How to configure Freeswitch with Dynamic IP WAN



  • Hi all,
    I want to share my configuration of Freeswitch with Dynamic IP WAN.
    I obviously have to thank Mcrane not only for his great job porting FS to pfSense but also for
    the huge amount of time spent with me, my configuration and my poor knowdlege about FS (that
    caused a lot of headhaches to him).

    When you have a DHCP or PPPOE connection the annoying issue is your are left without PBX when the
    internet connection is down. It happens very often to me, I'm in countryside and the quality of
    DSL is terrible. I have PPPoA half-bridge so when the connection goes down my WAN IP di 0.0.0.0.

    With this setup you will always be able to use internal extensions, I also have a Sipura-3102
    with PSTN configured as gateway so I can always call outside also when WAN is down.

    You'll be able to register local extensions to lan profile and external extensions to internal
    profiles and they can call each others.

    Optionally you can also enable SSLv23 for encrypted calls (but I'm not sure this way only SIP
    messaging or voice data too is encrypted).

    1) CONFIGURE DYNAMIC DNS

    Register to a dynamic dns and get an hostname, I'll use a dummy "dsl.homeip.net" for this guide.
    I'm using DynDns, if you choose another provider be sure it supports "Wildcards".
    Configure the ddns name in Services->Dynamic DNS and be sure to enable "Wildcards".

    2) CONFIGURE DNS FORWARDER

    I will use as example for this guide the pfSense LAN IP 192.168.0.1.
    Check "Enable DNS forwarder".
    Your phones must use ONLY your pfSense LAN IP address as DNS server, check it!
    Below "You may enter records that override the results from the forwarders below." add an
    hostname this way, BE SURE to replace with your correct ddns and LAN IP:

    Host:  dsl

    Domain: homeip.net

    IP Address: 192.168.0.1

    Save configuration and check with your PC (with pfSense configured as primary DNS), ping to
    dsl.homeip.net must resolve to LAN IP, ping to fs.dsl.homeip.net must resolve to your WAN IP.

    3) CONFIGURE INTERNAL PROFILE

    Extensions from outside that register to WAN IP must use TCP protocol.
    Always use your ddns, "dsl.homeip.net", for registration domain/SIP host.

    Go to Services->Freeswitch->Profiles and click edit for internal.xml.

    Uncomment and/or set with this values:

    <param name="manage-presence" value="passive">
        <param name="dbname" value="share_presence">
        <param name="presence-hosts" value="$${domain}">
        <param name="bind-params" value="transport=tcp">
        <param name="rtp-ip" value="$${local_ip_v4}">
        <param name="sip-ip" value="$${local_ip_v4}">
        <param name="ext-rtp-ip" value="auto">
        <param name="ext-sip-ip" value="auto">
        <param name="force-register-domain" value="$${domain}">

    4) CONFIGURE LAN PROFILE

    Extensions from inside that register to LAN IP must use UDP protocol.
    Always use your ddns, "dsl.homeip.net", for registration domain/SIP host.

    Go to Services->Freeswitch->Profiles and click edit for lan.xml.

    Be sure to change 192.168.0.1 with you LAN IP!

    Uncomment and/or set with this values:

    <param name="manage-presence" value="true">
        <param name="dbname" value="share_presence">
        <param name="presence-hosts" value="$${domain}">
        <param name="bind-params" value="transport=udp">
        <param name="rtp-ip" value="192.168.0.1">
        <param name="sip-ip" value="192.168.0.1">
        <param name="ext-rtp-ip" value="192.168.0.1">
        <param name="ext-sip-ip" value="192.168.0.1">
        <param name="force-register-domain" value="$${domain}">

    5) CONFIGURE VARS

    Go to Services->Freeswitch->Vars.

    Be sure to prepend "fs." or anything else you like to ddns name in external_rtp_* set values!
    It's needed because pfsense locally will resolve you registered ddns to LAN IP address.

    Uncomment and/or set with this values:

    <x-pre-process cmd="set" data="domain=dsl.homeip.net"><x-pre-process cmd="set" data="bind_server_ip=auto"><x-pre-process cmd="set" data="external_rtp_ip=host:fs.dsl.homeip.net"><x-pre-process cmd="set" data="external_sip_ip=host:fs.dsl.homeip.net">6) TLS ENCRYPTION

    ONLY IF you want TLS/SSLv23 encryption also set in vars.xml:

    <x-pre-process cmd="set" data="sip_tls_version=sslv23"><x-pre-process cmd="set" data="internal_ssl_enable=true">Then go to SSH console and input the commands (respond Y to questions and change to your ddns

    name "dsl.homeip.net"):

    cd /usr/local/freeswitch/bin/
    ./gentls_cert setup
    ./gentls_cert create -cn dsl.homeip.net -alt DNS:dsl.homeip.net

    Your master certificate is in /usr/local/freeswitch/conf/ssl/CA/ with name cafile.pem
    Install in your SIP phones or if you use a Windows softphone, download it and rename to

    "cafile.crt". Double click to add it to certificate store, default options when asked.
    I verified it works with Windows Vista and Eyebeam Softphone.
    (If you use Eyebeam, it can't receive encrypted calls, under Security tab check only preference
    for encryption calls)

    7) RESTART FS

    Don't only issue a reloadxml, restart the FS serice.

    Maybe something is missing (my setup is working and I'm not 100% sure that's all what you need from default config), let me know and I'll update the thread.

    Cheers,
    Mannix</x-pre-process></x-pre-process></x-pre-process></x-pre-process></x-pre-process></x-pre-process>


Log in to reply