Siproxd, setup and configuration for voip… works great!!!



  • Awesome! Thanks :)

    But when i call soho router restarted..weird router…



  • siproxyd works great, but does someone know how to get it's packets through the Traffic Shaper? Or should I patiently wait for pfsense 2.0 :)



  • You could try disabling the RTP proxy - dunno how much you like that idea (or whether it will work for you.)  I ended up uninstalling siproxd for that (and other reasons), since I have only one client behind the pfsense - my asterisk server, so siproxd is not really needed.



  • To the original poster.  Thank you.  :)



  • siproxyd works great, but does someone know how to get it's packets through the Traffic Shaper? Or should I patiently wait for pfsense 2.0

    I would also like to know if anyone knows the answer to this question.  I have all my phones registered, but if someone is using too much bandwidth call quality goes down significantly.



  • I recently added siproxd to a site that WAS working before adding it… I added it because of a single phone which is not "nat friendly" - special purpose phone (boardroom) - at any rate, on adding siproxd, I could get the Linksys phones to work (SPA942, SPA962) however the latest phone Cisco/Linksys SPA525G with 7.2.5 firmware SEEMS to work however the ringer doesn't ring and if you answer there is no audio (indicating lack of RTP stream).

    I couldn't see a way around the problem, so I hacked the package to change the firewall rule so that only phones in a given "Alias" are added to the proxy. I'd like to share that change, but I found one thing a little frustrating - unless I create a dummy rule in the firewall, the Alias does not seem to be parsed into a table (which causes my change to fail).

    I also noticed siproxd seems to be behind - and yet the packages list does NOT indicate it is lacking a maintainer...

    Basically I've solved my own issue, but think it would benefit others...

    Thoughts? Thanks all!



  • bb-mitch,

    I have two SPA962 that are configured identically.  I recently moved from a Cisco 5505 firewall to pfsense.

    With siproxd setup I have one phone working but the other refuses to.

    Just wondering if you ran into this problem with your Linksys phones.

    thanks,

    @bb-mitch:

    I recently added siproxd to a site that WAS working before adding it… I added it because of a single phone which is not "nat friendly" - special purpose phone (boardroom) - at any rate, on adding siproxd, I could get the Linksys phones to work (SPA942, SPA962) however the latest phone Cisco/Linksys SPA525G with 7.2.5 firmware SEEMS to work however the ringer doesn't ring and if you answer there is no audio (indicating lack of RTP stream).

    I couldn't see a way around the problem, so I hacked the package to change the firewall rule so that only phones in a given "Alias" are added to the proxy. I'd like to share that change, but I found one thing a little frustrating - unless I create a dummy rule in the firewall, the Alias does not seem to be parsed into a table (which causes my change to fail).

    I also noticed siproxd seems to be behind - and yet the packages list does NOT indicate it is lacking a maintainer...

    Basically I've solved my own issue, but think it would benefit others...

    Thoughts? Thanks all!



  • depending on what you are connecting to you could try turning off the nat options on the server and the phones and possibly the qualify options on teh asterisk server - one of my associates says he had to do that to support some newer cisco phones 79xx something I think?



  • Well, this is interesting.  Both phones were at firmware level 5.2.  I upgraded both to 6.1.5 (latest) and now everything works !

    @bb-mitch:

    depending on what you are connecting to you could try turning off the nat options on the server and the phones and possibly the qualify options on teh asterisk server - one of my associates says he had to do that to support some newer cisco phones 79xx something I think?



  • ALWAYS try the various firmwares ;-)
    They normally fix one thing and break something subtle, but 6.1.5(a) included a lot of fixes.
    cheers.



  • I spoke too soon.  One of them works but the other still does not.  This view of states seems to indicate why but I'm not sure what will fix this.  The .47 phone works but .49 does not.



  • Doesn't look like you have flushed states to me.



  • Yes, correct.  After flushing states, the "bad" phone is the only one that rings now and there is no audio.

    There is another piece missing here.



  • If you removed siproxd / disabled it, and the phone that wasn't working now rings, that means the SIP is working with NAT off.
    siproxd also has the ability to proxy the RTP - this has to be enabled too if you need rtp. There needs to be some documentation for this package I think. I believe I understand a bunch of it - and don't mind contributing, but who is the package maintainer?
    There are options / fields in the package gui that do not seem to be implemented or that I don't understand?

    SIP does things like connects the phone, and handles signalling (on hook, off hook, ring, call waiting, etc.).
    RTP carries the audio or video streams AFTER SIP is used to set them up / define them.

    If a phone rings without siproxd but doesn't carry audio I would think you have a mismatch in your settigns somewhere. But if you don't control the server you should be seeking some help with the people that do - they can probably tell you exactly what you should set to work with their server.

    m/



  • What version of pfsense are you using?



  • Well, I turned on siproxyd and it all works now.

    BTW, this is 1.2.3.



  • It would be really nice for semi-graceful failover if the pfSense GUI would allow siproxd to specify virtual ips in addition for the incoming and outgoing interfaces as well as offering the native interface addresses.



  • Hi Guys,

    I am using multiple Asterisk servers to connect to multiple providers on the internet. I also have enpoints from outside connecting to these Asterisk servers.

    Endpoints connecting from outside to one of the Asterisk servers I have work just find as I have NAT forward port 5060 and RTP ports to one Asterisk server.

    However, only one of my Asterisk servers can connect to the provider outside. If I try to connect more than one then the others stop working.

    Should Siproxd be the answer for both inbound and outbound SIP?

    Here is a diagram of what I have:

    -Asterisk A -Asterisk B -Asterisk C -Asterisk D–>pfsense1.2.3INTERNET<--Provider(s) AND <--Endpoints

    Thanks



  • I am having a similiar issue. We are Running ver 1.2.3. with 3 Fonality hosted phones, and a full T1. We are also running ntop, siproxd, and a few other packages. The issue is with call quality even at low bandwidth utlilization by other network devices.  We are using RTP 10000-20000 ports with firewall rule to allow traffic from IP address.(Fonality)  Fonality gave us a host range and we are still trying to figure out how to get a DNS name from them since we cant enter a range on PFsesne? Any ideas?

    We are getting the calls cut off for a few seconds every minute or two and not dropped.  We are loosing about 2-3 seconds of call quality ever 60-80 seconds.  Have ran traffic shapper till I am blue in the face and not sure what else to do!!  Any ideas.  See errors below from system log.

    Jan 24 16:58:37 siproxd[49015]: siproxd.c:287 INFO:siproxd-0.7.0-4577 i386-unknown-freebsd7.0 started
    Jan 24 16:58:37 siproxd[49015]: sock.c:65 INFO:bound to port 5060
    Jan 24 16:58:37 siproxd[49015]: siproxd.c:241 INFO:daemonized, pid=49015
    Jan 24 16:58:37 siproxd[49013]: siproxd.c:193 INFO:siproxd-0.7.0-4577 i386-unknown-freebsd7.0 starting up
    Jan 24 16:58:37 siproxd[49013]: readconf.c:309 ERROR:unknown keyword in config file, line:"load_plugin=plugin_logcall.la"
    Jan 24 16:58:37 siproxd[49013]: readconf.c:309 ERROR:unknown keyword in config file, line:"plugindir=/usr/local/lib/siproxd/"
    Jan 24 16:51:27 siproxd[20210]: dejitter.c:404 WARNING:stopping opposite stream
    Jan 24 16:51:27 siproxd[20210]: dejitter.c:397 ERROR:sendto() [74.115.98.40:13714 size=32] delayed call failed: Bad file descriptor
    Jan 24 16:32:41 check_reload_status: reloading filter

    also set my service curve to: 512=m1  5000=d  300=m2 for VOIP up and down.  Have made priority of 7 in parent q?  We have tried also just 300=m2 and no real difference for the voip ques.. I am beginning to think the issue is bc of my t1 but all seems ok there!

    Thanks for help and insight.  I am willing to look at any and all ways to fix.



  • @torontob:

    Hi Guys,

    I am using multiple Asterisk servers to connect to multiple providers on the internet. I also have enpoints from outside connecting to these Asterisk servers.

    Endpoints connecting from outside to one of the Asterisk servers I have work just find as I have NAT forward port 5060 and RTP ports to one Asterisk server.

    As you have pointed out, you are using the firewall and NAT. The problem with NAT is that an inbound port can be assigned to an internal address, but not multiple addresses. There are a couple of ways you can work around this issue with multiple Asterisk systems. One, you could assign each box to listen to a specific port such as one being on 5060, another on 5068, and another on 5046. Notice the span between port numbers? That is because in some cases sequential ports are used by one machine and you don't want them overlapping one another.

    Another solution and generally the best solution is to put a pfSense firewall in bridged mode in front of your Asterisk servers and then all ports and functions can remain the same on all boxes. I prefer running the firewall in bridged mode as it gives me the most flexibility and standard network device installations. You will no longer have complications with ports and your rules can be very well defined for access.

    For Asterisk VOIP systems it is extremely important to protect your ports from malicious intent. When you setup your rules make sure they only allow your endpoints access. I can't tell you how many times our clients have been compromised and systems rebuilt because the client insisted on public access. You should also make sure you have a very complicated / complex registration password for each account.

    Bottom line, the pfSense in bridged mode will eliminate the complications NAT presents in a VOIP environment and make it much more flexible to manage access to multiple servers.



  • Hello
    I have a question like all set and outgoing calls go and do not pass inside.
    and sorry for my bad english.








  • And what will happen if I have CARP, so my WAN have a private ip address?
    I will have to use host_outbound = mypublicip in the configuration file, but how to edit the file and avoid pfsense gui to overwrite it?


Log in to reply