RTP packets being dropped in one direction. (Not traversing the IPSEC tunnel)



  • Hi everyone!

    I have two 1.2.3 pfSense boxes with an IPSEC tunnel between them.
    The current firewall rules allow for all packets types/ports between both subnets.

    Device on the remote side is an aastra 6757i, local side is a standalone Asterisk box.

    SIP traffic traverses just fine in both directions.
    RTP traffic from local to remote works no problem.
    RTP traffic from remote to local gets dropped.

    Packet capture on the LAN interface of the remote side shows the RTP traffic being sent to the local side.
    Packet capture on the VOIP interface (optional interface that the asterisk box is on) on the local side shows none of the RTP packets.

    End result is one way audio (the remote side hearing the local but the local not hearing the remote).

    Any ideas?


  • Rebel Alliance Developer Netgate

    If you connect with ssh, you can do a tcpdump on enc0, which is the IPsec interface, so you can see what traffic is or isn't hitting the tunnel.

    Last time I saw something like this, the SIP/RTP traffic had a via header of the pbx side's public IP so it came out the tunnel on one side and tried to go out WAN on the return trip because that's what the SIP headers told it to do… :-)

    If you take the packet capture on the phone side as it leaves LAN, load it up in wireshark, and inspect the SIP headers you may find something similar.



  • Sorry to reply to this so late, but jimp is correct. If this is an Asterisk box, you have to set
    localnet = 192.168.0.0/255.255.255.0

    in sip.conf

    (Substitute the subnet above for your own local subnet)

    hope that helps



  • via is correctly set in the packets.
    localnet was already set in the FreePBX interface….

    =o\

    The packets are literally dissapearing into the ether...



  • @jimp:

    If you connect with ssh, you can do a tcpdump on enc0, which is the IPsec interface, so you can see what traffic is or isn't hitting the tunnel.

    tcpdump on enc0 is not showing the rtp packets at all on either side (capturing on the incoming/outgoing interface does show them as well as the ones that make it from local->remote)

    No clue why it is not capturing the rtp packets that I know are getting through. (SIP packets are being captured fine).

    Am just doing a tcpdump -ienc0 -wtcpdump.cap
    ….. =o\


Locked