Messages

Ok, I have got it working with stun. But only if I make an incoming call from outside to inside. I can hear and talk on both sides.
I have made this outging NAT Rule
   Interface   Source   Source Port   Destination   Destination Port   NAT Address   NAT Port   Static Port   Description      
         
      WAN   192.1XXXXXX0/32    *   *   *   Interface address   *   YES   VOIP

Firewall Rules allow everything from Grandstream to any in the first step.

On Grandstream:
FXS Port:
Primary SIP Server: tel.t-online.de
SIP Transport: UDP
NAT Traversal: Auto
SIP User ID: +49XXXXXXXX
Authenticate ID: anonymous@t-online.de
Authenicate Password: "TelekomPW from PPPOE"
DNS Mode: NAPTR/SRV
Enable SIP OPTIONS/NOTIFY Keep Alive: OPTIONS
SIP OPTIONS/NOTIFY Keep Alive Interval: 600

Preferred Vocoder:
choice 1 to 8: all G722

Forced Codec Feature all No and the last G722 Codec: Yes

Under Advanced Settings:
STUN server is: stun.t-online.de

My last problem: I can not  make an outgoing call from inside to outside....I just got fast beep beep beep

      

Hi,
changed the isp to Telekom. I have a VDSL50 line. In front I am using a Draytek Vigor 166 with FullBridge Mode. The opnsense is dialing up with PPPOE.
I have created a seprate VLAN for the ATA Grandstream HT801.
I have configured port forward for the HT801 like this:

WAN   TCP/UDP   DTAGServers    *   WAN address   DTAGServers_Ports_TCP_UDP     192.XXXXX   DTAGServers_Ports_TCP_UDP     VOIP      
         
WAN   TCP   DTAGServers    *   WAN address   DTAGServers_Ports_TCP     192.XXXXX   DTAGServers_Ports_TCP     VOIP      
         
WAN   UDP   DTAGServers    *   WAN address   DTAGServers_Ports_UDP     192.XXXXX   DTAGServers_Ports_UDP     VOIP

The ports are copied from https://www.telekom.de/hilfe/internet-telefonie/telefonie/einstellungen-telefoniecenter/voice-over-ip?samChecked=true

On the VLAN for the HT801, everything is allowed to stun.t-online.de in and out

The big question is for me, how do I configure the HT801 to register to telekoms phoneline.

On FXS PORT:
Primary SIP Server:tel.t-online.de
Outbound Proxy: tel.t-online.de

NAT Traversal: STUN

SIP: User ID +49XXXXXXXXX
Authenicate ID: anonymous@t-online.de
PW: empty
Name: +49XXXXXXXXX

DNS Mode: A Record


Under Advanced:
STUN server is: stun.t-online.de

The rest is default.

At the moment I don't know where to search for wrong configuration.. in the opnsense or the grandstream.

The other thing is, I also found some information about the SIPProxy Plugin for opnsense, but I don't know if that something that could help in my situation.

Is there anybody else with this kind of config who could help here?!

Sunnyvalley Support answered:

Please try to add the following tunable and then restart the firewall.

System - Settings - Tunable
Tunable: dev.netmap.buf_num
Value: 1000000

This was working for me!!! ;D ;D ;D

U̵p̵l̵o̵a̵d̵ ̵s̵p̵e̵e̵d̵ ̵i̵s̵ ̵a̵l̵s̵o̵ ̵v̵e̵r̵y̵ ̵l̵o̵w̵ ̵w̵i̵t̵h̵ ̵t̵h̵i̵s̵ ̵e̵n̵a̵b̵l̵e̵d̵ ̵"̵w̵o̵r̵k̵a̵r̵o̵u̵n̵d̵"̵ ̵ ̵2̵3̵9̵k̵b̵i̵t̵ ̵i̵n̵s̵t̵e̵a̵d̵ ̵o̵f̵ ̵5̵0̵M̵b̵i̵t̵

Seems to be an issue with the native netmap driver... with emulated is seems to work again

Ok, I already reported that issue to Sunnyvalley support...maybe we got an update next days

Found out that the issue seems to be the "Cloud Reputation & Web Categorization"
If I disable it all is fine... but also no filtering... :/

And if I try to make some new blacklists entries I got this:
"Configuration Saved Notification.Rules could not be loaded. Please try again"

Is it mandatory to enable the "Cloud Reputation & Web Categorization" to have the policy working? Even if you have manuel entries?

Hi, after the update to 1.12 and opnsense 22.7.7 I get about 25% packetlos on all interfaces in Zenarmor.
If I disable the engine ping is clear. If I enable Zenarmor engine again ping is clear for about 2-3 minutes after the packetloss is coming back again...
I am now running with diabled zenarmor...
Does anyone have the same problem?

Hab jetzt mal die Option "supersede dhcp-lease-time 60" reingenommen, ist zwar ziemlich häufig, aber damit konnte ich ohne Neustart die IP wieder beziehen.
Mal gucken wie lange das hält .....

Hi zusammen,
ich bin vor kurzem von einem Telekom VDSL 100 auf einen Vodafone 1000Max Cable umgestiegen.
Vorher lief alles TippiToppi mit einem Draytek 165 Modem im Bridge Mode.
Nun habe ich die Vodafone Station im Bridgemodus laufen und das WAN Interface auf DHCP gestellt.
Seit der Umstellung auf Vodafone habe ich das Problem, dass  zwischen 3-6 Tagen das WAN Interface die IP verliert.
In den Logs habe ich erst gesehen, dass er versucht, dauerhaft ne IP zu ziehen, dabei bin ich hierdrauf gestoßen:
"supersede dhcp-server-identifier 255.255.255.255"

Doch das Problem mit dem IP auf dem Gateway verlieren besteht weiter.
Das hab ich in den Logs gefunden:
22021-10-30T07:33:00   opnsense[93817]   /usr/local/etc/rc.dyndns: Aborted IPv4 detection: no address for em1   
2021-10-30T07:33:00   opnsense[93817]   /usr/local/etc/rc.dyndns: Dynamic DNS: updatedns() starting   
2021-10-30T07:32:59   opnsense[22446]   plugins_configure dns (execute task : unbound_configure_do())   
2021-10-30T07:32:59   opnsense[22446]   plugins_configure dns (execute task : dnsmasq_configure_do())   
2021-10-30T07:32:59   opnsense[22446]   plugins_configure dns ()   
2021-10-30T07:32:59   opnsense[22446]   plugins_configure dhcp (execute task : dhcpd_dhcp_configure())   
2021-10-30T07:32:59   opnsense[22446]   plugins_configure dhcp ()   
2021-10-30T07:32:59   opnsense[22446]   plugins_configure ipsec (execute task : ipsec_configure_do(,wan))   
2021-10-30T07:32:59   opnsense[22446]   plugins_configure ipsec (,wan)   
2021-10-30T07:32:59   opnsense[22446]   /usr/local/etc/rc.linkup: ROUTING: entering configure using 'wan'   
2021-10-30T07:32:59   dhclient[96860]   No working leases in persistent database - sleeping.   
2021-10-30T07:32:58   dhclient[90261]   New Routers (em1): 178.201.XXX.XXX   
2021-10-30T07:32:57   dhclient[89991]   New Routers (em1): 178.201.XXX.XXX   
2021-10-30T07:32:57   dhclient[78698]   New Broadcast Address (em1): 255.255.255.255   
2021-10-30T07:32:57   dhclient[10657]   New Subnet Mask (em1): 255.255.252.0   
2021-10-30T07:32:57   dhclient[47317]   New IP Address (em1): 178.201.XXX.XXX   
2021-10-30T07:32:57   dhclient[96860]   Trying recorded lease 178.201.XXX.XXX
2021-10-30T07:32:57   dhclient[96860]   No DHCPOFFERS received.   
2021-10-30T07:32:44   dhclient[96860]   send_packet: Network is down   
2021-10-30T07:32:44   dhclient[96860]   DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 13
2021-10-30T07:32:32   dhclient[96860]   send_packet: Network is down   
2021-10-30T07:32:32   dhclient[96860]   DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 12   
2021-10-30T07:32:15   dhclient[96860]   send_packet: Network is down   
2021-10-30T07:32:15   dhclient[96860]   DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 17   
2021-10-30T07:32:03   dhclient[96860]   send_packet: Network is down   
2021-10-30T07:32:03   dhclient[96860]   DHCPDISCOVER on em1 to 255.255.255.255 port 67 interval 1

das einzige was hilft, ist es die Opnsense komplett neuzustarten.
Hat jemand das gleiche Problem?

Sonst mach doch Mal all den Schnickschnack aus und teste nochmal

Hast du irgendwelche Intrusion detection regeln drin?

Ich hab einfach von dem USB Stick gebootet. Dann per Shell als Installer eingeloggt. Dann auf konfig importieren gedrückt. Dann guided Installation und fertig war es.
Danach noch die Plugins nachinstalliert...hat keine 10 Min installiert.
Das Backup hab ich somit garnicht gebraucht. Aber besser es zu haben...

Mich hat er gefragt, ob die die benutzen plugins nachinstallieren möchte...mit einem Klick wurde das dann gemacht...

Stimmt, grad gemacht mit importieren der Config.
Das hat keine 10 Min gedauert... supercool
Danke euch![emoji7]

Jo naja.....
Kann ich denn ne config aus einer 20.1.9 in ein frisches Image mit v 21.1 einspielen?