[WXC/VFX] MP264 appears to be interfering with OpenVFX SIP traffic intended for my Asterisk box

Forums › One NZ (including Farmside) › [WXC/VFX] MP264 appears to be interfering with OpenVFX SIP traffic intended for my Asterisk box

aw

296 posts

Ultimate Geek
+1 received by user: 30

#155962 14-Nov-2014 14:46

I have the following setup:

Internet <-> VDSL <-> WxC MP264 router with DMZ enabled <-> Desktop PC running Wireshark and 2x bridged LAN for testing this issue <-> pfSense Firewall <-> Asterisk Box

Using OpenVFX.

Starting today, I'm getting this weird behaviour where the MP264 appears not to be passing RTP packets, and despite its VoIP not being provisioned, it sends out bad REGISTER packets to pan.wxnz.net, who then replies with "404 not found" which ends up going to my Asterisk box - these keep coming in:

'CE{<9SwXSIP/2.0 404 Not found

From: <sip:0000000001@pan.wxnz.net>;tag=826220-3a1c9f21-13c4-50029-1e60c35-3e2c1861-1e60c35

To: <sip:0000000001@pan.wxnz.net>;tag=1528941087-1415929491340

Call-ID: 834270-3a1c9f21-13c4-50029-1e60c35-636e1493-1e60c35

CSeq: 1 REGISTER

Via: SIP/2.0/UDP 192.168.3.3:5060;branch=z9hG4bK-1e60c35-6a9fb008-51d2e9f;rport=5060

Content-Length: 0

I think this is happening because where I'm packet-sniffing to try to fault-find this, I'm seeing "404 Not Found" replies continually come in from pan.wxnz.net to the Asterisk box despite no outbound traffic, ie even when Asterisk is stopped. This issue persists across reboots. This is in addition to an issue I sporadically have where the MP264 stops forwarding SIP (5060) traffic too, although that is usually solved with a reboot.

I'm trying to diagnose the issue using a remote extension as follows:

Blink softphone and Wireshark on laptop <-> 3G* <-> Internet <-> VDSL <-> WxC MP264 router with DMZ enabled <-> Wireshark <-> pfSense Firewall <-> Asterisk Box

* same on either 3G and via other the UFB internet connection at my office - both used to work until today.

I see the RTP packets going out fine on 3G and all specified vs actual ports look correct, but those same RTP packets are *not* seen on my home network at the other end - unexpected, as with DMZ switched on everything should be forwarded from the MP264 to the pfSense firewall so the intercepting PC running Wireshark should be seeing something...

Any ideas? Any help much appreciated.

Thanks,

Andrew

RunningMan

9186 posts

Uber Geek
+1 received by user: 4839

#1176182 15-Nov-2014 07:40

If you are not using the VoIP stack in the MP264, why not just replace it with a Draytek 130 straight to the pfSense box?

aw

296 posts

Ultimate Geek
+1 received by user: 30

#1177365 17-Nov-2014 14:22

Originally I got it free because I was a VDSL test customer. Might look into replacing it if I don't hear anything. I tried Xnet support but because it involves OpenVFX they just directed me here (the first time that's happened too).

RunningMan

9186 posts

Uber Geek
+1 received by user: 4839

#1177368 17-Nov-2014 14:30

It's fairly normal for an all-in-one device to direct SIP / RTP traffic to it's built in VoIP stack - can you set up the MP264 in a full bridge mode and do the authentication from your firewall?

aw

296 posts

Ultimate Geek
+1 received by user: 30

#1177387 17-Nov-2014 14:53

Ok turned off all ALG stuff on the MP264 (hard to find: go to Security > Advanced Filtering > untick anything ALG related.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1177389 17-Nov-2014 15:00

The first thing to do on any router when you plan to use VoIP is look for a SIP ALG / SIP transformations and disable it.

grudge

266 posts

Ultimate Geek
+1 received by user: 26

#1177728 18-Nov-2014 08:24

RunningMan: It's fairly normal for an all-in-one device to direct SIP / RTP traffic to it's built in VoIP stack - can you set up the MP264 in a full bridge mode and do the authentication from your firewall?

While this is achievable, it also means that the phone lines on the mp264 will not function while in full bridge mode.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

RunningMan

9186 posts

Uber Geek
+1 received by user: 4839

#1178030 18-Nov-2014 16:24

grudge:
RunningMan: It's fairly normal for an all-in-one device to direct SIP / RTP traffic to it's built in VoIP stack - can you set up the MP264 in a full bridge mode and do the authentication from your firewall?

While this is achievable, it also means that the phone lines on the mp264 will not function while in full bridge mode.

Fairly sure that the OP is using an Asterisk box, so bypassing the phone lines on the MP264 may be exactly what it trying to be achieved. Certainly not what the average user would want though ;-)

aw

296 posts

Ultimate Geek
+1 received by user: 30

#1178089 18-Nov-2014 19:42

Yeah turning off the various ALGs on the MP264 was easy once I knew where it was. Finding those settings is the hard part, with the MP264 not having much Googlable information about it.

Might give full bridge mode a try (again, just have to find it!!) While all the other issues are now resolved, the Asterisk box keeps receiving unsolicited 404 Not Found SIP responses for requests to register sip:0000000001@pan.wxnz.net, probably in response to outgoing requests from the MP264. I get about half a dozen of these every minute.