[pfSense Support] OT: pap2t - was Re: SV: [pfSense Support] sip nat
Chris Flugstad wrote: Paul, you want my pap2 version 2? I unlocked it from vonage and i get a terrible delay. Cant seem to get rid of the delay so it makes the device kinda worthless. unless you know how to get rid of the delay, i dont want it ;) I've got three of them (all unlocked ex-earthlink from Frys :-) and not observed any major problems. There is a lag with VOIP, but I've only really noticed when making a call between continents. maybe you can flash to latest firmware? just be careful that this doesn't cause a factory reset and gets the device locked when it tries to auto-provision - I know the earthlink customised ones will. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: SV: [pfSense Support] sip nat
Chris Buechler wrote: On Wed, Mar 18, 2009 at 9:44 PM, Chris Flugstad ch...@cascadelink.com wrote: Also forgot to note, that most phones will register on port 5060. This however behind a NAT wont work if you have more than 1 phone. You will have to statically configure the port different on each port OR someone phone will have a random port selection OR sometimes you can select 5061 and it will pick a random port. Or this is what the siproxd package is for, to be able to track connections on SIP where you can't rewrite the source port. That's almost always, but evidently there are some scenarios where that works fine, given the report of the initiator of this thread. Indeed, I've found that you simply can't get multiple SIP devices behind a simple-minded NAT box without hacking their advanced configuration to run on different ports. Snag is some devices, e.g. Siemens S685IP dect voip+pbx phone, don't reliably allow fine-grained control of SIP settings. In the end I set up a small linux firewall with siproxd and then I was able to use a whole mix of Linksys PAP2T/SPA2002 and Siemens S685IP without issue. Set them up on a dedicated voice VLAN, add traffic prioritisation rules on the firewall and it works pretty well even over a domestic but good quality ADSL service. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: SV: [pfSense Support] sip nat
Paul, you want my pap2 version 2? I unlocked it from vonage and i get a terrible delay. Cant seem to get rid of the delay so it makes the device kinda worthless. unless you know how to get rid of the delay, i dont want it ;) Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com Paul Mansfield wrote: Chris Buechler wrote: On Wed, Mar 18, 2009 at 9:44 PM, Chris Flugstad ch...@cascadelink.com wrote: Also forgot to note, that most phones will register on port 5060. This however behind a NAT wont work if you have more than 1 phone. You will have to statically configure the port different on each port OR someone phone will have a "random" port selection OR sometimes you can select 5061 and it will pick a random port. Or this is what the siproxd package is for, to be able to track connections on SIP where you can't rewrite the source port. That's almost always, but evidently there are some scenarios where that works fine, given the report of the initiator of this thread. Indeed, I've found that you simply can't get multiple SIP devices behind a simple-minded NAT box without hacking their advanced configuration to run on different ports. Snag is some devices, e.g. Siemens S685IP dect voip+pbx phone, don't reliably allow fine-grained control of SIP settings. In the end I set up a small linux firewall with siproxd and then I was able to use a whole mix of Linksys PAP2T/SPA2002 and Siemens S685IP without issue. Set them up on a dedicated voice VLAN, add traffic prioritisation rules on the firewall and it works pretty well even over a domestic but good quality ADSL service. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
SV: [pfSense Support] sip nat
Hi Chris Thanks for the quick response. I already tested it, and that solved my problem. But your probably also right when you say that it won't fix the actual problem: SIP does not like NAT. Keep up the good work... Kind regards Anders -Oprindelig meddelelse- Fra: cbuech...@gmail.com [mailto:cbuech...@gmail.com] På vegne af Chris Buechler Sendt: 18. marts 2009 16:03 Til: support@pfsense.com Emne: Re: [pfSense Support] sip nat Nearly always, rewriting source port on SIP breaks it so it's not done by default. Enable AON and it will be. On Wed, Mar 18, 2009 at 6:11 AM, and...@fiberby.dk wrote: Hi I know this issue have been raised before, but I haven't really found a satisfying answer, so here I go again... My problem is related to sip-nat. I'm running a network with approximately 2000 home users. I have choosen pfsense back in the 1.0.1 days, and is still very satisfied with it's performance and stability. At the moment I have four machines running pfsense. One working as router only (disabled the firewall under advanced). - pfsense v. 1.2 Two working as nat-routers for Internet-access. - pfsense v. 1.2 One working as a nat-router for Audiocodes MP124 sip boxes. - pfsense v. 1.0.1 When pfsense 1.2 came out, I upgraded every machine. But quickly I had to roll the sip-router back to 1.0.1, since it stopped rewriting the source port for the MP124 boxes. My problem is that many costumers choose to set up there own sip-boxes on the internet-connection, and therefore get connected with one of the routers thats running pfsense 1.2. And it just does not rewrite the source port, and as a result of that only one sip-box per provider gets connected. As soon as I throw them on another vlan, so they get connected to the machine running pfsense 1.0.1, it rewrites the ports just fine, and I can have as many boxes from the same provider behind one single public ip. Does anyone have an explanation to this behavior, or even better, a solution!? Kind regards Anders Dahl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: SV: [pfSense Support] sip nat
I use Linksys SPA 921 which do a BADASS job of going over NAT. They have a good "keep alive" function that keeps them nice and cozy behind a nat. We use them for our hosted pbx product and havent had any problems. Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com and...@fiberby.dk wrote: Hi Chris Thanks for the quick response. I already tested it, and that solved my problem. But your probably also right when you say that it won't fix the actual problem: SIP does not like NAT. Keep up the good work... Kind regards Anders -Oprindelig meddelelse- Fra: cbuech...@gmail.com [mailto:cbuech...@gmail.com] P vegne af Chris Buechler Sendt: 18. marts 2009 16:03 Til: support@pfsense.com Emne: Re: [pfSense Support] sip nat Nearly always, rewriting source port on SIP breaks it so it's not done by default. Enable AON and it will be. On Wed, Mar 18, 2009 at 6:11 AM, and...@fiberby.dk wrote: Hi I know this issue have been raised before, but I haven't really found a satisfying answer, so here I go again... My problem is related to sip-nat. I'm running a network with approximately 2000 home users. I have choosen pfsense back in the 1.0.1 days, and is still very satisfied with it's performance and stability. At the moment I have four machines running pfsense. One working as router only (disabled the firewall under advanced). - pfsense v. 1.2 Two working as nat-routers for Internet-access. - pfsense v. 1.2 One working as a nat-router for Audiocodes MP124 sip boxes. - pfsense v. 1.0.1 When pfsense 1.2 came out, I upgraded every machine. But quickly I had to roll the "sip-router" back to 1.0.1, since it stopped rewriting the source port for the MP124 boxes. My problem is that many costumers choose to set up there own sip-boxes on the internet-connection, and therefore get connected with one of the routers thats running pfsense 1.2. And it just does not rewrite the source port, and as a result of that only one sip-box per provider gets connected. As soon as I throw them on another vlan, so they get connected to the machine running pfsense 1.0.1, it rewrites the ports just fine, and I can have as many boxes from the same provider behind one single public ip. Does anyone have an explanation to this behavior, or even better, a solution!? Kind regards Anders Dahl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: SV: [pfSense Support] sip nat
What is BADASS and what are you saying here? It seems to be mixed messages and not consistent to me. I'd like to understand what it is that you understand please. Kind regards David - Original Message - From: Chris Flugstad To: support@pfsense.com Sent: Thursday, March 19, 2009 7:43 AM Subject: Re: SV: [pfSense Support] sip nat I use Linksys SPA 921 which do a BADASS job of going over NAT. They have a good keep alive function that keeps them nice and cozy behind a nat. We use them for our hosted pbx product and havent had any problems. Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com and...@fiberby.dk wrote: Hi Chris Thanks for the quick response. I already tested it, and that solved my problem. But your probably also right when you say that it won't fix the actual problem: SIP does not like NAT. Keep up the good work... Kind regards Anders -Oprindelig meddelelse- Fra: cbuech...@gmail.com [mailto:cbuech...@gmail.com] På vegne af Chris Buechler Sendt: 18. marts 2009 16:03 Til: support@pfsense.com Emne: Re: [pfSense Support] sip nat Nearly always, rewriting source port on SIP breaks it so it's not done by default. Enable AON and it will be. On Wed, Mar 18, 2009 at 6:11 AM, and...@fiberby.dk wrote: Hi I know this issue have been raised before, but I haven't really found a satisfying answer, so here I go again... My problem is related to sip-nat. I'm running a network with approximately 2000 home users. I have choosen pfsense back in the 1.0.1 days, and is still very satisfied with it's performance and stability. At the moment I have four machines running pfsense. One working as router only (disabled the firewall under advanced). - pfsense v. 1.2 Two working as nat-routers for Internet-access. - pfsense v. 1.2 One working as a nat-router for Audiocodes MP124 sip boxes. - pfsense v. 1.0.1 When pfsense 1.2 came out, I upgraded every machine. But quickly I had to roll the sip-router back to 1.0.1, since it stopped rewriting the source port for the MP124 boxes. My problem is that many costumers choose to set up there own sip-boxes on the internet-connection, and therefore get connected with one of the routers thats running pfsense 1.2. And it just does not rewrite the source port, and as a result of that only one sip-box per provider gets connected. As soon as I throw them on another vlan, so they get connected to the machine running pfsense 1.0.1, it rewrites the ports just fine, and I can have as many boxes from the same provider behind one single public ip. Does anyone have an explanation to this behavior, or even better, a solution!? Kind regards Anders Dahl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: SV: [pfSense Support] sip nat
Some phones, such as the SPA921 will have a "keep alive" function or NAT transversal. This will allow the phone to not disappear from behind a firewall. So you could take the phone and stick it on any 192.XXX home network/office network and it will connect to a voip server and not go missing after a short period of time. This function will eliminate the need for port fowarding and firewall rules. The only firewall rules I do use however are sending the SIP phones out over a 2nd WAN connection. I do this via IP address and don't worry about what ports they talk on. It keeps it simple. Thats what I mean by badass. You can keep port forwarding and stuff though if you want, but you know someone is gonna take that phone and put it on some other network and get pissed that it doesnt work ;) Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com Tortise wrote: What is BADASS and what are you saying here? It seems to be mixed messages and not consistent to me. I'd like to understand what it is that you understand please. Kind regards David - Original Message - From: Chris Flugstad To: support@pfsense.com Sent: Thursday, March 19, 2009 7:43 AM Subject: Re: SV: [pfSense Support] sip nat I use Linksys SPA 921 which do a BADASS job of going over NAT. They have a good "keep alive" function that keeps them nice and cozy behind a nat. We use them for our hosted pbx product and havent had any problems. Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com and...@fiberby.dk wrote: Hi Chris Thanks for the quick response. I already tested it, and that solved my problem. But your probably also right when you say that it won't fix the actual problem: SIP does not like NAT. Keep up the good work... Kind regards Anders -Oprindelig meddelelse- Fra: cbuech...@gmail.com [mailto:cbuech...@gmail.com] P vegne af Chris Buechler Sendt: 18. marts 2009 16:03 Til: support@pfsense.com Emne: Re: [pfSense Support] sip nat Nearly always, rewriting source port on SIP breaks it so it's not done by default. Enable AON and it will be. On Wed, Mar 18, 2009 at 6:11 AM, and...@fiberby.dk wrote: Hi I know this issue have been raised before, but I haven't really found a satisfying answer, so here I go again... My problem is related to sip-nat. I'm running a network with approximately 2000 home users. I have choosen pfsense back in the 1.0.1 days, and is still very satisfied with it's performance and stability. At the moment I have four machines running pfsense. One working as router only (disabled the firewall under advanced). - pfsense v. 1.2 Two working as nat-routers for Internet-access. - pfsense v. 1.2 One working as a nat-router for Audiocodes MP124 sip boxes. - pfsense v. 1.0.1 When pfsense 1.2 came out, I upgraded every machine. But quickly I had to roll the "sip-router" back to 1.0.1, since it stopped rewriting the source port for the MP124 boxes. My problem is that many costumers choose to set up there own sip-boxes on the internet-connection, and therefore get connected with one of the routers thats running pfsense 1.2. And it just does not rewrite the source port, and as a result of that only one sip-box per provider gets connected. As soon as I throw them on another vlan, so they get connected to the machine running pfsense 1.0.1, it rewrites the ports just fine, and I can have as many boxes from the same provider behind one single public ip. Does anyone have an explanation to this behavior, or even better, a solution!? Kind regards Anders Dahl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support availabl
Re: SV: [pfSense Support] sip nat
Also forgot to note, that most phones will register on port 5060. This however behind a NAT wont work if you have more than 1 phone. You will have to statically configure the port different on each port OR someone phone will have a "random" port selection OR sometimes you can select 5061 and it will pick a random port. This will make it hard to do port forwarding, but if your phone doesnt need port forwarding, in the case of the BADASS SPA921's then your safe :-D I've setup about 100 of these SPA921's and they work pretty darn good. Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com Chris Flugstad wrote: Some phones, such as the SPA921 will have a "keep alive" function or NAT transversal. This will allow the phone to not disappear from behind a firewall. So you could take the phone and stick it on any 192.XXX home network/office network and it will connect to a voip server and not go missing after a short period of time. This function will eliminate the need for port fowarding and firewall rules. The only firewall rules I do use however are sending the SIP phones out over a 2nd WAN connection. I do this via IP address and don't worry about what ports they talk on. It keeps it simple. Thats what I mean by badass. You can keep port forwarding and stuff though if you want, but you know someone is gonna take that phone and put it on some other network and get pissed that it doesnt work ;) Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com Tortise wrote: What is BADASS and what are you saying here? It seems to be mixed messages and not consistent to me. I'd like to understand what it is that you understand please. Kind regards David - Original Message - From: Chris Flugstad To: support@pfsense.com Sent: Thursday, March 19, 2009 7:43 AM Subject: Re: SV: [pfSense Support] sip nat I use Linksys SPA 921 which do a BADASS job of going over NAT. They have a good "keep alive" function that keeps them nice and cozy behind a nat. We use them for our hosted pbx product and havent had any problems. Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com and...@fiberby.dk wrote: Hi Chris Thanks for the quick response. I already tested it, and that solved my problem. But your probably also right when you say that it won't fix the actual problem: SIP does not like NAT. Keep up the good work... Kind regards Anders -Oprindelig meddelelse- Fra: cbuech...@gmail.com [mailto:cbuech...@gmail.com] P vegne af Chris Buechler Sendt: 18. marts 2009 16:03 Til: support@pfsense.com Emne: Re: [pfSense Support] sip nat Nearly always, rewriting source port on SIP breaks it so it's not done by default. Enable AON and it will be. On Wed, Mar 18, 2009 at 6:11 AM, and...@fiberby.dk wrote: Hi I know this issue have been raised before, but I haven't really found a satisfying answer, so here I go again... My problem is related to sip-nat. I'm running a network with approximately 2000 home users. I have choosen pfsense back in the 1.0.1 days, and is still very satisfied with it's performance and stability. At the moment I have four machines running pfsense. One working as router only (disabled the firewall under advanced). - pfsense v. 1.2 Two working as nat-routers for Internet-access. - pfsense v. 1.2 One working as a nat-router for Audiocodes MP124 sip boxes. - pfsense v. 1.0.1 When pfsense 1.2 came out, I upgraded every machine. But quickly I had to roll the "sip-router" back to 1.0.1, since it stopped rewriting the source port for the MP124 boxes. My problem is that many costumers choose to set up there own sip-boxes on the internet-connection, and therefore get connected with one of the routers thats running pfsense 1.2. And it just does not rewrite the source port, and as a result of that only one sip-box per provider gets connected. As soon as I throw them on another vlan, so they get connected to the machine running pfsense 1.0.1, it rewrites the ports just fine, and I can have as many boxes from the same provider behind one single public ip. Does anyone have an explanation to this behavior, or even better, a solution!? Kind regards Anders Dahl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial suppor
Re: SV: [pfSense Support] sip nat
On Wed, Mar 18, 2009 at 9:44 PM, Chris Flugstad ch...@cascadelink.com wrote: Also forgot to note, that most phones will register on port 5060. This however behind a NAT wont work if you have more than 1 phone. You will have to statically configure the port different on each port OR someone phone will have a random port selection OR sometimes you can select 5061 and it will pick a random port. Or this is what the siproxd package is for, to be able to track connections on SIP where you can't rewrite the source port. That's almost always, but evidently there are some scenarios where that works fine, given the report of the initiator of this thread. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org