Cannot install Asterisk on pfsense platform
-
Many thanks for all your advices. If this is the case it might be hard to install asterisk on the same box with pfsense. Is there any alternative or can we run pfsense on other linux OS and then we install pfsense in? Is there anyway to do implement (pfsense on other OS) or it might be not possible as the pfsense already has its OS.
Please advise
-
Best way to implement to implement this is to run everything in separate VM's. Run pfsense under one VMware instance and then run asterisk on a second vmware instance with the host OS being linux/unix….I'd opt for FreeBSD as the host OS, install vmware server and then setup the two vmware installs. If the box has enough power for it that would work for a single box configuration.
-
Running pfSense in a vmware instance in production is an exceptionally bad idea.
-
I agree with pfsense commercial support advice as it might not be an good solution to use VMWare in the production. Could you please advise if teh Asterisk can be run on the same box with pfsense? Anyone has sucessfully installed this together in the same box? Could you please provide guidance or instructions or how to?
Regards
-
Obviously we're not reading the same thread ;) If anybody had, or was able to provide guidance, they would have by now.
You have 2 options:
- Have 2 separate boxes
- Use a full install of FreeBSD and accept that you can't use pfSense
-
Yes, perhaps I have to accept that this cannot be done. Could anyone advice any good Captive Portal, DHCP, Firewall and package shaping together in a package that can be run on the Linux platform or full BSD platform?
If having that I can move the captive portal set (Captive Portal, DHCP, Firewall, and Package Shaping) to that box so that I can fully run Asterisk.
Any advice is highly appreciated!
-
@submicron:
Running pfSense in a vmware instance in production is an exceptionally bad idea.
true, never said it was a good idea but it should work. I have heard of some people doing something similar on their home connections but you talking 2 or 3 SIP phones and three computers…..not a typical office enviroment.
-
Why would it be an "exceptionally bad idea" to use Vmware in a production environment?
And are you referring to this specific product or virtual machines in general?Granted, I will always separate my pfSense physically.
-
I would say I will not go for VMWare in the production even the smallest network. We need to ensure quality. Anyway, any ideas to put them together in a high performance machine or any way to have pfsense or other recommended captive portal to run on the Linux OS?
Regards
-
-
I am also trying to do the same thing - large server, small number of phones and machines behind a captive portal.
Most peoples comments here seem to be "don't put stuff on a firewall or it stops being a firewall". Normally I would agree, but in my case (and I suspect the originators case) the firewall aspect is only tertiary - the SIP gateway and captive portal are what is important. If the SIP gateway is not doing any codec translation it uses hardly any resources whatsoever, and the captive portal is the same. In my case I don't even need a "big honking server".
So for those of you who are maybe not so paranoid, I will make this work this evening and will post my results.
Cheers,
j
-
Ok, I have asterisk 1.4.17 running on the pfsense platform. It is happily gateing 50 SIP phones with no codec translation (gsm) onto an IAX trunk to our main switch. It is also a captive portal for 20 Internet Cafe machines and a handful of wifi routers. This is all running on an Acer Celeron 2.4Ghz with 1GB RAM. Load average with traffic has yet to go over 0.1 . I haven't done any exhaustive tests, but I have no reason to believe that my actions have crippled pfsense in any way.
This is not easy to do. You must have a fully installed 6.2-RELEASE machine available on the net to pull files from. pfsense has been severely stripped! Some bizarre things were removed (split? comm? those two probably saved about 10k of space ;). You must be able to read the compile output and fix things as you go along, by pulling missing files from your fully loaded box. I wish I had made a list of everything I pulled over. Almost all in /usr/bin.
The hurdles were as follows:
- used sysinstall to get at online packages, and installed the latest gcc and gmake
- mv /usr/bin/cc and /usr/bin/cpp out of the way, then symlink to /usr/local/bin/gcc and /usr/local/bin/gpp respectively
- download the latest ports tree and unpack
- cvsup the latest asterisk source into the ports tree (was 1.4.17 for me yesterday)
- make install!
As I said above, you will have to be able to read the errors in the build output and pull missing files. Thats the biggest issue. But it IS possible, and I am quite happy with the result so far. Granted I am not using any zaptel interfaces and it is pretty much exclusively for outbound calls, so I am not stressing asterisk much, or pfsense for that matter.
Want to hear more craziness? I got X running on this beast too. Long live FreeBSD.
Cheers,
j
-
This is not easy to do. You must have a fully installed 6.2-RELEASE machine available on the net to pull files from. pfsense has been severely stripped! Some bizarre things were removed (split? comm? those two probably saved about 10k of space ;). You must be able to read the compile output and fix things as you go along, by pulling missing files from your fully loaded box. I wish I had made a list of everything I pulled over. Almost all in /usr/bin.
This is all great and all, but when pfSense puts out a new release are you going to want to do that every time? The reason I use pfSense is due to the config being an xml file. I can grab the newest release, restore the xml file, and be on my way. Just buy a separate box for pfSense or Asterik. It will save you many headaches.
-
dmz, why dont you go with the suggestion of running pfsense and any asterisk VM appliance as VMs on your server? From security point of view this is not good, but if you are OK with that then this is probably easiest to get working. asterisk is exceptionally difficult to compile, configure and run, and if you have not done it before then getting it to work on FreeBSD is not likely to happen.
