk, try setting qualify=yes for the extension that is affected. This will force Asterisk to send "keep alive" packets to the device.

                1 Reply Last reply Reply Quote 0
                • B
                  Boardercrime
                  last edited by

                  I've got this setting already.

                  1 Reply Last reply Reply Quote 0
                  • S
                    SpLord
                    last edited by

                    any solution yet, same problem here.

                    After resetting the State table everything is working for round a day, then you has to reset the states

                    Carsten

                    1 Reply Last reply Reply Quote 0
                    • H
                      hoba
                      last edited by

                      You probably need some kind of keepalive setting for your SIP-client. I have seen devices that have a setting for this (like the AVM Fritzbox for example). Check the manuals of your device to see if it supports such a setting.

                      1 Reply Last reply Reply Quote 0
                      • S
                        SpLord
                        last edited by

                        @hoba:

                        You probably need some kind of keepalive setting for your SIP-client. I have seen devices that have a setting for this (like the AVM Fritzbox for example). Check the manuals of your device to see if it supports such a setting.

                        keepalive is active, i'm using an asterisk server which connects too some sip providers.

                        1 Reply Last reply Reply Quote 0
                        • S
                          Slam
                          last edited by

                          More settings for you guys to play with if you have a Sipura/Linksys ATA

                          (under NAT Support Parameters):
                          STUN Enable=yes, STUN Test Enable=yes, Substitute VIA Addr=yes, Send Resp To Src Port=yes, NAT Keep Alive Intvl=15, other VIA parameters=no

                          (under Line 1):
                          NAT Mapping Enable=yes, NAT Keep Alive Enable=yes

                          Regards

                          1 Reply Last reply Reply Quote 0
                          • H
                            hoba
                            last edited by

                            Try this solution: http://forum.pfsense.org/index.php/topic,4364.msg26872.html#msg26872

                            1 Reply Last reply Reply Quote 0
                            • S
                              SpLord
                              last edited by

                              Nope doesn't work.

                              Is there a possibility to trigger a state table reset when a re-dial(PPPoe) occurs?

                              1 Reply Last reply Reply Quote 0
                              • M
                                maldex
                                last edited by

                                Try to decrease the register times to 60seconds. PFsense, along with some expesive-firewalls, have UDP timeouts of 30/60 seconds… after 60 seconds the incomming INVITE will be dropped.

                                Using STUN doesnt solve the problem. stun is only used to let the phone know the public(masqueraded) address, and how it can open up UDP sessions.

                                the public IP is needed because SIP (which is osi-layer7) does also contain the IP adress, and some SIP-devices will answer only on that and not on the layer3 ip...(workaround in asterisk is NAT=Yes)

                                another good idea is to create a NAT rule which does static-port-mapping on the SIP & RTP sessions so that port 5060 stay's always 5060.....

                                things i haven't checked yet for myself:

                                • SIP over TCP. TCP-sessions have much longer timeouts...but is rarely supported
                                • Conservative mode.

                                good luck

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.