<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18999">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2 face=Arial>Hello Bruce,</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Sorry for the delay. I don't really have time to
follow this list much.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>In your original setup, you did use a sort of SIP
Proxy (the central Asterisk feeding the others) depending on your definition. A
SIP Proxy would probably solve your issue, but as I stated in my previous mail,
you should not need one. Fixing (or exchanging) Pfsense should also solve your
issue and then you'll have one less device that can bring your system down.
Fixing Pfsense will probably require you to troubleshoot the issue some more to
see exactly what happens, so you know what you need to fix. Compare the SIP
traffic between your Asterisks and Pfsense to the traffic between Pfsense and
your provider. Capture the traffic in .pcap format with ngrep, tcpdump,
wireshark or other packet dumping tools, then analyze it in wireshark.
</FONT><FONT size=2 face=Arial>To capture traffic outside Pfsense, you'll
probably need to mirror a switch port, install a hub or ask your provider to
send you a dump. This will require some understanding of the SIP message format
and TCP/IP, but it should not be very complicated.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>I'm quite sure Pfsense changes the contents of the
SIP message itself in ways it should not do possibly in addition to changing the
IP packets in ways it should not do. It may also possibly block incoming traffic
it should not block.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>If you decide to use a SIP proxy, then going back
to your original design (using Asterisk as a proxy) would probably be the
easiest for you.</FONT></DIV>
<DIV><FONT size=2 face=Arial>Of the alternatives you've listed, I only have
experience with Kamailio. In simple setups, its default configuration will not
need to be altered much to get it working. Its logic is VERY different to
Asterisk, though. I know that Kamailio would be a very good choice for this
role. I believe the alternatives would be as well.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>With kind regards,<BR>Pan B. Christensen<BR>Senior
technician<BR>Ibidium AS<BR><A
href="http://www.ibidium.no/">http://www.ibidium.no/</A></FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt arial; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=bruceb444@gmail.com href="mailto:bruceb444@gmail.com">Bruce B</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=asterisk-users@lists.digium.com
href="mailto:asterisk-users@lists.digium.com">Asterisk Users Mailing List -
Non-Commercial Discussion</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, January 11, 2011 4:37
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [asterisk-users] Do I need a
sip proxy?</DIV>
<DIV><BR></DIV>
<DIV>Thanks a lot for the great input Pan. </DIV>
<DIV><BR></DIV>I think you are right on point with this one. I have STATIC
PORT enabled in my outbound WAN. I am not sure if it was set for SIP or
OpenVPN use but it is there for a reason.
<DIV><BR></DIV>
<DIV>So, I try to mingle a bit with Siproxd package. I am a bit fuzzy on it
though. If I have the Siproxd enabled, does it act as a one single server that
connects multiple times to my provider or providers and then I connect to the
Siproxd in return? Or, I can still register from Asterisk directly with the
provider(s) and Siproxd will take care of the SIP packets to be handled
nicely?</DIV>
<DIV><BR></DIV>
<DIV>If it's the latter then it sounds fine to use otherwise it would not only
be complicated but also a downtime to Siproxd mean downtime to all Asterisk
servers.</DIV>
<DIV><BR></DIV>
<DIV>***In addition I have setup Siproxd according to pfsense guide online but
once I save the configurations and return to it there are no configs left. I
know this question is for pfsense forum but maybe someone else experienced
this?</DIV>
<DIV><BR></DIV>
<DIV>***And to return to my original question, do I need a SIP proxy and which
one would be suit my needs? I still like to get an input on my previous
e-mail. I have to stay with pfsense for now as it has proven to be a good
router in all other aspect.</DIV>
<DIV><BR></DIV>
<DIV>Thanks,<BR><BR>
<DIV class=gmail_quote>On Tue, Jan 11, 2011 at 7:38 AM, Pan B. Christensen
<SPAN dir=ltr><<A
href="mailto:pan@ibidium.no">pan@ibidium.no</A>></SPAN> wrote:<BR>
<BLOCKQUOTE
style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>
<DIV dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-FAMILY: 'Calibri'; COLOR: #000000; FONT-SIZE: 12pt">
<DIV>Hello Bruce,</DIV>
<DIV> </DIV>
<DIV>Your understanding of NAT is correct, and your setup should work.</DIV>
<DIV> </DIV>
<DIV>I’m not familiar with Pfsense, but I suspected that your problem was
due to a SIP ALG. Pfsense seems to have a SIP ALG and other special handling
of VoIP traffic. Hence, you are not using plain NAT. Pfsense is probably
rewriting the SIP packets in addition to the IP packets. Try reconfiguring
Pfsense or swapping it for something else. A good way to troubleshoot your
scenario is to compare the traffic in your end to the traffic on your
providers end (or on either side of pfsense). Pay attention to the source
and destination IP and ports in addition to the contents of the SIP
messages.</DIV>
<DIV> </DIV>
<DIV><A title=http://doc.pfsense.org/index.php/VoIP_Configuration
href="http://doc.pfsense.org/index.php/VoIP_Configuration"
target=_blank>http://doc.pfsense.org/index.php/VoIP_Configuration</A></DIV>
<DIV><A title=http://en.wikipedia.org/wiki/Application-level_gateway
href="http://en.wikipedia.org/wiki/Application-level_gateway"
target=_blank>http://en.wikipedia.org/wiki/Application-level_gateway</A></DIV>
<DIV> </DIV>
<DIV>With kind regards,</DIV>
<DIV>Pan</DIV>
<DIV
style="FONT-STYLE: normal; DISPLAY: inline; FONT-FAMILY: 'Calibri'; COLOR: #000000; FONT-SIZE: small; FONT-WEIGHT: normal; TEXT-DECORATION: none">
<DIV style="FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV><B>From:</B> <A title=bruceb444@gmail.com
href="mailto:bruceb444@gmail.com" target=_blank>Bruce B</A> </DIV>
<DIV><B>Sent:</B> Tuesday, January 11, 2011 8:58 AM</DIV>
<DIV><B>To:</B> <A title=asterisk-users@lists.digium.com
href="mailto:asterisk-users@lists.digium.com" target=_blank>Asterisk Users
Mailing List - Non-Commercial Discussion</A> </DIV>
<DIV><B>Subject:</B> [asterisk-users] Do I need a sip
proxy?</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV
style="FONT-STYLE: normal; DISPLAY: inline; FONT-FAMILY: 'Calibri'; COLOR: #000000; FONT-SIZE: small; FONT-WEIGHT: normal; TEXT-DECORATION: none">
<DIV>
<DIV></DIV>
<DIV class=h5>Hi Everyone,
<DIV> </DIV>
<DIV>I am running multiple instances of Asterisk in Proxmox and so far I had
one central Asterisk feeding all others with trunks from one provider. Now,
I want to connect each Asterisk server directly to the provider. Based on my
understanding, each connection made to the provider port 5060 would be on a
port that is unique to that server. And so other connections made to the
same provider will go out through a different port and should receive
responses through that different port. At least that is my understanding of
NAT. The provider should see me trying to register from the same IP with
multiple different ports (high number ports; not talking about 5060 as this
is outbound and not inbound) and should be able to differentiate between SIP
packets coming from various servers. However, it seems to not happen.</DIV>
<DIV> </DIV>
<DIV>There is some sort of clash and only one of the servers shows
registered with the provider and other's trunks go down. I have noticed that
keeping one server works. It could also be that my Fail2ban kicks in on all
servers if the SIP packets received are broadcasted to all servers which
shouldn't really happen and router should take of this by sending it to the
server that has the established connection through that port.</DIV>
<DIV> </DIV>
<DIV><B>My equipment:</B></DIV>
<DIV>Asterisk 1.6x</DIV>
<DIV>Pfsense 1.2.3</DIV>
<DIV>Dumb Switch</DIV>
<DIV> </DIV>
<DIV><B>My questions:</B></DIV>
<DIV>A- What is the rational behind this?</DIV>
<DIV>B- Do I need a sip proxy server? Something like Siproxd, OpenSIPs, or
Kamailio?</DIV>
<DIV>C- Which one of the above is the easiest to get running given I never
tried any of those.</DIV>
<DIV>D- If I am doing an SIP proxy server then it might have to also be
redundant. What options do I have in that and which of above or any other
suggested package might be great for future expansions.</DIV>
<DIV> </DIV>
<DIV>Clarification on how NAT would work in situations like this would be
much appreciated.</DIV>
<DIV> </DIV>
<DIV>Thanks</DIV></DIV></DIV>
<P></P>
<HR>
--<BR>_____________________________________________________________________<BR>--
Bandwidth and Colocation Provided by <A href="http://www.api-digital.com"
target=_blank>http://www.api-digital.com</A> --<BR>New to Asterisk? Join us
for a live introductory webinar every
Thurs:<BR>
<A href="http://www.asterisk.org/hello"
target=_blank>http://www.asterisk.org/hello</A><BR><BR>asterisk-users
mailing list<BR>To UNSUBSCRIBE or update options visit:<BR> <A
href="http://lists.digium.com/mailman/listinfo/asterisk-users"
target=_blank>http://lists.digium.com/mailman/listinfo/asterisk-users</A>
<P></P></DIV></DIV></DIV></DIV><BR>--<BR>_____________________________________________________________________<BR>--
Bandwidth and Colocation Provided by <A href="http://www.api-digital.com"
target=_blank>http://www.api-digital.com</A> --<BR>New to Asterisk? Join us
for a live introductory webinar every Thurs:<BR>
<A href="http://www.asterisk.org/hello"
target=_blank>http://www.asterisk.org/hello</A><BR><BR>asterisk-users
mailing list<BR>To UNSUBSCRIBE or update options visit:<BR> <A
href="http://lists.digium.com/mailman/listinfo/asterisk-users"
target=_blank>http://lists.digium.com/mailman/listinfo/asterisk-users</A><BR></BLOCKQUOTE></DIV><BR></DIV>
<P>
<HR>
<P></P>--<BR>_____________________________________________________________________<BR>--
Bandwidth and Colocation Provided by http://www.api-digital.com --<BR>New to
Asterisk? Join us for a live introductory webinar every
Thurs:<BR>
http://www.asterisk.org/hello<BR><BR>asterisk-users mailing list<BR>To
UNSUBSCRIBE or update options visit:<BR>
http://lists.digium.com/mailman/listinfo/asterisk-users</BLOCKQUOTE></BODY></HTML>