2.0 with IP Phone
-
What I would recommend is to use "qualify=yes" for the trunk(s), that should keep the SIP registration active.
-
Try this:
http://doc.pfsense.org/index.php/Static_Port
-
He is already doing static port.
-
Hrmm…yeah, I guess I missed that in the original post. Well, that solved some VoIP issues for me, so I guess it's worth repeating even if it doesn't work in this specific case.
-
Does your Voip provider handle the audio of your calls or do they hand off that task?
Who is your provider… (Ill go back and re-read in case I missed...)
If your provider hands off the calls then the audio RTP streams will be coming from somewhere else and will be seen by the firewall as an unsolicited attempt to connect.
-
Not necessarily - the moment the IP phone sends any outbound RTP, this should establish a state table entry. Also, he was complaining about receiving calls, which is a SIP issue, not RTP.
-
My "will be seen" should read "could be seen" regarding the firewall… But I see your point...
Just throwing an idea out there. Initially got me on a PBX I tried to run internally...
But after re-reading... I had to turn the keep alive on with the ata's at the office behind the 1.2.3 install I have there to allow my Freeswitch install I have here to reach it after the states wanted to expire.
My providers send some form of keep alive from their servers to my home ata's that I can not duplicate on Freeswitch here. However it shouldn't matter what side it comes from.
You should not need port forwarding on the ata/ip phone side to make this work.
-
Try to configure your phone to re-register every 60 seconds. That will fix it. Sometimes it's a "re-register" field, sometimes it's called "Register expiry" or something like that.
As long as it re-registers faster than the firewall forgets your state, you'll be be ok. 60 seconds seems to do the trick on pfSense vanilla.
-
Well I got the problem sorted out for the most part, but now I have a new problem. The tftp-proxy is missing on 2.0 BETA1. I'm going back through the snapshots to see when it went missing, but I haven't found it yet. Does anyone have a copy of "/usr/local/sbin/tftp-proxy" that I can use? I'm getting
inetd[30822]: cannot execute /usr/local/sbin/tftp-proxy: No such file or directory
It's in the System Log whenever I try to push tftp traffic, so it appears that it's configured properly, just not there lol
-
Oh, and I'm also trying to get it to use tftp over an ipsec vpn. It doesn't seem to want to route the tftp traffic. I've confirmed that tftp is working on the remote network.
-
I got tftp to work over the ipsec, I had to disable the tftp proxy. well I couldn't disable it actually, i just switched it to OPT1 to it wouldn't interfere with LAN traffic.
so that's two things broken, missing tftp-proxy and the gui on the advanced page is broken. it doesn't highlight the enabled interfaces so it always looks completely disabled.
-
I fixed the select issue, there's a ticket open on the missing binary. You don't want or need the TFTP proxy in most routing scenarios including IPsec, only with NAT is that needed generally.
-
nice, yea I'm aware it isn't needed for ipsec. but i want to say that it being on and set to LAN made tftp not work over my ipsec tunnel so it must be doing something there. or maybe i'm just misunderstanding how to configure it. for an ip phone on LAN to work with a tftp server on the internet/WAN (bad practice i know), does the proxy have to be set to LAN or WAN?
-
Proxy is set on the interface(s) where TFTP traffic is initiated.
-
jeez you guys work late lol
thanks!
-
confirmed tftp-proxy is all working correctly on Fri Apr 30 22:00:04 EDT 2010 build
thanks alot!
