Aptela hosted voip



  • Hello,

    I have a pfsense (1.2.3 stable) box with a /28 assigned on a dsl line. I have several 1:1 nat's setup with firewall rules for various items.

    Noticed today that our voip phones dont work (sorta). Ive checked through the forums and docs tried several things with siproxd enabling static ports on outbound, setting firewall mode to conservative and haven't had much luck phones will sync up, then about an hour or so later drop. Some say they are synced, by calls cannot be made.

    Aptella recommends this http://www.aptela.com/kb4/idx.php/27/142/Firewalls–Routers/article/What-network-ports-and-addresses-are-used-by-the-Aptela-network.html

    i created a couple WAN rules from their ip ranges and port ranges, with no avail. I noticed on one form post that someone said that changes didn't work until a re-boot. I will try that tomorrow.

    anyone use aptela or similar hosted voip?

    what settings did you use?

    Thanks

    Jason



  • Are you running Snort on the pfSense box?  If you are and you have whitelisted Aptela in CIDR notation that is probably the reason.



  • i am not running snort



  • here is a quick post of my states
    PFsense box = 192.168.11.1
    my phone = 192.168.11.224
    69.25.47.134 = aptella ip (they have a /24 so this ip varries)

    udp  127.0.0.1:5060 <- 69.25.47.134:5060 <- 192.168.11.224:5070  NO_TRAFFIC:SINGLE 
    udp 192.168.11.1:5060 -> 192.168.11.224:5070 MULTIPLE:MULTIPLE

    I have enabled static ports, installed sipproxd and set the firewall mode to conservative.

    after looking over the sipproxd config (see below) the sip ports that aptella uses are from 5060 - 5080 in my case, is there a way to setup sipproxd to handle a range, or should i even be using sipproxd?

    releviant config info:
    <optimization>conservative</optimization>

    advancedoutbound>
    <rule><source>
    <network>192.168.11.0/24</network>

    <sourceport><descr>Auto created rule for LAN</descr>
    <target><interface>wan</interface>
    <staticnatport><destination><any></any></destination>
    <natport></natport></staticnatport></target></sourceport></rule>
    <enable><siproxdsettings><config><if_inbound>lan</if_inbound>
    <if_outbound>wan</if_outbound>
    <port>5060</port>
    <rtpenable>1</rtpenable>
    <rtplower>10000</rtplower>
    <rtpupper>10899</rtpupper>
    <rtptimeout><defaulttimeout><authentication><outboundproxyhost><outboundproxyport><expeditedforwarding>on</expeditedforwarding></outboundproxyport></outboundproxyhost></authentication></defaulttimeout></rtptimeout></config></siproxdsettings></enable>


Locked