Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




33 posts

Geek


# 177187 25-Jul-2015 18:35
Send private message

I had my Fibre installed last week and its working perfectly. However I am wanting to use my Pfsense firewall for my own reasons.

I have successfully connected my Pfsense box to the Chorus ONT and enabled PPoE and VLAN Tagging 10. My internet is working perfectly now through Pfsense. My plan was to connect the Fritzbox to the local network on my network switch which is connected to the Pfsense box out of the LAN interface and use it as a Wifi access point and a VOIP Modem. 

In the FritzBox I set it up to use an existing Internet connection and I am able to use it as a Wifi access point and ethernet switch as an extension to my network. However the VOIP with Snap Plus isn't working.

The log shows, 

 

 

 

 

25.07.15

 

18:19:32

 

Registration of Internet telephone number 09******* failed. Reason for error: DNS error

 

 

 

25.07.15

 

18:18:49

 

Internet telephony with 021*******@connect2.plus.snap.net.nz via connect2.plus.snap.net.nz failed. Cause: (503)

 

 

 

 


(I've got the Snap DNS servers setup in the PFsense box and FritzBox)

This is what happens when I try to dial out and no one can dial in. I've read other posts about trying to achieve what I am doing and tried their settings but it isn't working so I am wondering if someone can clue me in with something I might be missing.

Create new topic
449 posts

Ultimate Geek
+1 received by user: 98


  # 1351731 25-Jul-2015 21:36
Send private message

I have it working behind my Ubiquiti EdgeRouter Lite (ERL), but I had to use a second ERL to do it.  The problem with VOIP SIP/RTP is that the SIP packets used to set up the connection have IP addresses in the data part of the packet, not just the headers.  So if you are behind a NAT firewall, some of the IP addresses in the data will be for your internal non-routable IPv4 addresses like 192.168.x.x or 10.x.x.x.  So the other end of the connection will try to send things to those non-routable addresses, which will never work.  There are various techniques that are used to work around this in SIP client software, but the FrtizBox is a SIP server and does not have those options as it is intended to work as the router connecting you to the Internet and therefore does not need them as it is on the external IP address.

My fix is a brute force one - to give the my FritzBox the same external IP address as my main ERL gets from Snap, and to route to it all the packets on the ports it needs to operate as though they were not being NATed - the original destination address  (my external IP address) is restored by the second ERL and the packets are sent on to the FritzBox.  This only works if you have a static IP address, unless you could work out some script in the main ERL that could see an IP address change and then change the IP address for the FrtizBox in the second ERL - not impossible, but a tricky bit of work.  See details of how I have it working in this thread:

  http://www.geekzone.co.nz/forums.asp?forumId=90&topicId=175876

49 posts

Geek
+1 received by user: 1


  # 1351832 26-Jul-2015 09:43
Send private message

I had the same problem when I went to Pfsense.  After a bit of digging, I found the easiest way for me to resolve it was by getting a /30 and 1:1 natting one of the additional IP's to the fritz.


 
 
 
 




33 posts

Geek


  # 1351914 26-Jul-2015 12:37
Send private message

Pinkfish: I had the same problem when I went to Pfsense.  After a bit of digging, I found the easiest way for me to resolve it was by getting a /30 and 1:1 natting one of the additional IP's to the fritz.



How do I go about getting /30?



33 posts

Geek


  # 1351915 26-Jul-2015 12:38
Send private message

fe31nz: I have it working behind my Ubiquiti EdgeRouter Lite (ERL), but I had to use a second ERL to do it.  The problem with VOIP SIP/RTP is that the SIP packets used to set up the connection have IP addresses in the data part of the packet, not just the headers.  So if you are behind a NAT firewall, some of the IP addresses in the data will be for your internal non-routable IPv4 addresses like 192.168.x.x or 10.x.x.x.  So the other end of the connection will try to send things to those non-routable addresses, which will never work.  There are various techniques that are used to work around this in SIP client software, but the FrtizBox is a SIP server and does not have those options as it is intended to work as the router connecting you to the Internet and therefore does not need them as it is on the external IP address.

My fix is a brute force one - to give the my FritzBox the same external IP address as my main ERL gets from Snap, and to route to it all the packets on the ports it needs to operate as though they were not being NATed - the original destination address  (my external IP address) is restored by the second ERL and the packets are sent on to the FritzBox.  This only works if you have a static IP address, unless you could work out some script in the main ERL that could see an IP address change and then change the IP address for the FrtizBox in the second ERL - not impossible, but a tricky bit of work.  See details of how I have it working in this thread:

  http://www.geekzone.co.nz/forums.asp?forumId=90&topicId=175876


Currently I have a dynamic IP address so your method may not work. It also looks way to complicated for me but I'd be keen to try it if all else fails.

449 posts

Ultimate Geek
+1 received by user: 98


  # 1351995 26-Jul-2015 14:20
Send private message

I would be happy to try to help you with that, but I am not familiar with Pfsense.  Does it have a PPPoE server option?  Does your Pfsense box have enough RAM to be able to run a virtual machine to run a second copy of Pfsense, or maybe of Vyos (since that could pretty much use my config from my second ERL)?  It is not actually necessary to run the second router on the Pfsense box - if can ba any PC that can support it, but it needs to be a box that is going to be on 24/7 so that the phones will always be working.



33 posts

Geek


  # 1357427 3-Aug-2015 08:04
Send private message

I'd be interested in you helping me. I'd really like to get this working sometime.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.