Asterisk PBX behind pfsense, state problems

mandd

Hello,
I configured asterisk to update external host by adding

nat=yes
externhost=mydomain.selfip.net
externrefresh=120
localnet=10.10.10.0/255.255.255.0

to sip_nat.conf
however, pfsense creates a state
tcp  192.168.9.6:20545 -> 66.66.163.170:56902 -> 70.34.32.138:3389  ESTABLISHED:ESTABLISHED
          ^MY PBX BOX^          ^my external ip^           ^VOIP Provider^

(((When external ip changes, this state is not updating)))

I am using ppoe dsl, and I can not get a static ip with my provider.
For some reason whenever my ip changes, pfsense never updates/restarts the state,
and my voip registry drops, and is unable to reconnect, until I manually remove/delete the state
from Diagnostics: Show States pfsense page.

someone else already had this problem
http://forum.pfsense.org/index.php?topic=6531.msg58027
but it was never solved.

I also tried  1.2.3-PRERELEASE-TESTING-VERSION
But the problem persists.

Any advice?
Thank you!

billm

Create a rule for this connection on your LAN interface and under advanced options change the state timeout to be less than your registration timeout.  Make sure that rule is above your default allow rule.  Should be all you need to do.

–Bill

mandd

Thank you Bill. Will try and report back.

mandd

pfsense just wont timeout that state, I tried everything:

udp  10.10.10.80:5060 -> 67.46.139.74:5060 -> 208.68.18.229:5060  MULTIPLE:MULTIPLE
                  PBX BOX                MY PPOE IP          VOIP Provider

rules I tried:

All rules
State Timeout in seconds  300
State Type Keep state

(ON WAN)
Proto  Source  Port  Destination  Port  Gateway  Schedule  Description

TCP/UDP 10.10.10.80 * * * *    
TCP/UDP * * 208.68.18.229 * *    
TCP/UDP * * 10.10.10.80 * *

(ON LAN )

TCP/UDP  *  *  10.10.10.80  *  *         
        TCP/UDP 208.68.18.229 * * * *    
TCP/UDP 10.10.10.80 * * * *    
TCP/UDP * * 208.68.18.229 * *

but the state just wont timeout,
all rules are located at the top pf the list.

mandd

any advice, tried everything

Netview

try to activate dnsmgr.conf:

[general]
enable=yes		; enable creation of managed DNS lookups
			;   default is 'no'
refreshinterval=120	; refresh managed DNS lookups every <n> seconds
			;   default is 300 (5 minutes)</n>

mandd

using FreePBX,
dnsmgr.conf  was not in /etc/asterik
So I created it, rebooted,
same problem.

billm

@mandd:

pfsense just wont timeout that state, I tried everything:

udp  10.10.10.80:5060 -> 67.46.139.74:5060 -> 208.68.18.229:5060  MULTIPLE:MULTIPLE
                  PBX BOX                MY PPOE IP          VOIP Provider

rules I tried:

All rules
State Timeout in seconds  300
State Type Keep state

What's the registration interval?  If it's 300, you need to have state timeout no greater than 290 (10 second state flush timer).  However, default state timeout for UDP is 30 seconds.  I know my provider requires 30 second re-registrations, so in your case, I'd have to change the state timeout on this to 20 seconds at most (knowing that it's only a couple of packets, I'd be tempted to just make it 10 seconds).

–Bill

MrEmbedded

I am having a similar issue but with a static IP.  I have a multiwan setup with one static cable and one pppoe DSL.  I have the voip traffic all pushing through the static connection.  There are 2 different voip providers I am using.  One has no issues and the other always loses registration overtime and I have to clear the state manually to fix this.  The state always says multiple:multiple and has 2 entries for in/out paths.  I am trying the state timeout to see if it will help me in this scenario.

Funny thing is when I push the traffic from that provider out through the pppoe link everything works well but I have no traffic shaper as that has been configured on the static line and there is no multiwan traffic shaper yet.  I need the shaper because calls tend to get choppy when it gets busy otherwise.