thr3ads.net - asterisk users - [asterisk-users] Anyone with a working pfSense firewall configuration? [May 2009]

If this information is useful, please help other people find it:
Share via:

Eric Chamberlain

2009-May-11 20:44 UTC

[asterisk-users] Anyone with a working pfSense firewall configuration?

Other SIP clients behind the firewall (not using STUN, work).

We have a SIP client using STUN and ICE behind a pfSense firewall.   
The firewall is behaving oddly.

REGISTER packets work fine.

But when the client tries to make a call, the first INVITE packet from  
the client pass through the firewall and makes it to the Asterisk  
server.

The Asterisk server sends back a 401 client sends ACK, traffic passes  
fine.

When the client then sends the INVITE with the authentication  
information, the INVITE packet never makes it to the Asterisk server.

A packet trace on the WAN interface of the firewall shows the INVITE  
going out, but the packets never make it  to the Asterisk server.

Any ideas on how to configure pfSense to work with a SIP client using  
STUN and ICE, without having to install siproxyd?

--
Eric Chamberlain, Founder
RF.com - http://RF.com/

Tim Nelson

2009-May-11 21:30 UTC

head link

[asterisk-users] Anyone with a working pfSense firewall configuration?

----- "Eric Chamberlain" <eric at rf.com>
wrote:> Other SIP clients behind the firewall (not using STUN, work).
> 
> We have a SIP client using STUN and ICE behind a pfSense firewall.   
> The firewall is behaving oddly.
> 
> REGISTER packets work fine.
> 
> But when the client tries to make a call, the first INVITE packet from
>  
> the client pass through the firewall and makes it to the Asterisk  
> server.
> 
> The Asterisk server sends back a 401 client sends ACK, traffic passes 
> 
> fine.
> 
> When the client then sends the INVITE with the authentication  
> information, the INVITE packet never makes it to the Asterisk server.
> 
> A packet trace on the WAN interface of the firewall shows the INVITE 
> 
> going out, but the packets never make it  to the Asterisk server.
> 
> Any ideas on how to configure pfSense to work with a SIP client using 
> 
> STUN and ICE, without having to install siproxyd?
> 
> --
> Eric Chamberlain, Founder
> RF.com - http://RF.com/
pfSense employs source-port randomization by default. You may want to enable
advanced outbound NAT which turns this behavior off.

While I'm not sure this is the source of your problems, I've seen it
ruin otherwise acceptable SIP situations.

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

Apparently Analagous Threads

Search for more seemingly similar threads

asterisk users - May 2009 - Anyone with a working pfSense firewall configuration?

[asterisk-users] Anyone with a working pfSense firewall configuration?

[asterisk-users] Anyone with a working pfSense firewall configuration?

Apparently Analagous Threads