Two routers, one firewall
-
- loadbalancing voip is not really doable due to the nature of the sip >protocol (multiple ports for audiostreams and signalling, some of >them randomly choosen from a pool) and because the asterisk >probably will have issues if it's public IP is hopping between 2 IPs
In re-reading this, do you mean that if I was using a public IP on the asterisk? The reason I'm looking at pfSense is because it can handle the asterisk ports. My older watchguard firewalls don't.
So basically, it seems better if the PBX was on a private IP so would that then make a difference?
-
Without trafficshaping you already can do everything like I suggested. Use the asterisk at one of the wans, have everything else loadbalanced and failover for special services like https.
-
Without trafficshaping you already can do everything like I suggested. Use the asterisk at one of the wans, have everything else loadbalanced and failover for special services like https.
So, we might be able to use pfSense after all then. Is there a guide anywhere which clearly shows how to configure for asterisk? I just need to get that going before anything else so that we can switch over to pfSense.
Mike
-
Search the forum. I don't have an asterisk but there is a lot of info in the forum already.
-
One other question as I think about this.
What I have now are two firewalls, one for WAN1 and one for WAN2.
I am going to leave WAN1 and firewall #1 in place as things are now but here's my problem.WAN1 and 2 are going to be combined onto pfSense. For now, I need to take WAN2 SIP/RTP traffic and pass it all over to pfSense.
In order to reach pfSense, I had to give it a LAN IP of 192.168.1.3. Firewall #1 NATs for 192.168.1.0. On the WAN side of pfSense, I have WAN2's router gateway for IP and a public IP for pfSense from that network.
So, my catch is, at some point, pfSense will be taking care of the 192.168.1.0 network and all of my other private LAN segments. But in the meantime, I need to find a way to allow SIP/RTP traffic to flow into pfSense from the WAN2 network and over to an IP on firewall #1. The PBX is at 192.168.1.102 and needs to remain there.
So, is there a way in which I can do this while taking into account that firewall #1 is currently handling the 192.168.1.0 network?
Mike
-
Search the forum. I don't have an asterisk but there is a lot of info in the forum already.
I have, that's why I'm asking. it's all bits and such but nothing from scratch clearly showing a configuration just for the asterisk.
Mike
-
we will be putting in a Asterisk VoIP system in the office in the next month or so. and we have have been running pfsense fopr over a year now and it is kinda tricky to get all the setting "just right" but when you do…. just keep clean power going to the pfsense unit and life is real easy. ;D ;D
i
-
we will be putting in a Asterisk VoIP system in the office in the next month or so. and we have have been running pfsense fopr over a year now and it is kinda tricky to get all the setting "just right" but when you do…. just keep clean power going to the pfsense unit and life is real easy. ;D ;D
i
Oh oh… tricky? That's why I'm hoping for a clear document. I've got it set up in a temp manner but don't dare flow sip/rtp through it just yet.
Mike
-
not to be the dick but make one as you go and post it in the wiki.
be the Hero and Rise up!
-
not to be the dick but make one as you go and post it in the wiki.
be the Hero and Rise up!
Don't be a dick then, help a new guy :). I'm not sure my document will be of much use, I'm a newbie and that's perhaps the problem. If newbies write the documents, oh my god, it's a mess waiting to happen, isn't it?
-
It's mot much of a work to set it up for Asterisk:
1. Set up load balancer and failover.
http://doc.pfsense.org/index.php/Tutorials
http://doc.pfsense.org/index.php/MultiWanVersion1.2
Seems pool order is still not fixed in the second guide:WAN1FailsToWAN2 pool order should be WAN then WAN1/OPT1
WAN2FailsToWAN1 pool order should be WAN1/OPT1 then WAN.Another one:
http://doc.pfsense.org/index.php/Multi_WAN_/_Load_Balancing2. Make sure you enable static-port option in Outbound NAT and forward the appropriate ports to Asterisk/Trixbox (UDP 5060 and 10000-20000 are defaults) in Firewall: NAT: Port Forward.
3.Do not use sticky connections, you may try to enable it later, once you get everything working.
4. Use WAN1FailsToWAN2 or WAN2FailsToWAN1 as a gateway depending on your setup for the Asterisk/Trixbox IP in Firewall rules-LAN.
You may create an aliase fro those ports and include HTTPS and other protocols which don't like load balancing. Use this alias instead of the Trixbox IP.
5. Use the workaround for the dead states in this topic, until the team resolves the issue in a better way:
http://forum.pfsense.org/index.php/topic,7808.0.htmlThat's pretty much all about Asterisk/Trixbox setup. Does it help you?
-
Thank you very much for the help. I'll start on this tomorrow and see how far I can get. I can test over the weekend and at night since no one is on the phones.
Looks very in-depth so am hoping I'll at least get some basics going.
Thanks again.
Mike