FreeSWITCH package for pfSense 1.2.1 and 2.0 released. PBX or Proxy
-
Does anybody have a pointer ?
We already are running a PFSense Box as the main Firewall in our test environment. We now what to add a separate PFSense box with the Freeswitch package, and running just for that purpose.Do I need to setup
a "Transparent Firewall"
b "Bridge w/th Outbound NAT'
c "Router [Disable Firewall] + Bridge]" ?Sorry if these options don't make sense, but hopelly they will make you smile :). Point being is that I should be able to work all on the WAN as a single network device and not need all the extra NATing,
Unfortunately my alternative if I cant get moving forward is to use askozia. I only have 5 days applied to this test. 3 to go.
-
Does anybody have a pointer ?
We already are running a PFSense Box as the main Firewall in our test environment. We now what to add a separate PFSense box with the Freeswitch package, and running just for that purpose.Sounds good.
a "Transparent Firewall"
b "Bridge w/th Outbound NAT'
c "Router [Disable Firewall] + Bridge]" ?What you do for choice a, b, or c is dependent on you are trying to accomplish. For example if your phones are always going to be in the same network, and or you are using a point to point vpn between locations then setting the FreeSWITCH machine inside NAT should work fine.
However if you want to have FreeSWITCH work inside your office and phones work outside the office without a VPN then the easiest way would be to give the FreeSWITCH machine a real world IP on the WAN. If it is static you can use the IP address or a domain. If the IP is dynamic then use a dynamic dns provider to provide a domain name. If you choose to use a domain name then you will need to set the domain= from the 'var' tab to the domain you are wanting to use.
You can disable the firewall if you have a firewall in front of the FreeSWITCH machine. However my preference still leans toward a higher level of security by leaving the firewall on so that it firewalls itself. Really this depends on if its has a public IP then yes I would leave the firewall in tact. If FreeSWITCH machine is on the LAN IP and there are only a few people connected to the LAN then you might be okay with the firewall disabled.
Sorry if these options don't make sense, but hopelly they will make you smile :). Point being is that I should be able to work all on the WAN as a single network device and not need all the extra NATing,
At this moment you still need the LAN port. I have PHP communicating with the FreeSWITCH package over the LAN interface. However I be changing this soon so that it will work with one or more interfaces.
Unfortunately my alternative if I cant get moving forward is to use askozia. I only have 5 days applied to this test. 3 to go.
I will attempt to help you get this working before your deadline.
-
Announcing a few more features that I stayed up all night to add.
1. Auto Attendant timeout. The recording plays one time and then the timeout is used to allow more time for dtmf to be detected. If no dtmf is detected during that time the system will direct the call to the timeout out option 't'.
2. Backup and Restore feature I felt was an important feature.
I have added a backup and restore buttons to the 'Status' tab. When you click on the backup button a /usr/local/freeswitch directory is tar gzipped and saved into /tmp/ directory as freeswitch.bak.tgz. When the file exists then the 'restore' button will be visible.The restore currently leaves the config directory alone allowing pfSense configuration to store all the configuration.
However the restore does extract the backup files to the following folders.Internal Database files keep track of registrations, voicemail details, and more.
/usr/local/freeswitch/db/Logs
/usr/local/freeswitch/log/Recordings from the 'Rec' tab are saved here.
/usr/local/freeswitch/recordings/Saves the javascript files most usefull if you have any custom scripts in this directory.
/usr/local/freeswitch/scripts/Voicemail audio files are stored in this location
/usr/local/freeswitch/storage/–-----------------------------------------------------
If you are using a version less than 0.4.1 then you should
manually create the backup before upgrading using the
following command.Diagnostics->Command->PHP Execute->Command
system('cd /usr/local/;tar cvzf /tmp/freeswitch.bak.tgz freeswitch');After you have upgraded to 0.4.1 or higher then you will have the
backup button that you can use at any time.If /tmp/freeswitch.bak.tgz file exists during the install then the
restore will automatically run directory content to /usr/local/freeswitch.
Upgrading the FreeSWITCH pfSense package:
System-> Package Manager-> Installed Packages
Updateat this time the any of the 'Reinstall' buttons will not likely work.Its working nowAt this time the upgrade procedure is to make the backup and then remove the FreeSWITCH package.
Then install the package again. During the installation it will detect the backup and restore the additional directories. -
Thanks for the advise, so let me understand
For now I will setup the FreeSwitch box behind the NAT [ Other pfsense box ] inside the LAN network.
- I can have Firewall on … got that ...
- I can connect just the LAN of FreeSwitch Box and give it a static private IP part of our existing network and move on, no need for bridging or anything else
- I suppose when you update the package we can choose which network port to use. In either case with just the LAN network port and an ethernet cable I should be fine, ... but what about NATing on that box ? will that interfere ?
Thanks in advance
-
To clarify the previous message about NAT it is possible to setup FreeSwitch behind NAT as well have phones on the inside and the outside of the network. However there is more of a learning curve for to do it for starters you would want to configure NAT to direct the traffic to the FreeSwitch Server, configure Rules to allow the traffic, and then finally there are additional changes required to make FreeSWITCH work. See wiki.freeswitch.org for additional NAT details.
- I can connect just the LAN of FreeSwitch Box and give it a static private IP part of our existing network and move on, no need for bridging or anything else
Honestly I have not tried it from the LAN. When I have run it as a dedicated device I ran it on the WAN with the IP on the WAN using a local network IP. Then on the LAN I left that interface unplugged.
If you use the static IP on the LAN make sure to go to the 'var' tab as previously described and set the domain = to the lan ip.
Then restart the FreeSWITCH service.- I suppose when you update the package we can choose which network port to use. In either case with just the LAN network port and an ethernet cable I should be fine, … but what about NATing on that box ? will that interfere ?
If you use the WAN interface only then no traffic travels from the WAN to the LAN and so there is no NAT involved. This may be the case with the using only the LAN interface I haven't tried it. I think you might run into a problem on the LAN side with the LAN trying to find the Gateway to the internet that is defined on the WAN in pfSense 1.2.1.
-
I'm pretty sure the sip useragent binds to all interfaces, so it won't matter what interface you have plugged in…
-
First off thank you for all the help. I think that once this is all setup and tested it may make sense to provide you documentation of how we have set it up and add your settings to it and present it as a tutorial to share to others for configuring Freeswitch with this case scenario.
So after reading your response I will follow your direction and plug the Ethernet into the WAN network interface, as you explained that it will eliminate that whole NAT stuff.
So…
We have a PFSENSE firewall and then in the network we have a PFSENSE / Freeswitch device with 2 Network interfaces but we use just the WAN set with DHCP [ the address is static given from the DHCP Server ]Now I suppose that we still need to open ports and add port forwarders to direct traffic to the FREESwitch box…
Where can I find all that Jazz ? and do I need to follow the steps of implementing the sipproxy package on either the PFSENSE box or the Freeswitch box ?Regards,
-
First off thank you for all the help. I think that once this is all setup and tested it may make sense to provide you documentation of how we have set it up and add your settings to it and present it as a tutorial to share to others for configuring Freeswitch with this case scenario.
A variety of tutorials is a good thing. No one is likely to complain about too much documentation. Keep in mind much of the information at wiki.freeswitch.org still applies to this package.
So after reading your response I will follow your direction and plug the Ethernet into the WAN network interface, as you explained that it will eliminate that whole NAT stuff.
Ok.
So…
We have a PFSENSE firewall and then in the network we have a PFSENSE / Freeswitch device with 2 Network interfaces but we use just the WAN set with DHCP [ the address is static given from the DHCP Server ]DHCP is fine as long as its is reserved static IP.
Now I suppose that we still need to open ports and add port forwarders to direct traffic to the FREESwitch box…
Where can I find all that Jazz ? and do I need to follow the steps of implementing the sipproxy package on either the PFSENSE box or the Freeswitch box ?You don't need to over complicate things add more complexity if you need it. So for example siproxd may not be needed. I would only through it in the mix if I needed it. Your phones will all be talking to the phone system as in the pfSense FreeSWITCH box. It is the only thing that will talk outside of the network to a VoIP provider (ITSP). If there is someone that knows Siproxd better than me feel free to share your knowledge but as far as I'm aware siproxd is most useful for situations where you have multiple devices in one network going out to an offsite PBX or VoIP provider.
On the machine that is the dedicated pfSense FreeSWITCH box set some 'Rules' on it to allow the VoIP traffic to the WAN interface. SIP protocol on FreeSWITCH uses 5060 - 5090 and can communicate over TCP or UDP. RTP (Real time protocol) uses ports 16384 - 32768 UDP. You do not need to configure NAT. It is not necessary to configure because FreeSWITCH will bind to the WAN a translation of the WAN address to LAN is not needed in this case unless you make FreeSWITCH bind to the LAN.
-
tusc notified me of some bugs he had found today. An issue where in some cases you would see an error on the 'Rec' tab. And there was a problem on the 'Dialplan' tab if you edited and then saved the dialplan the dialplan information was being saved to the wrong position xml path in pfSense. These bugs have been fixed. It is highly recommended you upgrade your install.
Make sure you are using version 0.4.2 or higher. To do this use the backup button on the status tab then remove the package and install it again.
Please feel free to post suggestions, encouragement, or bugs so they can be fixed immediately.
Best Regards,
Mark
-
Another improvement to note the FreeSWITCH package no longer requires the LAN interface to drive the 'Status' page and some of the other socket communication. This clears the way for appliance support.
Conference:
Default config has three sets of conference lines one for 8khz, 16khz and 32khz audio.8khz extension 3001-3099
16khz extensions 3101-3199
32khz extensions 3201-3299IVR example:
5000Call Park:
park 5900
unpark 5901Echo Test:
9996Hold Music:
9999Call Groups
Ring several phones at once. Ring all phone extensions in a group all at once or in order. Any two digit group number may be used. The following example will use group number 01.Add to Group
81[2 digit group number]
Calling Extension 8101 will add the current phone to group 01.Delete from Group
80[2 digit group number]Calling Extension 8001 will remove the current phone extension from group 01.
Ring Group Simultaneous
82[2 digit group number]Calling Extension 8201 will ring all phone extensions in group 01.
Ring Group Order
83[2 digit group number]Calling Extension 8201 will ring the first phone extensions in group 01 followed by the next phone in the group and then ring the next phone extension in the group until the call is answered.
More options available they are defined under the 'Dialplan' 'default.xml' button.
-
pfSense user: tusc has found a bug that is now fixed in the latest version 0.4.5. It has to do with using multiple conditions when working with the 'Public' tab. This issue also affected and has been fixed for the 'Dialplan'. Thanks tusc for finding and notifying me so that this could be improved.
-
FreeSWITCH package is now working on pfSense 2.0 even when run with only 1 interface (appliance mode).
-
I just want to say that having this package is awesome.
I've always been intimidated by SIP, except to get a PAP2 running at home.
I know a lot of us newbs looking at this are still overwhelmed, but I know after some more reading I will try it out. For a newb to sip, there are so many options that I don't exactly know where to start. Ok, ok, I do know, more reading :)I will say that making this available here is extremely encouraging. I am finally starting to see the light at then end of the tunnel.
Thank you for all your hard work "mcrane"
-
Sorry if this is a bit off topic…but is there a reason you (MCCRANE) chose FreeSWITCH vs something like sipXecs as a package?
-
scottnguyen:
sipXecs looked pretty good here is my reasons for not going with it.
1. sipXecs already has a GUI and a company backing it. I'm not sure what language the GUI was in by I wanted one in PHP.
2. I'm not an expert on sipXecs but my impression is its limited to SIP only.
3. sipXecs is LGPL which I like better than the GPL however I like the MPL even better than the LGPL.Spend some time to learn more about FreeSWITCH it will be worth your time.
FreeSWITCH configuration by default is XML. pfSense's config is stored in XML. So it seemed a good fit.
FreeSWITCH is also modular, extensible, scalable, multi-platform, can interface with multiple languages, remote access is possible over xml rpc, over a network socket, can be a VoIP SWITCH, Proxy, soft phone, and/or PBX.
-
tester_02: Configuring the linksys pap2t is a good start. Reading about FreeSWITCH here on the forum should help. In addition to that take a look at http://wiki.freeswitch.org. Do your best to read through the information then feel free to ask questions. Good Luck!
I mentioned this in a comment on the blog but want to make sure it gets noticed.
Voicemail.
To access your voicemail you can dial extension 4000 then your id (extension number) then the voicemail password. This can be accessed from any extension on the system or from any phone through the IVR (auto attendant).
In addition to that if your extension is 1001 and you were currently on that extension you simply call extension 1001 and it will go to your voicemail.
-
I'm pretty interested in this package. I've had an asterisk server running for … years? behind a pfsense box; it works great.
I'm a little leary of having to learn freeSwitch; I've got all my steps and knowledge down for installing ubuntu server and then asterisk / FreePBX on top of it.
But reducing the number of manchines running in my house by one is very appealing. My config is pretty simlpe too; so I don't forsee any problems migrating. I do have a couple 'if this line rings; call my cell / voip phone / house phone until one of them picks up' - I'd hate to lose that sort of functionality.
And with FreePBX just putting freeSwitch on their coming soon page; this could all get very interesting fast.
Just wanted to state my interest as well; I look forward to trying this out soon.
-
Installed the freeswitch package, upgraded to Rc3, saw these errors at the bottom of the page during the reinstall after upgrade:
Warning: fsockopen(): unable to connect to 76.11.76.41:8021 in /usr/local/pkg/freeswitch.inc on line 92 Warning: socket_set_blocking(): supplied argument is not a valid stream resource in /usr/local/pkg/freeswitch.inc on line 93 Warning: fsockopen(): unable to connect to 192.168.1.1:8021 in /usr/local/pkg/freeswitch.inc on line 92 Warning: socket_set_blocking(): supplied argument is not a valid stream resource in /usr/local/pkg/freeswitch.inc on line 93 no handle
I'm guessing this is just because there is no rule for the event socket. Solution is to surpress these warnings? Or warn that ports should be opened? Or option 3, I missed the mark completely.
-
Installed the freeswitch package, upgraded to Rc3, saw these errors at the bottom of the page during the reinstall after upgrade:
I'm guessing this is just because there is no rule for the event socket. Solution is to surpress these warnings? Or warn that ports should be opened? Or option 3, I missed the mark completely.
A rule is not necessary for the even socket unless there are strict rules for outbound access. Supressing the warning would hide the problem but not fix it.
The problem is that it tries to connect to the socket for only 1 second before giving up. In some cases 1 second isn't long enough. FreeSWITCH package 0.4.7 will now try for 3 seconds hopefully this will be sufficient. Also removed some necessary files from the default config.
-
adrianhensler, Freeswitch can do everything you're talking about with the bridge application in the dialplan…check it out! :)
http://wiki.freeswitch.org/wiki/Misc._Dialplan_Tools_bridgecall