Firewall HELP, VOIP wont work!
-
My problem is only with the Cisco phones, and I do NOT have a problem if the Trixbox is behind pfsenes. I only have the problem if the phone is behind one… I have the trixbox on public wan. The problem is not the server end, its the client end. The softphones work fine also but the Cisco phones just wont play nice...
I am going to try what one of the other members said as far as changing the time from 60 to 30 but I am a little doubtfull still...
-
Is this a remote office that will have several phones? Or a couple mobile users that want to pickup up their phone and use it at any location?
If it is a remote office setup an Asterisk/Trixbox Server and run a TFTP server on it. Set your remote Asterisk server to use the SIP as a trunk to the main PBX and then have your phones talk to the local phone system.
Honestly the Cisco phones are not the right choice for mobile use. The configuration coming to the phone over TFTP is a huge security risk. Since these phones get their config from TFTP I believe they were designed for use on a LAN where the VOIP server also resides. Ring tones have to be downloaded from the TFTP server. You could get around this by setting up a local TFTP server on the remote location so that the configs and ringtones come locally. As far as SIP working over the PFSense WAN that does work. I've done it with multiple soft phones, Linksys PAP2Ts, SPA3102, and the SPA942. However I have not yet tried it with my Cisco 7940 if I get time soon I will give it a try and report what happens.
The Linksys devices such as the PAP2T and the SPA942 are a much better choice for picking up the phone and using it at any location, it stores its config, doesn't require TFTP, the web interface is simple, and the SIP support is very good.
-
alright people–
i have a Linksys WIP300. wifi ip phone. (kinda a cheep phone but ti works good)
i have forwarded the ports of
5004-5082
10000-10050 (i edited the rtp ports on the trixbox)
and i think thats all i need ( this is all from the top of my head now)what am i doing wrong that i cant get the phones to register/ hook up to the server via the internet... iu must be the only IT10 Error here on this forum.
-
Did you setup static port? This fixes all of my sip problems. Below is a link of the settings I used for my asterisk box.
http://forum.pfsense.org/index.php/topic,7151.msg40557.html#msg40557
-
I have static ports on.
The best I can get the phones to work is I CAN get it to TFTP through pfsense and it the phone box things its registered and the phone gets the time, but it just does not register itself because it cant call out or in and has the X on the extention.
-
Did you try the siproxd package?
-
last time i tryed to use the sip proxy it didnt work.
also what about setting the Clear DF bit instead of dropping in the advace tab???
-
I had no luck with any of it… I have tried everything I could find and/or think of... :(
-
Any other ideas guys? I know been a while but been busy.
Here is what I have setup right now.
PF Sense 1.2 final
Trixbox 2.6.0.0.7 with a 1:1 nat… The phones inside our office work fine so the TB can talk to our provider fine, but any phones outside our office cant talk to our TB.. I even put a phone on a public static IP and set our firewall to allow ALL traffic from that IP and it still would not work... The phone hangs getting the TFTP file for a while than just gives up... Its odd because the phone shows the file its trying to get but just does not get it. I have tried everything on this board I can find, even tried diffrent TB installs and our firewall has been upgraded/reinstalled evne to make sure.
Is it just lost hope with these darn cisco phones and pfsense? This would not be a problem but we have 3 phones outside our office that need to connect and I really dont want to have to put the phone on the direct wan...
-
I have succeeded in getting the Linksys PAP2T and SPA942 phones working with Trixbox and Freeswitch from in and out of the office. I also have a Cisco 7940 and have used it successfully in the office. However I don't count any phone that requires a TFTP server to pickup its config as a really good choice for an out of office phone. Its probably possible but more complex because of the TFTP server. If I were to attempt this with the 7940 one method would be to setup a TFTP server and install that inside the external network. Then copy TFTP files to the TFTP server. Next choice is to setup a remote firewall that establishes a VPN and use the main TFTP server. Another choice is to use a phone that doesn't require TFTP Server like the Linksys SPA942. Perhaps the final choice is to put a bounty for SIPProxyD, OpenSer, or a step by step tutorial specifically for external Cisco TFTP Phone.
Some people have mentioned in this thread that SIP was designed poorly. I thought the same thing for a period of time. However the design allows for a SIP session to be setup and maintained at one location (useful for billing purposes). While the RTP (audio) can be moved to an another provider or in other words you can initiate the call and skip the man in the middle. That can mean better audio.