PfSense (Cerberus) & VoIP - borked? [Solved]



  • Hi all, not really sure which forum to put this in, please move it if needed.

    I have two self-built pfsense Cerberus boxes (2.1.5) connected by openvpn. I have an asterisk server at the remote end. This connection seems to be fine.

    Cerberus is the combination of pf, pfblocker and snort. I am aware that snort can be a royal pain in the a*se. I am by no means an expert at this - which probably doesn't help - but have been muddling through with a copy of the 1.2x book and many, many hours on this forum. Both boxes are virtualised with the virtIO addons.

    I finally got everything set up and working properly last night. Unfortunately, this morning my VoIP trunks aren't registering again. Last night, after combing the logs and alerts tab, it turned out to be the snort rule SIP_EVENT_MAX_DIALOGS_IN_A_SESSION causing the problem, which I disabled. This seemed to be the last point, but this time it must be something else, as the alerts tab shows nothing. I daresay it may not be snort at all - but don't quote me.

    I've looked through snort logs, can't find anything. Looked through the firewall logs, same story. Have disabled squid (by binding it to the loopback interface), squidguard, pfblocker and snort itself. Still no joy. Consider them re-enabled.

    I've hit a bit of a wall (forgive the pun). I can't seem to find any record of the packets hitting anything in the logs, let alone being blocked by any of the services. That's in either firewall (although the gateway is set to the remote one, so the local one I check just to be sure)

    I've had a few late nights with this build (as you do), probably too many to think straight on this one. Can anyone help point me in the right direction? Pinging the IPs that the server is trying to connect to works fine, so I know there isn't a problem with connectivity, I would think that it must be something to do with the ports?

    TIA,
    edooze.



  • It appears to have been another bug with the system. I've reinstalled most of the system, and everything has come back online. Weird.


Log in to reply