After update OPNsense 24.1.2 and Suricata 7 VoIP is dead

Started by itn3rd77, February 21, 2024, 08:58:07 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 23, 2024, 06:22:24 PM #15 Last Edit: February 23, 2024, 06:24:31 PM by Bunch
Quote from: mimugmail on February 22, 2024, 12:22:50 PM
Can you try this?
https://forum.opnsense.org/index.php?topic=38989.0

Just tried adding
Code Select
exception-policy: ignore
to
/usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml

no more drop for VoIP now. Thanks.
I will try again 12 hours later to confirm it won't drop anymore.
February 24, 2024, 05:03:25 PM #16
I have tried the suggestion made by mimugmail but have the same result as ChrisChros - it will not work.
February 25, 2024, 05:28:15 PM #17
I got this to work only after copying the entire app-layer: section from suricata.yaml and inserting error-policy: ignore at the first indent - same level as protocols:.

The Suricata 7 documentation states that adding app-layer: in custom.yaml overwrites the one in suricata.yaml. I recommend anyone still having issues to try this if disabling IPS is not an option.

Quote
If the same section, say outputs is later redefined after the include statement it will overwrite the included file. Therefore any include statement at the end of the document will overwrite the already configured sections.
February 26, 2024, 03:40:39 PM #18
Just a FYI.

I have two VoIP systems behind almost identical firewall hardware (one has a couple of additional 10GB ports) running  24.1.2_1  and configured in the same way. PBX traffic is over a 1:1 NAT.

I've seen the same issue of IDS needing to be disabled on one of them but not the other.

The major difference between the two looks to be the SIP trunk provider.

March 04, 2024, 11:05:55 AM #19
any news on the problem?
March 04, 2024, 07:24:20 PM #20
Not in the exact same vein:

With upgrade to 24.1.2 and activation of Suricata 7 we saw a drastic decline in Teams throughput for all calls and video with their service.  Only way we were able to circumvent was by turning off Suricata.  Once it was off we saw throughput return to normal and users able to place calls with 0 lag or interference. Not sure if it assists, but hoping someone with more knowledge or within OpnSense see this thread and has a fix for next release.
March 05, 2024, 12:30:25 AM #21
This problem was addressed here https://github.com/opnsense/core/pull/7271
A suppose it will be fixed in the next update.
March 05, 2024, 07:32:31 AM #22
Yeah, 24.1.3 should address this further. It probably going to be released tomorrow.


Cheers,
Franco
March 05, 2024, 11:58:28 AM #23
RE: VOIP/SIP issues

Do a package capture on WAN while calling your number and see if there are SIP invite packages coming in from your provider.

Reboot and repeat.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Print
Go Up Pages 1 2
User actions