How to configure Freeswitch with Dynamic IP WAN
-
Hi all,
I want to share my configuration of Freeswitch with Dynamic IP WAN.
I obviously have to thank Mcrane not only for his great job porting FS to pfSense but also for
the huge amount of time spent with me, my configuration and my poor knowdlege about FS (that
caused a lot of headhaches to him).When you have a DHCP or PPPOE connection the annoying issue is your are left without PBX when the
internet connection is down. It happens very often to me, I'm in countryside and the quality of
DSL is terrible. I have PPPoA half-bridge so when the connection goes down my WAN IP di 0.0.0.0.With this setup you will always be able to use internal extensions, I also have a Sipura-3102
with PSTN configured as gateway so I can always call outside also when WAN is down.You'll be able to register local extensions to lan profile and external extensions to internal
profiles and they can call each others.Optionally you can also enable SSLv23 for encrypted calls (but I'm not sure this way only SIP
messaging or voice data too is encrypted).1) CONFIGURE DYNAMIC DNS
Register to a dynamic dns and get an hostname, I'll use a dummy "dsl.homeip.net" for this guide.
I'm using DynDns, if you choose another provider be sure it supports "Wildcards".
Configure the ddns name in Services->Dynamic DNS and be sure to enable "Wildcards".2) CONFIGURE DNS FORWARDER
I will use as example for this guide the pfSense LAN IP 192.168.0.1.
Check "Enable DNS forwarder".
Your phones must use ONLY your pfSense LAN IP address as DNS server, check it!
Below "You may enter records that override the results from the forwarders below." add an
hostname this way, BE SURE to replace with your correct ddns and LAN IP:Host: dsl
Domain: homeip.net
IP Address: 192.168.0.1
Save configuration and check with your PC (with pfSense configured as primary DNS), ping to
dsl.homeip.net must resolve to LAN IP, ping to fs.dsl.homeip.net must resolve to your WAN IP.3) CONFIGURE INTERNAL PROFILE
Extensions from outside that register to WAN IP must use TCP protocol.
Always use your ddns, "dsl.homeip.net", for registration domain/SIP host.Go to Services->Freeswitch->Profiles and click edit for internal.xml.
Uncomment and/or set with this values:
<param name="manage-presence" value="passive">
<param name="dbname" value="share_presence">
<param name="presence-hosts" value="$${domain}">
<param name="bind-params" value="transport=tcp">
<param name="rtp-ip" value="$${local_ip_v4}">
<param name="sip-ip" value="$${local_ip_v4}">
<param name="ext-rtp-ip" value="auto">
<param name="ext-sip-ip" value="auto">
<param name="force-register-domain" value="$${domain}">4) CONFIGURE LAN PROFILE
Extensions from inside that register to LAN IP must use UDP protocol.
Always use your ddns, "dsl.homeip.net", for registration domain/SIP host.Go to Services->Freeswitch->Profiles and click edit for lan.xml.
Be sure to change 192.168.0.1 with you LAN IP!
Uncomment and/or set with this values:
<param name="manage-presence" value="true">
<param name="dbname" value="share_presence">
<param name="presence-hosts" value="$${domain}">
<param name="bind-params" value="transport=udp">
<param name="rtp-ip" value="192.168.0.1">
<param name="sip-ip" value="192.168.0.1">
<param name="ext-rtp-ip" value="192.168.0.1">
<param name="ext-sip-ip" value="192.168.0.1">
<param name="force-register-domain" value="$${domain}">5) CONFIGURE VARS
Go to Services->Freeswitch->Vars.
Be sure to prepend "fs." or anything else you like to ddns name in external_rtp_* set values!
It's needed because pfsense locally will resolve you registered ddns to LAN IP address.Uncomment and/or set with this values:
<x-pre-process cmd="set" data="domain=dsl.homeip.net"><x-pre-process cmd="set" data="bind_server_ip=auto"><x-pre-process cmd="set" data="external_rtp_ip=host:fs.dsl.homeip.net"><x-pre-process cmd="set" data="external_sip_ip=host:fs.dsl.homeip.net">6) TLS ENCRYPTION
ONLY IF you want TLS/SSLv23 encryption also set in vars.xml:
<x-pre-process cmd="set" data="sip_tls_version=sslv23"><x-pre-process cmd="set" data="internal_ssl_enable=true">Then go to SSH console and input the commands (respond Y to questions and change to your ddns
name "dsl.homeip.net"):
cd /usr/local/freeswitch/bin/
./gentls_cert setup
./gentls_cert create -cn dsl.homeip.net -alt DNS:dsl.homeip.netYour master certificate is in /usr/local/freeswitch/conf/ssl/CA/ with name cafile.pem
Install in your SIP phones or if you use a Windows softphone, download it and rename to"cafile.crt". Double click to add it to certificate store, default options when asked.
I verified it works with Windows Vista and Eyebeam Softphone.
(If you use Eyebeam, it can't receive encrypted calls, under Security tab check only preference
for encryption calls)7) RESTART FS
Don't only issue a reloadxml, restart the FS serice.
Maybe something is missing (my setup is working and I'm not 100% sure that's all what you need from default config), let me know and I'll update the thread.
Cheers,
Mannix</x-pre-process></x-pre-process></x-pre-process></x-pre-process></x-pre-process></x-pre-process>