Asterisk PBX behind pfsense, state problems



  • Hello,
    I configured asterisk to update external host by adding

    nat=yes
    externhost=mydomain.selfip.net
    externrefresh=120
    localnet=10.10.10.0/255.255.255.0

    to sip_nat.conf
    however, pfsense creates a state
    tcp  192.168.9.6:20545 -> 66.66.163.170:56902 -> 70.34.32.138:3389  ESTABLISHED:ESTABLISHED
              ^MY PBX BOX^          ^my external ip^           ^VOIP Provider^

    (((When external ip changes, this state is not updating)))

    I am using ppoe dsl, and I can not get a static ip with my provider.
    For some reason whenever my ip changes, pfsense never updates/restarts the state,
    and my voip registry drops, and is unable to reconnect, until I manually remove/delete the state
    from Diagnostics: Show States pfsense page.

    someone else already had this problem
    http://forum.pfsense.org/index.php?topic=6531.msg58027
    but it was never solved.

    I also tried  1.2.3-PRERELEASE-TESTING-VERSION
    But the problem persists.

    Any advice?
    Thank you!



  • Create a rule for this connection on your LAN interface and under advanced options change the state timeout to be less than your registration timeout.  Make sure that rule is above your default allow rule.  Should be all you need to do.

    –Bill



  • Thank you Bill. Will try and report back.



  • pfsense just wont timeout that state, I tried everything:

    udp  10.10.10.80:5060 -> 67.46.139.74:5060 -> 208.68.18.229:5060  MULTIPLE:MULTIPLE
                      PBX BOX                MY PPOE IP          VOIP Provider

    rules I tried:

    All rules
    State Timeout in seconds  300
    State Type Keep state

    (ON WAN)
    Proto  Source  Port  Destination  Port  Gateway  Schedule  Description

    TCP/UDP 10.10.10.80 * * * *    
    TCP/UDP * * 208.68.18.229 * *    
    TCP/UDP * * 10.10.10.80 * *

    (ON LAN )

    TCP/UDP  *  *  10.10.10.80  *  *         
            TCP/UDP 208.68.18.229 * * * *    
    TCP/UDP 10.10.10.80 * * * *    
    TCP/UDP * * 208.68.18.229 * *

    but the state just wont timeout,
    all rules are located at the top pf the list.



  • any advice, tried everything



  • try to activate dnsmgr.conf:

    [general]
    enable=yes		; enable creation of managed DNS lookups
    			;   default is 'no'
    refreshinterval=120	; refresh managed DNS lookups every <n> seconds
    			;   default is 300 (5 minutes)</n>
    


  • using FreePBX,
    dnsmgr.conf  was not in /etc/asterik
    So I created it, rebooted,
    same problem.



  • @mandd:

    pfsense just wont timeout that state, I tried everything:

    udp  10.10.10.80:5060 -> 67.46.139.74:5060 -> 208.68.18.229:5060  MULTIPLE:MULTIPLE
                      PBX BOX                MY PPOE IP          VOIP Provider

    rules I tried:

    All rules
    State Timeout in seconds  300
    State Type Keep state

    What's the registration interval?  If it's 300, you need to have state timeout no greater than 290 (10 second state flush timer).  However, default state timeout for UDP is 30 seconds.  I know my provider requires 30 second re-registrations, so in your case, I'd have to change the state timeout on this to 20 seconds at most (knowing that it's only a couple of packets, I'd be tempted to just make it 10 seconds).

    –Bill



  • I am having a similar issue but with a static IP.  I have a multiwan setup with one static cable and one pppoe DSL.  I have the voip traffic all pushing through the static connection.  There are 2 different voip providers I am using.  One has no issues and the other always loses registration overtime and I have to clear the state manually to fix this.  The state always says multiple:multiple and has 2 entries for in/out paths.  I am trying the state timeout to see if it will help me in this scenario.

    Funny thing is when I push the traffic from that provider out through the pppoe link everything works well but I have no traffic shaper as that has been configured on the static line and there is no multiwan traffic shaper yet.  I need the shaper because calls tend to get choppy when it gets busy otherwise.


Log in to reply