[asterisk-users] Do I need a sip proxy?

Bruce B bruceb444 at gmail.com
Tue Jan 18 09:17:11 CST 2011 

Thanks for the info. I did get it working without any SIP Proxy. There is a
bug in pfSense v1.2.3 where certain configs are not removed and
some inconsistencies exist in the xml config file. Once I cleaned that and
when I limited my Asterisk servers to use different port ranges for UDP
traffic now everything is working great.

On Tue, Jan 18, 2011 at 7:26 AM, Pan B. Christensen <pan at ibidium.no> wrote:

>  Hello Bruce,
>
>
> Sorry for the delay. I don't really have time to follow this list much.
>
> In your original setup, you did use a sort of SIP Proxy (the central
> Asterisk feeding the others) depending on your definition. A SIP Proxy would
> probably solve your issue, but as I stated in my previous mail, you should
> not need one. Fixing (or exchanging) Pfsense should also solve your issue
> and then you'll have one less device that can bring your system down. Fixing
> Pfsense will probably require you to troubleshoot the issue some more to see
> exactly what happens, so you know what you need to fix. Compare the SIP
> traffic between your Asterisks and Pfsense to the traffic between Pfsense
> and your provider. Capture the traffic in .pcap format with ngrep, tcpdump,
> wireshark or other packet dumping tools, then analyze it in wireshark. To
> capture traffic outside Pfsense, you'll probably need to mirror a switch
> port, install a hub or ask your provider to send you a dump. This will
> require some understanding of the SIP message format and TCP/IP, but it
> should not be very complicated.
>
> I'm quite sure Pfsense changes the contents of the SIP message itself in
> ways it should not do possibly in addition to changing the IP packets in
> ways it should not do. It may also possibly block incoming traffic it should
> not block.
>
> If you decide to use a SIP proxy, then going back to your original design
> (using Asterisk as a proxy) would probably be the easiest for you.
> Of the alternatives you've listed, I only have experience with Kamailio. In
> simple setups, its default configuration will not need to be altered much to
> get it working. Its logic is VERY different to Asterisk, though. I know that
> Kamailio would be a very good choice for this role. I believe the
> alternatives would be as well.
>
>
> With kind regards,
> Pan B. Christensen
> Senior technician
> Ibidium AS
> http://www.ibidium.no/
>
> ----- Original Message -----
> *From:* Bruce B <bruceb444 at gmail.com>
> *To:* Asterisk Users Mailing List - Non-Commercial Discussion<asterisk-users at lists.digium.com>
> *Sent:* Tuesday, January 11, 2011 4:37 PM
> *Subject:* Re: [asterisk-users] Do I need a sip proxy?
>
> Thanks a lot for the great input Pan.
>
> I think you are right on point with this one. I have STATIC PORT enabled in
> my outbound WAN. I am not sure if it was set for SIP or OpenVPN use but it
> is there for a reason.
>
> So, I try to mingle a bit with Siproxd package. I am a bit fuzzy on it
> though. If I have the Siproxd enabled, does it act as a one single server
> that connects multiple times to my provider or providers and then I connect
> to the Siproxd in return? Or, I can still register from Asterisk directly
> with the provider(s) and Siproxd will take care of the SIP packets to be
> handled nicely?
>
> If it's the latter then it sounds fine to use otherwise it would not only
> be complicated but also a downtime to Siproxd mean downtime to all Asterisk
> servers.
>
> ***In addition I have setup Siproxd according to pfsense guide online but
> once I save the configurations and return to it there are no configs left. I
> know this question is for pfsense forum but maybe someone else experienced
> this?
>
> ***And to return to my original question, do I need a SIP proxy and which
> one would be suit my needs? I still like to get an input on my previous
> e-mail. I have to stay with pfsense for now as it has proven to be a good
> router in all other aspect.
>
> Thanks,
>
> On Tue, Jan 11, 2011 at 7:38 AM, Pan B. Christensen <pan at ibidium.no>wrote:
>
>>   Hello Bruce,
>>
>> Your understanding of NAT is correct, and your setup should work.
>>
>> I’m not familiar with Pfsense, but I suspected that your problem was due
>> to a SIP ALG. Pfsense seems to have a SIP ALG and other special handling of
>> VoIP traffic. Hence, you are not using plain NAT. Pfsense is probably
>> rewriting the SIP packets in addition to the IP packets. Try reconfiguring
>> Pfsense or swapping it for something else. A good way to troubleshoot your
>> scenario is to compare the traffic in your end to the traffic on your
>> providers end (or on either side of pfsense). Pay attention to the source
>> and destination IP and ports in addition to the contents of the SIP
>> messages.
>>
>> http://doc.pfsense.org/index.php/VoIP_Configuration
>> http://en.wikipedia.org/wiki/Application-level_gateway
>>
>> With kind regards,
>> Pan
>>
>>  *From:* Bruce B <bruceb444 at gmail.com>
>> *Sent:* Tuesday, January 11, 2011 8:58 AM
>> *To:* Asterisk Users Mailing List - Non-Commercial Discussion<asterisk-users at lists.digium.com>
>> *Subject:* [asterisk-users] Do I need a sip proxy?
>>
>>   Hi Everyone,
>>
>> I am running multiple instances of Asterisk in Proxmox and so far I had
>> one central Asterisk feeding all others with trunks from one provider. Now,
>> I want to connect each Asterisk server directly to the provider. Based on my
>> understanding, each connection made to the provider port 5060 would be on a
>> port that is unique to that server. And so other connections made to the
>> same provider will go out through a different port and should receive
>> responses through that different port. At least that is my understanding of
>> NAT. The provider should see me trying to register from the same IP with
>> multiple different ports (high number ports; not talking about 5060 as this
>> is outbound and not inbound) and should be able to differentiate between SIP
>> packets coming from various servers. However, it seems to not happen.
>>
>> There is some sort of clash and only one of the servers shows registered
>> with the provider and other's trunks go down. I have noticed that keeping
>> one server works. It could also be that my Fail2ban kicks in on all servers
>> if the SIP packets received are broadcasted to all servers which shouldn't
>> really happen and router should take of this by sending it to the server
>> that has the established connection through that port.
>>
>> *My equipment:*
>> Asterisk 1.6x
>> Pfsense 1.2.3
>> Dumb Switch
>>
>> *My questions:*
>> A- What is the rational behind this?
>> B- Do I need a sip proxy server? Something like Siproxd, OpenSIPs, or
>> Kamailio?
>> C- Which one of the above is the easiest to get running given I never
>> tried any of those.
>> D- If I am doing an SIP proxy server then it might have to also be
>> redundant. What options do I have in that and which of above or any other
>> suggested package might be great for future expansions.
>>
>> Clarification on how NAT would work in situations like this would be much
>> appreciated.
>>
>> Thanks
>>
>> ------------------------------
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>                http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>               http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>  ------------------------------
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110118/449d8b4b/attachment.htm>

More information about the asterisk-users mailing list