Andrew Martin
2015-May-05 02:59 UTC
[asterisk-users] OpenVPN Clients Intermittently Cannot Call In
----- Original Message -----> From: "Administrator TOOTAI" <admin at tootai.net> > To: asterisk-users at lists.digium.com > Sent: Friday, May 1, 2015 6:42:38 AM > Subject: Re: [asterisk-users] OpenVPN Clients Intermittently Cannot Call In > > Le 01/05/2015 00:05, Andrew Martin a ?crit : > > ----- Original Message ----- > >> From: "Administrator TOOTAI" <admin at tootai.net> > >> To: asterisk-users at lists.digium.com > >> Sent: Thursday, April 30, 2015 4:43:33 PM > >> Subject: Re: [asterisk-users] OpenVPN Clients Intermittently Cannot Call > >> In > >> > >>> I am running Asterisk 11.12.0 on CentOS 6.4. The asterisk server and > >>> internal phones are located on the 10.10.32.0/21 LAN subnet. I have many > >>> internal SIP phones, which appear to be working correctly. I have a few > >>> external phones (Yealink SIP-T32G or other Yealink model) on > >>> 192.168.32.0/24 which have an OpenVPN client configured on them that > >>> connects back to the LAN network through a pfSense gateway with OpenVPN > >>> configured on it. > >> > >> I faced problems with pfsense -no VPN involved- and finally installed > >> siproxd on it. Also set the firewall mode to conservative. > > > > Daniel, > > > > Thanks for the information. Do you have an example or documentation on the > > siproxd configuration that you used? > > No, just follow the basis of the parameters given by the package. If I > remember, SIP use the proxy siproxd and RTP is direct. >Looking into it further, in my case it does not appear to be a NATing issue, since running OpenVPN from pfSense means there's no NATing occurring between the clients or between the clients and the asterisk server. Although I was unable to reproduce the problems, I did notice some packet loss and jitter in "sip show channelstats", here is a sample: Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter 192.168.32.26 446613544 at 1 00:03:03 0000000094 0000004238 (97.83%) 0.0000 0000000000 0000000244 ( 0.00%) 0.0000 192.168.32.38 5b2ebdc92fd 00:03:03 0000000059 0000000001 ( 1.67%) 0.0000 0000000000 0000000091 ( 0.00%) 0.0028 I was unable to find documentation each of these columns, but the high percentage of loss for received packets for 192.168.32.26 seems suspicious. Do these statistics indicate a problem? Thanks, Andrew>
Guenther Boelter
2015-May-05 06:05 UTC
[asterisk-users] OpenVPN Clients Intermittently Cannot Call In
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/05/2015 10:59 AM, Andrew Martin wrote:> > > ----- Original Message ----- >> From: "Administrator TOOTAI" <admin at tootai.net> To: >> asterisk-users at lists.digium.com Sent: Friday, May 1, 2015 6:42:38 >> AM Subject: Re: [asterisk-users] OpenVPN Clients Intermittently >> Cannot Call In >> >> Le 01/05/2015 00:05, Andrew Martin a ?crit : >>> ----- Original Message ----- >>>> From: "Administrator TOOTAI" <admin at tootai.net> To: >>>> asterisk-users at lists.digium.com Sent: Thursday, April 30, >>>> 2015 4:43:33 PM Subject: Re: [asterisk-users] OpenVPN Clients >>>> Intermittently Cannot Call In >>>> >>>>> I am running Asterisk 11.12.0 on CentOS 6.4. The asterisk >>>>> server and internal phones are located on the 10.10.32.0/21 >>>>> LAN subnet. I have many internal SIP phones, which appear >>>>> to be working correctly. I have a few external phones >>>>> (Yealink SIP-T32G or other Yealink model) on >>>>> 192.168.32.0/24 which have an OpenVPN client configured on >>>>> them that connects back to the LAN network through a >>>>> pfSense gateway with OpenVPN configured on it. >>>> >>>> I faced problems with pfsense -no VPN involved- and finally >>>> installed siproxd on it. Also set the firewall mode to >>>> conservative. >>> >>> Daniel, >>> >>> Thanks for the information. Do you have an example or >>> documentation on the siproxd configuration that you used? >> >> No, just follow the basis of the parameters given by the package. >> If I remember, SIP use the proxy siproxd and RTP is direct. >> > > Looking into it further, in my case it does not appear to be a > NATing issue, since running OpenVPN from pfSense means there's no > NATing occurring between the clients or between the clients and the > asterisk server. > > Although I was unable to reproduce the problems, I did notice some > packet loss and jitter in "sip show channelstats", here is a > sample: Peer Call ID Duration Recv: Pack Lost > ( %) Jitter Send: Pack Lost ( %) Jitter > 192.168.32.26 446613544 at 1 00:03:03 0000000094 0000004238 > (97.83%) 0.0000 0000000000 0000000244 ( 0.00%) 0.0000 > 192.168.32.38 5b2ebdc92fd 00:03:03 0000000059 0000000001 ( > 1.67%) 0.0000 0000000000 0000000091 ( 0.00%) 0.0028 > > I was unable to find documentation each of these columns, but the > high percentage of loss for received packets for 192.168.32.26 > seems suspicious. Do these statistics indicate a problem? > > Thanks, > > AndrewHi Andrew, is this a linux machine? If so, check your NIC with ifconfig for hardware errors. Guenther - -- DavaoSOFT, the home of ERPel ERPel, das deutsche Warenwirtschaftssystem fuer LINUX http://www.davaosoft.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJVSF22AAoJENexF5oIz3BC7SUQAL7guaLv8rKHLfJah58/qhT7 qWiyYcjiFiLOUC1J6tgZ+BpT1tXGs5A5NAx+0yC3QWoDHEb/dAg+tzy9YqWqfrtz sePuqAHYPivqtqve1WBM3cB8BGwAL402bQpI8ythpIqJx6RJEFJ8uCQ6eCG/qLjV WKTknHe0r18bV9TTUVmwSHUoU2T/dfz/Wueb/hwjs+ZxrmwiF+jPNeTEr3hUhfFq P1jWi59OMQt01cQbPBmNUogfgiSrN/t7fwitqmbDXK3DoGqviynud1pueigBfONs bboocgqEvx5LZM3Z653VrhjXf38cqPpTwemQ/VVJjRrqWbEHdm5/bT/n2UvT1w3U Nv1Hi/dVPL2/PSuYqW46PqVaqgGYSUAUMRbrrh9ogH2aQAcAw29p4Nl+wK9pHni4 Ix8OFaa4HyefA6a45a+butVGj7tSgZ0k/NYBdsXj9CFBLnBViyB84twINNzDDb9q 6ca1Bhdf8uE6iM4AcyUzcdnoa4L1CA4tBbEwJ2F0lAK4+TWzmGK43Fxy4wctZLim XikVlBeLtGO55cQcI3UZ/IEkYRw7EkXvznNegq4LpXgrPf3pO2n6hNvEZS+uHnC5 q1mY07kCznAI9lU2iCWb9x/YbRpvum4iMy+2Y2ZiuTZd7xI9kZylkKSB/3syIlcv i1nd/nCKQ49nct0agKL3 =xjex -----END PGP SIGNATURE-----
Andrew Martin
2015-May-05 14:46 UTC
[asterisk-users] OpenVPN Clients Intermittently Cannot Call In
----- Original Message -----> From: "Guenther Boelter" <gboelter at gmail.com> > To: asterisk-users at lists.digium.com > Sent: Tuesday, May 5, 2015 1:05:44 AM > Subject: Re: [asterisk-users] OpenVPN Clients Intermittently Cannot Call In > > > Looking into it further, in my case it does not appear to be a > > NATing issue, since running OpenVPN from pfSense means there's no > > NATing occurring between the clients or between the clients and the > > asterisk server. > > > > Although I was unable to reproduce the problems, I did notice some > > packet loss and jitter in "sip show channelstats", here is a > > sample: Peer Call ID Duration Recv: Pack Lost > > ( %) Jitter Send: Pack Lost ( %) Jitter > > 192.168.32.26 446613544 at 1 00:03:03 0000000094 0000004238 > > (97.83%) 0.0000 0000000000 0000000244 ( 0.00%) 0.0000 > > 192.168.32.38 5b2ebdc92fd 00:03:03 0000000059 0000000001 ( > > 1.67%) 0.0000 0000000000 0000000091 ( 0.00%) 0.0028 > > > > I was unable to find documentation each of these columns, but the > > high percentage of loss for received packets for 192.168.32.26 > > seems suspicious. Do these statistics indicate a problem? > > > > Thanks, > > > > Andrew > > Hi Andrew, > > is this a linux machine? If so, check your NIC with ifconfig for > hardware errors. > > Guenther >Guenther, Yes, this machine is running CentOS 6.4 (see my original post for more details). This asterisk server has 2x gigabit NICs set up in a bond with bond mode 1. Both ifconfig and ethtool do not report any hardware errors, although they do show a few checksum errors: eth0 Link encap:Ethernet HWaddr 00:11:22:33:44:55 UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:467927100 errors:0 dropped:0 overruns:1 frame:0 TX packets:304724661 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:131747094082 (122.6 GiB) TX bytes:93869585242 (87.4 GiB) Memory:fb920000-fb940000 eth1 Link encap:Ethernet HWaddr AA:BB:CC:DD:EE:FF UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:41250363 errors:0 dropped:0 overruns:0 frame:0 TX packets:3467 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5190889937 (4.8 GiB) TX bytes:1594075 (1.5 MiB) Memory:fb900000-fb920000>From ethtool -S eth0:tx_smbus: 164709 rx_smbus: 119082408 dropped_smbus: 104036 rx_queue_0_packets: 97532982 rx_queue_0_bytes: 16800645524 rx_queue_0_drops: 1 rx_queue_0_csum_err: 0 rx_queue_0_alloc_failed: 0 rx_queue_7_packets: 53850556 rx_queue_7_bytes: 12797600155 rx_queue_7_drops: 0 rx_queue_7_csum_err: 41 rx_queue_7_alloc_failed: 0 Thanks, Andrew