Luca Bertoncello
2020-Jun-23 07:06 UTC
[asterisk-users] Voice broken during calls (again...)
Am 23.06.2020 08:43, schrieb Luca Bertoncello: And another thing, I discovered right now...> Could you suggest me something to restrict the problem? > Currently, I think the problem can be: > > 1) on Asterisk > 2) on my Gateway/FirewallA couple of years ago I added this entry in my firewall: /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu since I had the problem downloading data from an Internet site using my tablet. I found this site explaining that: https://lartc.org/howto/lartc.cookbook.mtu-mss.html I really forgot this entry, but now I checked all entries in my Firewall, and I see it, with my remark... Now, the last line of the HowTo: -------------------------------- # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 This sets the MSS of passing SYN packets to 128. Use this if you have VoIP with tiny packets, and huge http packets which are causing chopping in your voice calls. -------------------------------- Could it be the problem? Right now I'm not at home, so I cannot test it, but maybe I can add an entry like: iptables -A FORWARD -p tcp -m multiport --ports 5060,<my high port for SIP> --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 and change the previous entry like: iptables -A FORWARD -p tcp -i intlan0 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu to limit the behaviour on the internal LAN... Your opinion? Thanks a lot! Luca Bertoncello (lucabert at lucabert.de)
Hello Le 23/06/2020 à 09:06, Luca Bertoncello a écrit :> Am 23.06.2020 08:43, schrieb Luca Bertoncello: > > And another thing, I discovered right now... > >> Could you suggest me something to restrict the problem? >> Currently, I think the problem can be: >> >> 1) on Asterisk >> 2) on my Gateway/Firewall > > A couple of years ago I added this entry in my firewall: > > /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > --clamp-mss-to-pmtu > > since I had the problem downloading data from an Internet site using > my tablet. > I found this site explaining that: > > https://lartc.org/howto/lartc.cookbook.mtu-mss.html > > I really forgot this entry, but now I checked all entries in my > Firewall, and I see it, with my remark... > Now, the last line of the HowTo: > > -------------------------------- > # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > --set-mss 128 > > This sets the MSS of passing SYN packets to 128. Use this if you have > VoIP with tiny packets, and huge http packets which are causing > chopping in your voice calls. > -------------------------------- > > Could it be the problem? Right now I'm not at home, so I cannot test > it, but maybe I can add an entry like: > > iptables -A FORWARD -p tcp -m multiport --ports 5060,<my high port for > SIP> --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 > > and change the previous entry like: > > iptables -A FORWARD -p tcp -i intlan0 --tcp-flags SYN,RST SYN -j > TCPMSS --clamp-mss-to-pmtu > > to limit the behaviour on the internal LAN... > > Your opinion?Audio has nothing to do with SIP signaling 5060 port. Look at your rtp.conf -- Daniel
Luca Bertoncello
2020-Jun-23 07:23 UTC
[asterisk-users] Voice broken during calls (again...)
Am 23.06.2020 09:19, schrieb Administrator: Hi Daniel> Audio has nothing to do with SIP signaling 5060 port. Look at your > rtp.confYou're right... I have to restrict to the ports I configured in rtp.conf... So like: iptables -A FORWARD -p tcp -m multiport --ports -ports 10000:15100 --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 ? Or I just have to use: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 instead of: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu ? Thanks Luca Bertoncello (lucabert at lucabert.de)
Hello, if you need clampmss then it is highly probable there is a PMTU discovery problem. The clampmss does not work for UDP. I probably counted the size incorrectly. So you are able to ping with size 1464 and not with 1466. How about trying same ping sizes from the internet towards your site? I mean trying to ping from sites with higher MTU than yours without lower MTU links in the path. You know MTU is a size of l2 frame, so using ipv6 you are able to use higher payload sizes because of ip header size. Marek 2020-06-23 9:06 GMT+02:00, Luca Bertoncello <lucabert at lucabert.de>:> Am 23.06.2020 08:43, schrieb Luca Bertoncello: > > And another thing, I discovered right now... > >> Could you suggest me something to restrict the problem? >> Currently, I think the problem can be: >> >> 1) on Asterisk >> 2) on my Gateway/Firewall > > A couple of years ago I added this entry in my firewall: > > /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > --clamp-mss-to-pmtu > > since I had the problem downloading data from an Internet site using my > tablet. > I found this site explaining that: > > https://lartc.org/howto/lartc.cookbook.mtu-mss.html > > I really forgot this entry, but now I checked all entries in my > Firewall, and I see it, with my remark... > Now, the last line of the HowTo: > > -------------------------------- > # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss > 128 > > This sets the MSS of passing SYN packets to 128. Use this if you have > VoIP with tiny packets, and huge http packets which are causing chopping > in your voice calls. > -------------------------------- > > Could it be the problem? Right now I'm not at home, so I cannot test it, > but maybe I can add an entry like: > > iptables -A FORWARD -p tcp -m multiport --ports 5060,<my high port for > SIP> --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 > > and change the previous entry like: > > iptables -A FORWARD -p tcp -i intlan0 --tcp-flags SYN,RST SYN -j TCPMSS > --clamp-mss-to-pmtu > > to limit the behaviour on the internal LAN... > > Your opinion? > > Thanks a lot! > Luca Bertoncello > (lucabert at lucabert.de) > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
Luca Bertoncello
2020-Jun-23 07:40 UTC
[asterisk-users] Voice broken during calls (again...)
Am 23.06.2020 09:28, schrieb Marek Greško: Hi> if you need clampmss then it is highly probable there is a PMTU > discovery problem. The clampmss does not work for UDP.Is there a way to check if I have this problem?> I probably counted the size incorrectly. So you are able to ping with > size 1464 and not with 1466. How about trying same ping sizes from the > internet towards your site? I mean trying to ping from sites with > higher MTU than yours without lower MTU links in the path.lucabert at ns:~$ ping -4 -M do -s 1465 bpi.d.lucabert.com PING bpi.d.lucabert.com (93.241.91.232) 1465(1493) bytes of data. From 62.156.246.57 (62.156.246.57) icmp_seq=1 Frag needed and DF set (mtu = 1492) ping: local error: Message too long, mtu=1492 ping: local error: Message too long, mtu=1492 ping: local error: Message too long, mtu=1492 ^C --- bpi.d.lucabert.com ping statistics --- 4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3965ms pipe 2 With paket size of 1464 it works...> You know MTU is a size of l2 frame, so using ipv6 you are able to use > higher payload sizes because of ip header size.OK, thanks! Luca Bertoncello (lucabert at lucabert.de)