FreePBX & state table any progress?
-
Also, on that thread: http://forum.pfsense.org/index.php/topic,18053.msg198634.html#msg198634
I tried issueing that command from the PFsense Shell,
pfctl -b 204.155.28.10
and that command does actually fix my SIP registration on my FREEPBX machine, in the post he has you add the line that fires it to: '/usr/local/sbin/ppp-linkup' which im assuming that file gets ran every time the link is up? but if with my issue the link never really goes down and its just my ISP doing shifty things that change my IP address and cause me to drop connection to whatever server im connected to(I always lose connection to WOW/Diablo 3 when they do it and I have to reconnect) then that file may never get called.
Is there any file/script that gets ran when the WAN/GATEWAY IP changes? If so then I could have the script that runs 'pfctl -b 204.155.28.10' triggered from there
-
I have the same issue, BUT i do not believe this mine is state table related. I have cable internet and even though my IP address is "dynamic", I've had the same WAN IP address for over a year now. However, I do run siproxd as I have numerous internal SIP devices that connect to more than one external SIP provider. And on Outbound NAT, i have "static ports = no" as I found setting it to yes seemed to hose up siproxd's functions. I haven't run packet captures yet on the LAN and WAN ports, so still need to do that. When i purge the state table of any SIP related entries, it does NOT work. When I flush the entire state table, it still does not work. I can then restart siproxd, and still no go. HOWEVER, if I reboot the pfSense server, it starts working again. It may go a fews hours to as long as 72+ hours before "request sent" shows back up in the asterisk sip registry for my provider. Odd thing is that NONE of the internal SIP devices setup to go through siproxd ever lock up. Only the sip registration from the asterisk server (FreePBX Distro now, but it did it with the other asterisk setups I tried - and I do have nat=yes, qualify=yes and the extern_ip all setup). My pfSense is:
2.0.1-RELEASE (i386)
built on Mon Dec 12 18:24:17 EST 2011
FreeBSD 8.1-RELEASE-p6I haven't tried the latest yet. Though my asterisk server bypasses siproxd (I'm pretty sure, at least it does not show up in its registration table), I suspect that the issue may have something to do with siproxd and/or "static ports = no". At my office site, I have same version of pfsense and asterisk, and I do NOT use siproxd and "static ports = yes" for outbound NAT. I also have a 1:1 NAT mapping from an external IP to my asterisk server there too. My Asterisk can connect to the SAME SIP provider (that times out at my house ) all day long and long periods of time (in fact, it rarely fails to register). So, most things being equal, these basic differences must have something to do with this thread's issue as it applies to me (and maybe some of the others reading this). I need to do the packet captures, but wanted to chime in as this has been a pain the rear for some time now. I usually just reboot my home pfsense, but now would like to finally knuckle down and resolve it.
Side note edit: Another client of mine's office has the exact same setup of asterisk and pfsense as mine except he has no 1:1 NAT mappings, and like at my office, his SIP registrations to this same SIP provider never have problems either, so I don't think 1:1 NAT mapping is factor here.
Edit #2: I forgot to add that I can also restart Asterisk as a whole ("amportal restart" under FreePBX) and still no go. The only solution I have found that works consistently is to reboot pfsense.
Thanks!
-
Have you tried using DynDNS to monitor your WAN ?
-
Can you elaborate please? Thanks!
-
I haven't tested it personally, but I had jimp's recent comment in mind about the improved dyndns on 2.1:
This is already done on 2.1 during a dyndns update. If it detects the IP has changed, it will send a notification that it changed. If you have smtp notifications enabled, that means it will send you an e-mail when it happens.
http://forum.pfsense.org/index.php/topic,51413.msg275400.html#msg275400I assumed that this also meant that if pfsense's dyndns detects the IP has changed, it'll also flush any states associated with the old gateway.
-
DynDNS wouldn't be the one flushing states.
rc.newwanip will flush states when an IP changes
rc.newwanip will update dyndns when an IP changesBoth are separate independent actions taken by rc.newwanip.
-
I guess that works fine if WAN is PPPoE, but what if the external IP changes without a link-down/up event ? (as apparently is the case for the people posting here).
-
rc.newwanip runs in any case where the IP can change: pppoe, dhcp, manual, etc.
There isn't a case where the IP can change that the script doesn't already run that I'm aware of.
-
But my IP address is the same as it has been for well over a year now. So, I'm not sure I am having any IP address changing. However, I did see here or somewhere that come cable ISPs (like, mine, Comcast) are doing some "failover" node testing in the overnight hours. If I understood it correctly, the IP address change is momentary. It also might explain why my Putty session from my house to my office tends to get reset (dropped) sometime between 1am and 4am most nights. I did run some tcpdumps on the LAN and WAN interfaces on my home pfsense this morning when it was timing out and the again after I rebooted pfsense and it started working. I will look at those tonight and post what I see here. I should also be able to look at the asterisk log and see when it starts failing again and see if the timing coincides with the putty drop. I will look at these scripts too. Clearly, I'm not the only one having this problem. But, like I said, it has to involve siproxd and/or static ports = no, because on my office (which has same comcast service) pfsense, I NEVER have this problem (san siproxd and static ports = yes).
-
Can I call 'pfctl -b' from the shell? I'm running 2.1 snapshot and when I try to run it I get an "illegal option – b" error. ??
-
Can I call 'pfctl -b' from the shell? I'm running 2.1 snapshot and when I try to run it I get an "illegal option – b" error. ??
The new syntax (note: pfsense-specific) has become
pfctl -i em0 -Fs -G gwipCheck http://redmine.pfsense.org/issues/1629
-
Thanks, it isn't quite clear to me the difference between
pfctl -i em4 -Fs
and
pfctl -i em0 -Fs -G gwip
can you just elaborate a tiny bit more?
