Obihai install trouble
-
Static IP is good all the time…
Static Port might make a bigger difference for you.
Just check for entries under "static port manual outbound NAT SIP" on google or this forum ;)
-
OK, I set up a static port for all packets from the Obihai (192.168.1.250). I also set up port forwarding and uPNP. Screenshots of port forwarding, outbound NAT, uPNP, and the firewall rules are attached, as well as the Obihai status screen.
I was wondering about a 1:1 NAT setup, but that seems really complicated, especially since my WAN address changes.
-
Also, I turned on syslog on the Obi, and get these:
8/28/13 10:09:14.000 PM OBI[-1]: BASE:resolving root.pnn.obihai.com (repeated multiple times)
8/28/13 10:09:14.000 PM OBI[-1]: DNS: All servers are not responding!I've tried multiple different DNS servers with no luck. Normally I use pfSense as the DNS for the network, but I've also tried Google's (8.8.8.8) and another couple that I know of.
-
I've even added the IP address of that server to the DNS forwarder on pfSense, and still no luck. I'm highly confused.
-
You keep talking about obhai static IP
I keep telling you to try to set up static port in manual outbound NAT.
Those two things are not same.
obhai doesn't need all this stuff you are doing at all.
It might need static port on 5060 on manual outbound NAT depending on how it connects.
-
I've set all the ports on 192.168.1.250 (the Obi202) to be static under manual outbound NAT - see the second screenshot I posted. It didn't make a difference.
-
What is your obihai connecting too? Google voice or some SIP server?
If its some SIP server, who's SIP server? I have an idea what may be causing this.
-
I have an idea as well. Since
If I plug it straight into the DSL modem, it works
the idea would be this all borkage is caused by the huge overengineering of the configuration. Once again, keep it simple! As in:
My obihai worked just fun with only the default allow rule on LAN +DHCP.
-
Yeah - I'm thinking NAT (as in NAT on the SIP server side) is creating a problem where the obihai is only working if it runs against the public IP without NAT. If not that, then maybe OP is double NATed and doesn't realize it. obihai + pfsense is usually stupid simple. No special care required.
I'm waiting to hear back who provides his SIP. I run a SIP server here, and that is the only reason I am using manual outbound plus static port. Obihai worked without that. Asterisks didn't.
-
I've tried to connect to Google Voice, but first I'm trying to get their echo test service to work with no success. It's trying to connect to root.pnn.obihai.com, which is their provisioning service.
I did try the Obihai with the defaults as well, with no success - that's why I started port forwarding, etc., which also hasn't worked.
From the syslogs from the Obihai, all it keeps doing is trying to resolve the DNS for root.pnn.obihai.com over and over. I've tried turning off DNS forwarding, as well as putting the IP address for root.pnn.obihai.com into the DNS forwarder static section. I've also tried using different DNS servers on the Obihai with no luck either. I've also tried an explicit firewall rule to allow (and log) DNS lookups, which shows requests to pfSense and then requests out to the network.
-
Well, if DNS resolution does not work, then any messing with NAT/port forwards and uPNP sounds rather premature, to put it mildly?!
-
Hmmmm…
From a console on one of your computers, try:
ping root.pnn.obihai.com
Then, from pfsense console do the same.
Please tell results.
-
dok: I didn't find out it was a DNS issue until after starting with port issues.
Ping from my computer:
PING root.pnn.obihai.com (54.241.160.4): 56 data bytes
64 bytes from 54.241.160.4: icmp_seq=0 ttl=55 time=100.852 ms
64 bytes from 54.241.160.4: icmp_seq=1 ttl=55 time=93.125 ms
64 bytes from 54.241.160.4: icmp_seq=2 ttl=55 time=101.612 ms
64 bytes from 54.241.160.4: icmp_seq=3 ttl=55 time=92.128 msPing from pfSense:
PING root.pnn.obihai.com (54.241.160.4): 56 data bytes
64 bytes from 54.241.160.4: icmp_seq=0 ttl=56 time=94.989 ms
64 bytes from 54.241.160.4: icmp_seq=1 ttl=56 time=92.355 ms
64 bytes from 54.241.160.4: icmp_seq=2 ttl=56 time=115.846 ms
64 bytes from 54.241.160.4: icmp_seq=3 ttl=56 time=90.387 ms -
OK - So, you fixed the DNS settings?
-
I haven't touched the DNS settings - this is my problem. Every computer on my network except the Obihai can see that host. I can't figure out what else to try to get DNS through to the Obi. I think tonight I'm going to try putting the Obihai by itself on the OPT interface and log everything that goes in and out to see if I can figure out what's going on. I'm confused as all get out at this point.
-
Are all the other computers automatically grabbing DNS via DHCP or is their DNS manually configured on each computer?
-
They all get it via DHCP. I've tried setting the Obihai to both DNS via DHCP (which gives out 192.168.1.254, the pfSense box) and setting it explicitly (8.8.8.8 and 8.8.4.4, Google's DNS servers).
-
Hmmmm. No clue. Good luck.
-
Is there a way to simulate the "DMZ" option of Linksys, etc. routers via pfSense? I tried sticking the Obihai on a second LAN interface so I can log the traffic better, but no help. I can see in the states table that there are requests going to and from:
udp 8.8.8.8:53 <- 192.168.2.250:36837 NO_TRAFFIC:SINGLE
udp 192.168.2.250:36837 -> 8.8.8.8:53 SINGLE:NO_TRAFFICand via syslog:
(from Obi202)
8/29/13 11:55:53.000 PM OBI[-1]: BASE:resolving root.pnn.obihai.com(from pfSense)
8/29/13 11:55:53.000 PM 192.168.2.250.36837 > 8.8.8.8.53[-1]: 11189+ A? root.pnn.obihai.com. (37)
8/29/13 11:55:55.000 PM 192.168.2.250.42176 > 192.168.2.254.53[-1]: 11189+ A? root.pnn.obihai.com. (37)Something seems like it's restricting the replies from the DNS servers from getting back to the Obihai, but I'll be darned if I can figure out what it is. I set up a firewall entry allowing any and all network traffic to the second interface I moved the Obi onto, with no change.
-
Are you double NATed?