Eric Chamberlain
2009-May-11 20:44 UTC
[asterisk-users] Anyone with a working pfSense firewall configuration?
Other SIP clients behind the firewall (not using STUN, work). We have a SIP client using STUN and ICE behind a pfSense firewall. The firewall is behaving oddly. REGISTER packets work fine. But when the client tries to make a call, the first INVITE packet from the client pass through the firewall and makes it to the Asterisk server. The Asterisk server sends back a 401 client sends ACK, traffic passes fine. When the client then sends the INVITE with the authentication information, the INVITE packet never makes it to the Asterisk server. A packet trace on the WAN interface of the firewall shows the INVITE going out, but the packets never make it to the Asterisk server. Any ideas on how to configure pfSense to work with a SIP client using STUN and ICE, without having to install siproxyd? -- Eric Chamberlain, Founder RF.com - http://RF.com/
Tim Nelson
2009-May-11 21:30 UTC
[asterisk-users] Anyone with a working pfSense firewall configuration?
----- "Eric Chamberlain" <eric at rf.com> wrote:> Other SIP clients behind the firewall (not using STUN, work). > > We have a SIP client using STUN and ICE behind a pfSense firewall. > The firewall is behaving oddly. > > REGISTER packets work fine. > > But when the client tries to make a call, the first INVITE packet from > > the client pass through the firewall and makes it to the Asterisk > server. > > The Asterisk server sends back a 401 client sends ACK, traffic passes > > fine. > > When the client then sends the INVITE with the authentication > information, the INVITE packet never makes it to the Asterisk server. > > A packet trace on the WAN interface of the firewall shows the INVITE > > going out, but the packets never make it to the Asterisk server. > > Any ideas on how to configure pfSense to work with a SIP client using > > STUN and ICE, without having to install siproxyd? > > -- > Eric Chamberlain, Founder > RF.com - http://RF.com/pfSense employs source-port randomization by default. You may want to enable advanced outbound NAT which turns this behavior off. While I'm not sure this is the source of your problems, I've seen it ruin otherwise acceptable SIP situations. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105