OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: Julien on May 24, 2018, 04:02:09 pm
-
Hi Guys,
Today we have updated to the OPNsense 18.7.b_137-amd64 hardware.
We have noticed that the phone is halting from time to time.
The firewall optimization to conservative
we have installed the os-siproxd as well.
anything to check why is this happening ?
Thank you
-
Hey Julien,
Is this different from 18.1.8 or a general observation?
Cheers,
Franco
-
You also have to configure siproxd as described by Nicolas in the German post
-
Why exactly is Siproxd needed at all?
-
Hi Franco.
This is related to the 18.7 on 18.1 its does works without any plug in. And the rule is any to any.
Hi Mimugmail.
Which is link is Nicolas tutorial? Does this apply for a different countries as well ?
I have been reading around and come the below across. Those configuration has already been configured.
Disable source port rewriting - by default, opnsense rewrites the source port on all outbound traffic. This is necessary for proper NAT in some circumstances such as having multiple SIP phones behind a single public IP registering to a single external PBX. With a minority of providers, rewriting the source port of RTP can cause one way audio. In that case, you want to use manual outbound NAT and Static Port on all UDP traffic potentially with the exclusion of UDP 5060.
Set Conservative state table optimization - pf's default UDP timeouts are too low for some VoIP services. If your phones mostly work, but randomly disconnect, set "Firewall Optimization Options" to Conservative under System -> Advanced. Note this only works on 1.2.3-RC1 and newer as pf itself never increases UDP timeouts, our code changed to do this.
Use the siproxd package - for deployments where rewriting the source port breaks the ability to connect because the service will not work with rewritten source ports, the siproxd package enables multiple phones to connect to a single outside server.
-
Hi Julien,
I'm not sure which change in 18.7.b we are looking for if 18.1.8 is ok. More changes will land in 18.1.9 from 18.7.b, maybe it will force the bug but I'm not completely convinced there is one.
In this particular setup, when you switch to 18.1.8 all is ok?
Cheers,
Franco
-
Hi Franco.
I don't believe it a bug. I think the way how the nat hands out the UDP packets?
I can update again to 18.7 if you can advise where to lock so I can provide more details to the community to troubleshoot this if it a bug or not .
the current working version is 18.1.8 AMD 64.
on the firewall log i can see the ip of the pbx 80.106.77.50
em1 is the WAN interface and we are using this hardware device https://www.applianceshop.eu/security-appliances/19-rack-appliances/opnsense-based/opnsense-a10-dual-core-ssd-7port-rack.html
-
a new log on the pftop
on the PfTop it does shows the IP of the PBX with State of MULTIPLE:MULTIPLE.
77.60.91.250 is our WAN IP
66.200.164.30 is the PBX IP where the SIP request coming from.
pfTop: Up State 1-166/166, View: default, Order: age
PR DIR SRC DEST STATE AGE EXP PKTS BYTES
t
udp In 10.10.56.43:2051 66.200.164.30:5060 MULTIPLE:MULTIPLE 25:21:48 00:00:57 13389 4140858
udp Out 77.60.91.250:33041 66.200.164.30:5060 MULTIPLE:MULTIPLE 25:21:48 00:00:57 13389 4140858
udp In 10.10.56.83:2051 66.200.164.30:5060 MULTIPLE:MULTIPLE 25:21:39 00:00:51 13726 4361107
udp Out 77.60.91.250:61763 66.200.164.30:5060 MULTIPLE:MULTIPLE 25:21:39 00:00:51 13726 4361107
udp In 10.10.56.83:2048 66.200.164.30:5060 MULTIPLE:MULTIPLE 25:21:39 00:00:54 7858 3452671
udp Out 77.60.91.250:19679 66.200.164.30:5060 MULTIPLE:MULTIPLE 25:21:39 00:00:54 7858 3452671
udp In 10.10.56.34:5060 66.200.164.30:5080 MULTIPLE:MULTIPLE 25:21:37 00:00:53 7890 3984866
udp Out 77.60.91.250:47441 66.200.164.30:5080 MULTIPLE:MULTIPLE 25:21:37 00:00:53 7890 3984866
udp In 10.10.56.38:5060 66.200.164.30:5080 MULTIPLE:MULTIPLE 25:21:13 00:00:42 7444 2757788
udp Out 77.60.91.250:27883