Pfsense and Asterisk….one-way audio problem with SIP



  • I have a setup with an Asterisk server in the DMZ. This Asterisk server  connects to 3 SIP voip providers…Sipgate, Gossiptel and Broadvoice.
    Unfortunately I have a one way audio problem with inbound calls....ie I can't hear the external caller speak, but he can hear me speak.

    I have put the usual port forwarding rules in place.....port 5060 udp and ports 10000-20000 udp. The configs for the providers seem to register correctly. I have watched the calls setting up on the asterisk console, and I have watched the network traffic on the firewall using tcpdump and its seems to be passing the audio to the correct port number.

    Has anyone else come across this and what is the workaround?
    I have played around with every conceivable config in sip.conf in asterisk

    Is this a symptom of Pfsense(and monowall) being a symmetric nat firewall?  Is siproxd a solution?

    Thanks,
    Brian



  • @bmacauley:

    Is this a symptom of Pfsense(and monowall) being a symmetric nat firewall?  Is siproxd a solution?

    Could be.  Did you try the static port option in advanced outbound nat?  Also, you could try a 1:1 NAT.



  • 1:1 NAT is not available to me as an option.

    Is the static port an option in v1 beta 1?

    How would this correct the problem?

    Thanks,
    Brian



  • Nope, you need to run the newer version located at http://www.pfsense.com/~sullrich/BETA2-BUGVALIDATION5/



  • How would I use the static port fuctionality for a large range of ports..,ie 10000-20000 for SIP RTP ?

    Maybe siproxd is a better option…is the package working in pre-BETA2?

    Thanks,
    Brian



  • What version of Asterisk are you running?

    I read that version 1.2.2 have a bug (I think similar to yours) and is resolved by version 1.2.3



  • Yep…I read that yesterday.
    I'm running Asterisk 1.2.1.

    Unfortunately, I've been unable to clearly understand what the bug is, or what its symptoms are.

    Can you give me some insight?

    My usage scenario is as follows...

    I'm using 3 SIP providers...Broadvoice, SIPgate and Gossiptel. Each of these providers register correctly. A call can be made inbound via the PSTN number issued by the provider, but I can't hear the inbound caller speaking. This shows up on voicemail as well...Asterisk hangs up immediately as it cannot hear any audio. The inbound caller can hear me speaking.

    My thoughts are that this is the classic 'one-way audio over SIP' problem, which can be found on certain firewall types/configurations ie symmetric firewalls. The static port feature may be the way around this. This article on pf configuration for voip suggests that static ports may be the correct method of configuring the firewall for SIP devices....
    http://www.bastard.net/~kos/pf-voip.html

    Thanks,
    Brian



  • The bug is unrelated and affects Asterisk 1.2.2 only

    http://bugs.digium.com/view.php?id=6349

    Thanks,
    Brian



  • Brian,

    I had the same issues with my SPA-3000, siproxd solves the problem but you have to declare it as an outbound proxy in you configuration. The problem I had some time ago was with the fact that I couldn't declare an outboud proxy (gateway functions of the SPA-3000 don't allow you to do so) and this was solved by the static port option. I don't know Asterisk at all, but the mechanisms should be about the same…

    BTW, the siproxd package works well, the only thing that is not OK is that you have to manually adjust the outgoing interface in the config file if you are on DSL.



  • Great info, thanks!!

    That confirms my thoughts. There are 2 solutions to the SIP 'one-way audio' problem…

    (1)  Use static port(s) on the firewall ...available in versions higher than v1.0 beta1

    (2)  Use Siproxd as an outbound proxy

    My next questions are...

    How do you configure static port ranges, as opposed to singular ports? ie 10000-20000 which is the standard RTP range in Asterisk

    How did you install and configure Siproxd on PFsense? In the current version(v1.0 beta 1) of Pfsense the package install system isn't working for Siproxd. Does Siproxd install correctly on v1.0 beta2 or did you manaually install it?

    Thanks,
    Brian



  • Brian,

    I opened the port range in 'Rules'. My SPA-3000 uses 16384-16482 as RTP range and this is what I configured in siproxd.

    Unfortunately, I have no idea how installation of siproxd goes in the current version. As of now, I  am using 1.0-PREBETA2-BUG-VALIDATION-EDITION2, but my siproxd is installed from 0.7x. If the siproxd install is broken in the current version, I guess you could always install an earlier version an put a PREBETA2 on top of it. My siproxd never ceased to function throughout the numerous upgrades. Someone else in the forum might have a better advice…



  • Package install should work again with the latest snapshot: http://pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-1-29-06/
    Give it a try.



  • Thanks for that….I'll give it a go

    Brian



  • Not so much a solution as opposed to a question. I am running Asterisk as well, soon to be 1.2.2. I persuaded my provider to switch to pfsense, strictly to make use of siproxd (actually, he allowed me to install because I thought it was good for the client… Of course, my agenda was to get my sip working properly!  ;)).

    I have several providers, that are SIP based, although I do shoot for IAX2 only. The question is, how do I get asterisk and siproxd to play together? Any pointers would be greatly appreciated!

    K.



  • Did you already try to get it working following the siproxd docs http://siproxd.sourceforge.net/index.php?op=odoc ? Chapter 6.5 seems to be what you are looking for. If you get it working we would be happy to get some documentation on the process at http://doc.pfsense.org/index.php/Chapter_8:_Packages  ;D



  • I'm currently testing with…
    http://pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-1-29-06/

    The first step of the process is to install the Pfsense siproxd packageand this seems to install correctly in the above version.

    I'll let you know how I get on with siproxd and Asterisk as I progress

    Thanks,
    Brian



  • I've been continuing to test this Pfsense build with siproxd and asterisk.

    My finding are as follows…

    (1) Siproxd

    I've made several observations while trying to set up siproxd
    (a)  When configuring the interfaces for siproxd using the configuration option, the display does not seem to hold my choices. On further investigation(downloaded the XML config) my settings do seem to be recorded, although there are multiple repeats due to my attempts to make the settings display

    (b) I'm not really sure how to set up firewall rules on Pfsense to redirect any traffic on port 5060 within the DMZ to siproxd.

    The siproxd guide details an example for linux iptables...
    http://siproxd.sourceforge.net/index.php?op=odoc
    What is the equivalent for pf and pfsense?

    To summarize....no success with siproxd as yet

    (2) Static ports

    As an alternative to siproxd, I thought I'd try the new static ports option .

    This fixes the 'one-way audio' problem on SIP. I now have audio both in and out using a SIP voip provider.
    I've tested this with Broadvoice, Sipgate and Gossiptel.

    My config in the advanced outbound NAT screen was as follows…

    Iface    Src                  Src prt  Dest  Dest Prt  NAT Add  NAT Prt  Stat Port  Desc

    WAN    192.168.10.0/24    *        *          *                  *                  *                YES            DMZ->WAN

    Can anyone help with the firewall rules for Siproxd?

    Thanks,
    Brian



  • I did not get things working with siproxd and asterisk. Maybe I am feeling slow to day, but I am not getting it. Where should my asterisk box be pointing. I have a connection with iconnecthere and sipphone, and fortunately these are my only 2 SIP based providers. So what I need to do to the asterisk side so I can route my SIP accounts through siproxd on the pfsense box?

    K


Locked