Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 05 December 2024, 11:22:03 pm

Login with username, password and session length

Download the latest community FREE version  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Upgraded Endian Firewall Community to release 2.4.1 now VOIP stopped working
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Upgraded Endian Firewall Community to release 2.4.1 now VOIP stopped working  (Read 19766 times)
dragon16
Jr. Member
*
Offline Offline

Posts: 2


« on: Tuesday 18 January 2011, 02:32:01 pm »

I upgraded my Endian Firewall Community to release 2.4.1 at the beginning of the year. Suddenly my VOIP service quit working. I use a Cisco Linksys PAP2 VOIP adapter that worked fine under EFWC 2.3. I never set the SIP proxy under 2.3. I had a SIP rule for the NAT firewall under 2.3.
I use the Broadvoice service and have tried to create all of suggested Port forwarding / Destination NAT ports:
    * 69-69 UDP
    * 5060-5063 UDP
    * 10,000-20,000 UDP
I tried allowing any service on the network to go outbound as well as from that device. Still no joy.
Anyone got any ideas?

Logged
David.Dejaeghere
Full Member
***
Offline Offline

Gender: Male
Posts: 17


« Reply #1 on: Thursday 20 January 2011, 05:04:17 am »

You should try your best to avoid port forwarding for VoIP cpe.

When you say that VoIP stops working, does that mean that you can no longer get your SIP accounts registered?
That is the first thing you should get working. It should be rather simple to get a device registered to a VoIP service. That only involves port 5060 (default sip port).

Logged
dragon16
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Sunday 23 January 2011, 02:29:07 am »

Yes it should be simple. I have tried removing all rules and allow all outbound traffic, no joy. Restored to a previous configuration from a time I knew it worked, no joy.
Yes, the SIP account is not getting registered. While the PAP2T indicates lots of inbound and outbound traffic there is never any registration.

Where can I find the disk image for version 2.3? At least I know it worked then.
Logged
David.Dejaeghere
Full Member
***
Offline Offline

Gender: Male
Posts: 17


« Reply #3 on: Tuesday 25 January 2011, 05:08:40 am »

do you have another sip host where you can try to connect to?

I am working for a VoIP solution company as a system engineer so i know lots of thing about sip & network implementations.  sip and nat can be a real bitch and that doesnt mean it is a nat issue at your side. I support a few customers with several voip products and never had any particular problem with Endian. (except for T38)

I could give you some SIP credentials on a hosted pbx to try to register on it.

Have you tried a fresh Endian install?

Also, please try this command on an ssh shell:
find / -name '*sip*'

And give me your output. Even tho you never configured the sip proxy it might still have some sip files on the disk, maybe even binaries...
This is an output on a box on my office:

/var/efw/siproxd
/var/lib/siproxd
/etc/siproxd.conf.rpmsave
/etc/firewall/inputfw/siproxd.conf
/etc/firewall/inputfw/siproxd.conf.old
/etc/firewall/proxies/siproxd.conf
/etc/firewall/proxies/siproxd.conf.old
/etc/siproxd.conf.old
/sys/module/nf_conntrack/holders/nf_conntrack_sip
/sys/module/nf_conntrack/holders/nf_nat_sip
/sys/module/nf_nat/holders/nf_nat_sip
/sys/module/nf_conntrack_sip
/sys/module/nf_conntrack_sip/holders/nf_nat_sip
/sys/module/nf_conntrack_sip/parameters/sip_direct_media
/sys/module/nf_conntrack_sip/parameters/sip_direct_signalling
/sys/module/nf_conntrack_sip/parameters/sip_timeout
/sys/module/nf_nat_sip
/lib/modules/2.6.32.25-57.e40.i586/kernel/net/ipv4/netfilter/nf_nat_sip.ko.gz
/lib/modules/2.6.32.25-57.e40.i586/kernel/net/netfilter/nf_conntrack_sip.ko.gz
/usr/lib/perl5/vendor_perl/5.8.5/URI/sip.pm
/usr/lib/perl5/vendor_perl/5.8.5/URI/sips.pm

This might be related to your issue

Logged
matwilde
Jr. Member
*
Offline Offline

Posts: 1


« Reply #4 on: Saturday 26 March 2011, 12:24:06 am »

The Problem is, that the siproxd is removed since EFW 2.4.1! I have the same Problem too. Has anybody a solution, how to reinstall the siproxd into the system? Without, i can do only Ringing the Phone but, because of RTP is not handled, i get no voice.
I didn't found any other forum entry, which has a solution for this damned thing and btw. why has endian removed the siproxd without a replacement???
Logged
pkombala
Jr. Member
*
Offline Offline

Posts: 7


« Reply #5 on: Wednesday 02 November 2011, 02:45:14 am »

same problem for me please help me to solve
Logged
pkombala
Jr. Member
*
Offline Offline

Posts: 7


« Reply #6 on: Wednesday 02 November 2011, 11:11:02 pm »

I wanted to share how I got my Endian Firewall and Vonage voip to work. After looking at the Vonage website, reading many posts and talking with Vonage I realized that there did not exist a complete set of instructions that I could find on the internet for EFW and Vonage.

These instructions are for the EFW Community version 2.2 rc3. you can use this  for for ver 2.4.1

I have a Uniden voip phone from Vonage, Earthlink DSL contracted through Verizon, and originally an SMC Barricade Plus router. Vonage worked right out of the box (pre EFW).

After getting the EFW up and running (thanks to the other posts on the forum for the help!!) I tried the various port settings found on several posts found on the internet. I managed to get a dialtone and call in or out, but no audio.

I found one post that talked about the fact that the older Vonage servers do not support Stateful Packet Inspection and that could be the cause for no audio. I have had Vonage for five years and figured that might be the case for me.

Here are the settings that I used in EFW to set-up the Firewall Ports:

Under the Firewall Tab and then Outgoing Traffic Tab you want to click on the “Add a new firewall rule” and create the below Firewall rules. (I attached these “Vonage specific” rules to the MAC address of my Uniden phone.)

You will need to click the “Update Rule” button after creating a rule and then click “Add a new firewall rule” to create the next rule.

You can also click “Apply” and “Save” after creating each rule if you want or you can “Apply” and “Save” at the end. “Apply will appear at the top of the page and the “Save” button is at the bottom of the page.

Source Destination Service Protocol Dest Port Action Remark
(UserDef) RED SIP UDP 5060 Allow Vonage SIP
(UserDef) RED TFTP UDP 69 Allow Vonage TFTP
(UserDef) RED TFTP UDP 21
2400 Allow Vonage TFTP
(UserDef) RED NTP TCP+UDP 123 Allow Vonage NTP
(UserDef) RED <ANY> UDP 80 Allow Vonage HTTP
(UserDef) RED <ANY> UDP 10000:20000 Allow Vonage RTP

Each of the above lines is a firewall rule for Vonage.

A  of notes.

• DNS 53 is also required but is already a default rule for EFW. Change the Protocol from TCP to TCP+UDP and click the “Update Rule” button.

• The (UserDef) is where I chose MAC and then listed the Uniden MAC address in the box below. You can change this to whatever you would like.

• You see two rules for TFTP. If you select TFTP as a service EFW automatically puts in UDP and port 69. I left the port 69 rule alone and created the other rule for ports 21 and 2400. (You could probably put all three ports in the same rule.) After you type in 21 press “Enter” and on the next line of the box enter 2400. (Don’t let the statement above the box “Destination port (one per line)” fool you. You can enter more than one port or a range of ports.

• The RTP ports 10000:20000 are a critical part of the firewall rules. The : tells the rule that this is a range. Vonage randomly picks an RTP port number between 10000 and 20000 for each phone call placed. Once you get Vonage up and running if you open NTOP you can see the RTP port used each time you place a phone call.

At this point you should be able to unplug your Vonage phone, reset it and test it. If you are able to place and receive calls you are good to go. If not then you need to call Vonage. (I know, you are thinking "How do I do this with no voip." Think creatively. I have a phone on my POTS line, a cell phone, or maybe a string and a dixie cup. You do need to be able to get to your Vonage phone as the technician will ask you to unplug it a  of times. They can see when you unplug it and plug it back in.) Explain to the technician that you have installed a new firewall that does Stateful Packet Inspection and you believe you are on an old Vonage Server that does not handle SPI. They can check this and tell you if the server hadles SPI or not. It took about 10 minutes for the technician to switch me to a new server that handles SPI. I was set and voip restored.

I hope this helps you with Vonage voip and EFW Community version.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.125 seconds with 17 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com