Re: [pfSense] SIP through IKEv2-tunnel

[Karl Fife]

Time to do a pcap, and see what's actually happening.   Look in the SIP 
session description (SDP) and see what IP addresses the client is 
telling the other side to communicate with.   Divide and conquer.

On 3/21/2017 5:42 AM, Martin Fuchs wrote:
what really irritates me is the fact (tried it just now) that using it over 
OpenVPN instead of IKEv2 it works...

any idea ?

i'm gonna look over it again...

________________________________
Von: List <list-boun...@lists.pfsense.org> im Auftrag von Martin Fuchs 
<mar...@fuchs-kiel.de>
Gesendet: Dienstag, 21. März 2017 10:45:34
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

I think so, too, that's what confuses me.


Internet -> Router -> (NAT: IPSec, OpenVPN) pfSense


so the SIP-Clients would tunnel trough the the router, terminate with the 
pfSense and the unencrypted packets are sent back to the router (which hosts 
the PBX).


In my opitnion it should work, too...



________________________________
Von: List <list-boun...@lists.pfsense.org> im Auftrag von Vick Khera 
<vi...@khera.org>
Gesendet: Montag, 20. März 2017 13:48:06
An: pfSense Support and Discussion Mailing List
Betreff: Re: [pfSense] SIP through IKEv2-tunnel

You only need siproxyd if you have multiple SIP clients inside your network
trying to talk outside.

SIP should work just fine in your situation where your PBX software and
your client are within the same VPN and do not block any traffic.

That is, I have a situation like this and it works just fine:

Internet <- pfSense NAT <- Switchvox <- local LAN clients

remotes  -> pfSense VPN -> Switchvox


I can't tell from the OP's original description how the connections are
configured.


On Mon, Mar 20, 2017 at 6:10 AM, Eero Volotinen <eero.voloti...@iki.fi>
wrote:

maybe you need something like this
https://doc.pfsense.org/index.php/Siproxd_package

Eero

20.3.2017 11.56 ap. "Martin Fuchs" <mar...@fuchs-kiel.de> kirjoitti:

Hi !

I have a Fritz!Box (router) connected to the internet (no other
possibility).

In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM.

This pfSense VM just operates as a VPN-Gateway.

I have set up the routes in the Fritz!Box for the dial-in networks to the
pfSense.


I can connect via IKEv2 and browse internat services.

I have a Fritz!App (SIP-Client) on my phone.

This app connects to the Fritz!Box (which provides a SIP-connection)
successfully.


When I try to make a call, the other phone rings BUT no party cann hear
the other.


It seems to me like a RTP-issue.


On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules.

The firewall-rules allow IPSec to LAN (any service).

I'm running pfSense 2.3.3p1 with one interface.


Does anyone have any idea or some hint for me ?


regards,

martin
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold