Phone calls gets disconnected
-
Hi,
I need help troubleshooting an irritating issue I have that is probably caused by my pfsense firewall. I have a phone subscription that runs over the internet connection. When I connect the SIP-box directly to my internet connection it works fine but when connected behind my firewall the calls get disconnected after a while (maybe 10-15 min). I have opened the ports that the operator have asked me to do. CPU and memory is not even near to be fully used, don't think I ever seen it over 10%. The ruleset is quite non restrictive, pfblocker is installed but not enabled, snort is not installed.
I have of course asked the operator for advice but they went the easy way by asking me to connect the box directly to the internet ;-)
Phone operator: http://bahnhof.se/priv/kundservice/support/telefoni
What do you say? Any suggestions on where to start troubleshooting?
cheers
Diagnostics: pfInfo
Status: Enabled for 5 days 11:04:10 Debug: Urgent Hostid: 0x70f86896 Checksum: 0xb3b688537bc67e53c5ffec1669f64799 Interface Stats for em1 IPv4 IPv6 Bytes In 571777407 0 Bytes Out 11860744375 0 Packets In Passed 5537606 0 Blocked 12522 0 Packets Out Passed 8922983 0 Blocked 825 0 State Table Total Rate current entries 31 searches 30825750 65.3/s inserts 330721 0.7/s removals 330690 0.7/s Source Tracking Table current entries 0 searches 0 0.0/s inserts 0 0.0/s removals 0 0.0/s Counters match 492863 1.0/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 134 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 45 0.0/s state-mismatch 347 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s divert 0 0.0/s Limit Counters max states per rule 0 0.0/s max-src-states 0 0.0/s max-src-nodes 0 0.0/s max-src-conn 0 0.0/s max-src-conn-rate 0 0.0/s overload table insertion 0 0.0/s overload flush states 0 0.0/s states hard limit 197000 src-nodes hard limit 197000 frags hard limit 5000 tables hard limit 1000 table-entries hard limit 700000 tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 118200 states adaptive.end 236400 states src.track 0s all Cleared: Fri Feb 8 09:19:35 2013 References: [ States: 31 Rules: 1 ] In4/Pass: [ Packets: 0 Bytes: 0 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 0 Bytes: 0 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] carp Cleared: Fri Feb 8 09:19:35 2013 References: [ States: 0 Rules: 1 ] In4/Pass: [ Packets: 0 Bytes: 0 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 0 Bytes: 0 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] em0 Cleared: Sat Feb 2 22:16:32 2013 References: [ States: 0 Rules: 40 ] In4/Pass: [ Packets: 9420729 Bytes: 11892538370 ] In4/Block: [ Packets: 195678 Bytes: 9480486 ] Out4/Pass: [ Packets: 6202691 Bytes: 589889753 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] em1 Cleared: Sat Feb 2 22:16:33 2013 References: [ States: 0 Rules: 10 ] In4/Pass: [ Packets: 5537606 Bytes: 566215280 ] In4/Block: [ Packets: 12522 Bytes: 5562127 ] Out4/Pass: [ Packets: 8922983 Bytes: 11860694532 ] Out4/Block: [ Packets: 825 Bytes: 49843 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] em1_vlan300 Cleared: Sat Feb 2 22:15:14 2013 References: [ States: 0 Rules: 11 ] In4/Pass: [ Packets: 0 Bytes: 0 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 0 Bytes: 0 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] enc Cleared: Fri Feb 8 09:19:35 2013 References: [ States: 0 Rules: 1 ] In4/Pass: [ Packets: 0 Bytes: 0 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 0 Bytes: 0 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] enc0 Cleared: Sat Feb 2 22:16:33 2013 References: [ States: 0 Rules: 3 ] In4/Pass: [ Packets: 749 Bytes: 154587 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 1207 Bytes: 915199 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] lo Cleared: Fri Feb 8 09:19:35 2013 References: [ States: 0 Rules: 1 ] In4/Pass: [ Packets: 0 Bytes: 0 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 0 Bytes: 0 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] lo0 Cleared: Fri Feb 8 09:19:35 2013 References: [ States: 0 Rules: 3 ] In4/Pass: [ Packets: 91785 Bytes: 6706388 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 91966 Bytes: 6719083 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] pflog Cleared: Fri Feb 8 09:19:35 2013 References: [ States: 0 Rules: 1 ] In4/Pass: [ Packets: 0 Bytes: 0 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 0 Bytes: 0 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] pflog0 Cleared: Fri Feb 8 09:19:35 2013 References: [ States: 0 Rules: 1 ] In4/Pass: [ Packets: 0 Bytes: 0 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 0 Bytes: 0 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] pfsync Cleared: Fri Feb 8 09:19:35 2013 References: [ States: 0 Rules: 1 ] In4/Pass: [ Packets: 0 Bytes: 0 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 0 Bytes: 0 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] pfsync0 (skip) Cleared: Fri Feb 8 09:19:35 2013 References: [ States: 0 Rules: 1 ] In4/Pass: [ Packets: 0 Bytes: 0 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 0 Bytes: 0 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] ppp0 Cleared: Sat Feb 2 22:16:16 2013 References: [ States: 0 Rules: 19 ] In4/Pass: [ Packets: 155969 Bytes: 10073324 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 156520 Bytes: 10016915 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 5 Bytes: 368 ] vlan Cleared: Sat Feb 2 22:15:14 2013 References: [ States: 0 Rules: 1 ] In4/Pass: [ Packets: 0 Bytes: 0 ] In4/Block: [ Packets: 0 Bytes: 0 ] Out4/Pass: [ Packets: 0 Bytes: 0 ] Out4/Block: [ Packets: 0 Bytes: 0 ] In6/Pass: [ Packets: 0 Bytes: 0 ] In6/Block: [ Packets: 0 Bytes: 0 ] Out6/Pass: [ Packets: 0 Bytes: 0 ] Out6/Block: [ Packets: 0 Bytes: 0 ] -
Try changing the firewall optimisation settings from "Normal" to "Conservative" in
System: Advanced: Firewall/NAT: Firewall OptimizationThis will change the UDP timeout period. See: http://doc.pfsense.org/index.php/VoIP_Configuration
Steve
-
Try changing the firewall optimisation settings from "Normal" to "Conservative" in
System: Advanced: Firewall/NAT: Firewall OptimizationThis will change the UDP timeout period. See: http://doc.pfsense.org/index.php/VoIP_Configuration
Steve
Thanks for the link! I'll give it a try!
-
I changed the firewall optimisation setting to Conservative and it did change things. Before it just turned silent after a while, now instead I get a busytone after a while. So not perfect yet… :-\
What do you think about disabling source port rewriting? I only have one IP phone behind my public IP. What about tip no 4 in the article, disable scrubbing, what does that mean? Anything that could help me?
-
the calls get disconnected after a while (maybe 10-15 min).
Ask your phone operator for a reason.
Get the SIP packet trace on pfsence box and try find the reason there. -
What do you think about disabling source port rewriting? I only have one IP phone behind my public IP.
I did this to "fix" a lot of other services I have running behind pfSense.
http://doc.pfsense.org/index.php/Static_Port
I don't think SIP phones randomize or port hop, so it might not make a difference if you're already capable of getting a dialtone and making calls. However, turn it off and see if it works.
