[Freeswitch-users] Freeswitch send UDP to port outside range
Charles Bujold
cjbujold at accra.ca
Thu Oct 1 17:43:50 MSD 2015
We are encountering an error which we do not know how to fix. If somebody
can help, it would be appreciated.
Our configuration is we have 2 offices. Both offices are joined together
via a VPN. The users in the remote office use Freeswitch via the VPN and
connect to Freeswitch SIP port 5060 via the VPN. Their phones register
without issue. The issue comes when they try to make a call. They connect
to Freeswitch via SIP without error however early in the connection
Freeswitch no longer recognizes them as being local and tries to communicate
with them via the WAN. Worst case we could open the firewall to permit
such communication but the issue with that, for some reason Freeswitch no
longer uses the UDP port range set in Freeswitch it uses a port outside of
the range causing the call to fail.
Our acl.config has both Lan entered into it 192.168.20.0/24 (Main Office)
and 192.168.25.0/24 (Remote Office) however the main office lan is set to
deny, we presume it is because one of the default list already includes it.
Here is a pcap summary of what we see. How can we setup so that the remote
office will work every time and still be seen as part of the overall local
office?
192.168.25.18 is a remote phone
192.168.20.153 is Freeswitch server in main office.
142.162.8.143 is our WAN IP
Port 49790 is outside of the max port which is 32768
83 12.279953 192.168.25.18 192.168.20.153 SIP/SDP
935 Request: INVITE sip:*97 at 192.168.20.153
84 12.375683 192.168.20.153 192.168.25.18 SIP
375 Status: 100 Trying |
85 12.376097 192.168.20.153 192.168.25.18 SIP
880 Status: 407 Proxy Authentication Required
86 12.393746 192.168.25.18 192.168.20.153 SIP
318 Request: ACK sip:*97 at 192.168.20.153
87 12.458854 192.168.25.18 192.168.20.153 SIP/SDP
1181 Request: INVITE sip:*97 at 192.168.20.153
88 12.542911 192.168.20.153 192.168.25.18 SIP
375 Status: 100 Trying
89 12.718778 192.168.20.153 192.168.25.18 SIP/SDP
1153 Status: 200 OK
90 12.752832 192.168.25.18 142.162.8.143 SIP
680 Request: ACK sip:*97 at 142.162.8.143:49790;transport=udp
Our acl.conf file
<configuration name="acl.conf" description="Network Lists">
<network-lists>
<!--
These ACL's are automatically created on startup.
rfc1918.auto - RFC1918 Space
nat.auto - RFC1918 Excluding your local lan.
localnet.auto - ACL for your local lan.
loopback.auto - ACL for your local lan.
-->
<list name="lan" default="allow">
<node type="deny" cidr="192.168.20.0/24"/>
<node type="allow" cidr="192.168.25.0/24"/>
</list>
<!--
This will traverse the directory adding all users
with the cidr= tag to this ACL, when this ACL matches
the users variables and params apply as if they
digest authenticated.
-->
<list name="domains" default="deny">
<!-- domain= is special it scans the domain from the directory to
build the ACL -->
<node type="allow" domain="$${domain}"/>
<!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
<!-- <node type="allow" cidr="192.168.20.0/24"/> -->
<!-- <node type="allow" cidr="192.168.25.0/24"/> -->
</list>
</network-lists>
</configuration>
If you can tell us how we should configure Freeswitch to work for both
offices it would be appreciated.
Thanks
cjb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151001/15ea92a5/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list