udp fragmentation of sip packages over pppoe
-
Hi,
I have a short question to following situation:
- Internet Access over Fiber (Fiber to RJ45 Adapter at WAN side) but with a PPPoE to the Provider.
- A FreePBX Behind the Firewall in the LAN
- Two SIP VoIP Trunks (SIP UDP) from two different SIP Providers (One is the same as the Internet Provider) on the PBX.
The problem is now that one of the two SIP Providers send SIP Invites (incoming call) to the PBX but the udp packages are fragmented because the udp package is 1496 bytes but because of pppoe the max size is 1492. The SIP Provider told me he cannot do anything from his side to minimize the packages. Is their something that i can do on the pfSense ?
Greetings
Beleggrodion -
That seems a bit large. What does the other provider send? UDP doesn't have the same mechanism as TCP to reassemble fragments. Does that provider not have other customers that use PPPoE?
-
How does the problem actually present? The PBX just drops the fragments?
Steve
-
@JKnott
As i can see the other provider sends smaller UDP packages. Both send a SIP INVITE Package. In the bigger SIP Package their are also multiple "Via:" and "Record-Route:" which are missing on the other provider. So their is more data.I don't know if the other provider has customers with PPPoE. (I don't know which is the common way in germany for internet providers, because im here in switzerland) . But because the sip provider use's his own PBX product the most customers, i think, use this and not their own PBX like FreePBX.
@stephenw10
It's look like the firewall drops the fragments and nothing reaches the PBX. If the package is smaller it reaches the PBX and all works as expected.
-
You have pfscrub disabled in System > Advanced > Firewall & NAT?
We can see the details there but that looks like the original packets are very large. Like all three of those fragments combined? In which case it would not pass on any connection.
Steve
-
Yes i have pfscrub disabled on this system.
When i look into the packages in wireshark the fragments are not combined. Each of them begins with the SIP INVITE Header and other stuff and and at the end its cut off on
... CSeq: 13522 INVITE Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: replaces, norefersub Max-Forwards: 67 Content-Type: application/sdp Content-Length: 442 v=0 o=- 1351058843 1351058843 IN IP4 xxx.x.xx.xx s=sipgate VoIP GW c=IN IP4 xxx.xx.xx.xxx t=0 0 m=audio 28186 RTP/AVP 9 8 0 107 112 3 97 18 101 a=maxptime:20 a=rtpmap:9 G722/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:107 opus/48000/2 a=rtpmap:112 G726-32/8000 a=rtpmap:3 GSM/8000 a=rtpmap:97 iLBC/8000 a=rtpmap:18 G729/8000 a=rtpmapAnd then cut off. But it shoul'd more look like
... CSeq: 14057 INVITE Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER Supported: replaces, norefersub Max-Forwards: 67 Content-Type: application/sdp Content-Length: 351 v=0 o=- 2051997395 2051997395 IN IP4 xxx.xx.xx.xx s=sGW c=IN IP4 xxx.xx.xx.xxx t=0 0 m=audio 16540 RTP/AVP 8 107 9 0 18 101 a=maxptime:20 a=rtpmap:8 PCMA/8000 a=rtpmap:107 opus/48000/2 a=rtpmap:9 G722/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:18 G729/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=sendrecv a=rtcp:16541 a=ptime:20I currently also contacted the support of the internet connection, because i think the missing udp package fragment with the last part don't reach the firewall over pppoe, but i'm not sure because i'm not expert in udp package analysis.
-
Then enable pfscrub. That is required for fragment re-assembly.
Steve
