Voip : Only one way speech is working between 2 Sites!
-
Hello,
i have 3 sites connected with openvpn using Pfsense Server:
Site A : 172.16.1.0
Site B : 172.16.2.0
Site C : 172.16.3.0the problem is that when we installed and configured the VOIP in the 3 sites, only one way speech is working between site A and Site B also Site A and site C !
for info :
Gateways :
172.16.1.254
172.16.2.254
172.16.3.254Adresse PBX :
172.16.1.200
172.16.2.200
172.16.3.200–-------------------------
in the rules (lan) of the 3 pfsenses, i autorised the communication between autocoms and i open all ports!do you have any idea about this problème ????
thanks in advance ;)
-
You might have a split route. Check to make sure that the servers can ping each other through the VPN. Also make sure that your rules also include UDP, which they probably are, but it might be allowed on one side and the default of TCP only is on the other.
-
You might have a split route. Check to make sure that the servers can ping each other through the VPN. Also make sure that your rules also include UDP, which they probably are, but it might be allowed on one side and the default of TCP only is on the other.
Hi,
The servers can ping each other through the LAN interface and VPN, and the transfer of data is good in 3 direction!
in the rules i tried to autorise the adresses ip of 3 autocoms! in the 3 servers using Protocol TCP/UDP, but i have the same probléme!
from site A i can heard the user in Site B, but he can't heard anything!!Thanks for your answer ;).
-
What ports have you authorized?
-
In the first time i autorised from 32000 to 32512 IN UDP (i found those ports in Alcatel documentation guide)""sorry for my english :-[""
also i tried the same ports for TCP and TCP/UDP,
But no résult ??? -
I would switch that to allow all tcp and udp ports through. Watch your state tables and you can adjust your FW rules based on the connection(s).
-
Do some packet capture, with wireshark, then check the RTPs stream to check if its go to the right place.
-
what did you mean by state tables and where can i find it?
thanks very much! -
what did you mean by state tables and where can i find it?
thanks very much!It is under Diag -> States.
-
It is under Diag -> States.
OK THIS IS A CAPTURE OF TABLE :
http://imageshack.us/photo/my-images/580/voip.png/for info :
our goal is to use simple telephones(analog & num) between sites and remove telephones IP. -
can you explain this :
stats table :
udp 172.16.1.200:2910 -> 172.16.11.200:24124 -> 172.16.2.200:1719 MULTIPLE:SINGLE
udp 172.16.1.200:1719 -> 172.16.11.200:10490 -> 172.16.2.200:1028 SINGLE:NO_TRAFFIC172.16.11.200 = antenne RLAN
-
Check if there is some nat configurarion for sip at your voip servers and also reduce the RTP port range for a Easier rule creation.
At asterisk its very easy to setup.
I just don't understand why are you giving up ip phones?
But its a firewall forum, not a voip one, So check these configs and see if ir works. -
Check if there is some nat configurarion for sip at your voip servers and also reduce the RTP port range for a Easier rule creation.
the protocol used for my voip configuration is H323!
can you please explain me this ( reduce the RTP port range for a Easier rule creation )?
-
the protocol used for my voip configuration is H323!
can you please explain me this ( reduce the RTP port range for a Easier rule creation )?
I do not have experience with h323 but 'google' ;) told me that both(sip and h323) signaling protocols uses RTP for media transport, in this case audio is the media.
Every time you get no audio or one way audio, it means you are having RTP issues.
At asterisk, default RTP range is from 10000 to 20000. I have no idea how h323 handles this.
Returning to firewall….
RTP packages sents 'inpackage' information telling other part how(and for who) he will return the package. When you have NAT, or server thinks he is behind NAT, the information inside the package will tell the other side to return the package to a wrong or unreachable destination. -
the protocol used for my voip configuration is H323!
can you please explain me this ( reduce the RTP port range for a Easier rule creation )?
I do not have experience with h323 but 'google' ;) told me that both(sip and h323) signaling protocols uses RTP for media transport, in this case audio is the media.
Every time you get no audio or one way audio, it means you are having RTP issues.
At asterisk, default RTP range is from 10000 to 20000. I have no idea how h323 handles this.
Returning to firewall….
RTP packages sents 'inpackage' information telling other part how(and for who) he will return the package. When you have NAT, or server thinks he is behind NAT, the information inside the package will tell the other side to return the package to a wrong or unreachable destination.maybe there is a problem in NAT ! i will wait for other idea about this because i'm newbie !
thanks alot. -
this is another captur of my state table in site C :
Proto Source -> Router -> Destination State
udp 172.16.3.200:1719 <- 172.16.1.200:4562 SINGLE:MULTIPLE
udp 172.16.1.200:4562 -> 172.16.6.200:1719 MULTIPLE:SINGLE
udp 172.16.3.200:48607 <- 172.16.1.200:1719 NO_TRAFFIC:SINGLE
udp 172.16.1.200:1719 -> 172.16.6.200:48607 SINGLE:NO_TRAFFIC
udp 172.16.1.200:4561 <- 172.16.6.200:48607 NO_TRAFFIC:SINGLE
udp 172.16.3.200:48607 -> 192.168.24.25:56773 -> 172.16.1.200:4561 SINGLE:NO_TRAFFIC -
Diagnostics –> Packet Capture
Do a "call capture" then open with Wireshark ( Telephony -> VoIP Calls -> Flow ) and check where the RTPs Come & Go, then you can figure what is happening.
-
i created this rules but no résult
source (ports) => destination (ports)
adresse PBX site A : 172.16.1.200 (UDP 32000-32512 ) => adresse PBX Site B 172.16.2.200 (UDP 32000-32512)
-
Create one with serverA => serverB and serverB => serverA.
Free all traffic between voip servers.
-
Create one with serverA => serverB and serverB => serverA.
Free all traffic between voip servers.
i did it !! no résult >:(