Asterisk goes offline when connected to ZS

Home Page Forums Network Management ZeroShell Asterisk goes offline when connected to ZS

This topic contains 23 replies, has 0 voices, and was last updated by  AussieWISP 7 years, 11 months ago.

Viewing 15 posts - 1 through 15 (of 25 total)
  • Author
    Posts
  • #42757

    AussieWISP
    Member

    I have two PPPOE connections on ZS, all my pc’s that are connected to ETH00 via a switch all get internet access fine. If I connect my Asterisk server directly to a modem, setup port forwarding Asterisk works fine; but as soon as I connect Asterisk through ZS it doesn’t register my IP trunks. I have setup port forwarding in the virtual server, configured some balancing rules in netbalancer, have tested other port forwards on ZS and the ports open fine. Should I use QOS instead of balncing rules, could there be a dns issue, should i connect the Asterisk server to ETH01 and configure it somehow through that way? I’m useless at CLI but getting the hang of GUI’s. Running Asterisk 2.8 and ZS beta 13

    #51363

    atheling
    Member

    I am running AstLinux on another box behind Zeroshell just fine.

    In the “pre boot” script I have:

    modprobe nf_nat_sip

    To make the SIP data get through NAT properly. No idea why that is not standard in ZS.

    Under “Virtual Servers” I have UDP port 5060 forwarded to my Asterisk box. You may not need that unless you are registering phones to your Asterisk box from outside or are allowing unsolicted calls from others (maybe via e164.org, etc.).

    That is about it. Oh, yes. On Asterisk, I don’t bother telling it that it is behind NAT as the nf_nat_sip on ZS takes care of spoofing that.

    #51364

    AussieWISP
    Member

    Thanks for the info, makes senses. Can I assume ‘modprobe nf_nat_sip’ is entered as it looks via the GUI not CLI?

    How should the ‘Asterisk SIP Settings’ NAT section be configured?

    #51365

    atheling
    Member

    In my sip.conf the entire NAT section is commented out. I do have “nat=yes” on the two devices that I use that might connect from outside (a softphone on my laptop and the 3cx SIP softphone on my Android smartphone).

    The “modprobe nf_nat_sip” line is the first line of the “pre-boot” script managed through the ZS GUI.

    By the way, forgot to mention in the first response that the nf_nat_sip module also deals with the RTP stream, so you don’t need to map those ports to your Asterisk box.

    #51366

    AussieWISP
    Member

    My version does not allow me to edit the sip.conf file, it says to make any additions to sip_general_additonal.conf.

    Also after I add the pre boot script, can I just click test and its all loaded or do i need to restart the system, I ask this as I have not quite worked out how to save my configurations yets

    #51367

    atheling
    Member

    @aussiewisp wrote:

    My version does not allow me to edit the sip.conf file, it says to make any additions to sip_general_additonal.conf.

    Hmmm. I’m currently running a v1.4 Asterisk that is pretty barebones as far as controls: I simply use a text editor on the .conf files so as long as I have permission from the filesystem I can do it. I don’t think I’ve ever seen a sip_general_additional.conf file. Net result: I’m not sure I can help you on your particular version of Asterisk.

    @aussiewisp wrote:

    Also after I add the pre boot script, can I just click test and its all loaded or do i need to restart the system, I ask this as I have not quite worked out how to save my configurations yets

    The pre-boot script is only executed on boot up. So you will have to save your configuration and reboot. On the other hand, you should be able to simply execute that line from the CLI (once you get to the bash prompt) and have it take effect immediately.

    On ZS under Setup, click on Profiles. Select whatever profile is there and you should have an option to backup or backup without logs. You can also create, copy or delete profiles. In the ZS world, a profile is a set of configuration values.

    P.S. If you are trying to load balance your two PPPoE connections or share traffic over them in any way, you will need to apply my load balancing patch. You should be able to find it in older posts on this forum. The patch was developed for the previous beta but should apply okay to the current beta. Without the patch you will find that not all traffic is routed correctly.

    #51368

    lip
    Member

    Hi Guys, if I could join in.. I was about to start a topic asking for voip/sip help, as there are so surprisingly few to reference, then I see this one just started. And, with no less than atheling responding, who seems the resident expert from all previous posts.

    atheling regarding your setup recommendations, I have:
    Setup: zeroshell, DSL modem, cable modem, (no pstn lines), switch, asterisk box, 10 PCs, 10 SIP phones, and up 6 occasional remote SIP phones.

    Script: [Pre boot]
    modprobe nf_nat_sip
    for file in /Database/custom/*
    do
    cp $(file) /root/kerbynet.cgi/scripts/
    done

    Virtual server:
    ppp0/any UDP 5000-5082 192.168.1.2:5000-5082
    ppp0/any UDP 10000-20000 192.168.1.2:10000-20000

    Firewall: Forward table needs a rule corresponding the VS rule correct?
    Accept UDP opt — in ppp0 out * 0.0.0.0->192.168.1.2 udp dpts:5000:5084
    Accept UDP opt — in ppp0 out * 0.0.0.0->192.168.1.2 Layer7 RTP udp dpts:10000:20000

    Asterisk:
    NAT yes, RTP reinvite no, no other SIP settings to speak of really…

    Issues:
    Occasional call quality/drops, moreso on the end of people calling in.
    Quality degrades and seems daily reboots help (usually just the asterisk box).

    Questions:
    First, I’ve had horrible call quality for the last few days, and restarted the asterisk box several times which changed nothing. So I rebooted zeroshell and it’s all clear again. Any ideas why this could be? Anything in zeroshell I can check, or setup to monitor? I’d at least like to determine if it is a hardware, software, or configuration related.

    As the system is all voip (no pstn/pri), my primary concern is the voip provider sip trunk connection(5060,10000-20000). Does your setup cover this as well as the occasional remote phones?

    So should I erase the RTP rules, and make SIP only 5060 (or is it 1 port per remote phone or something)? Could these extra open ports cause a problem or just less secure?

    THANKS, IN ADVANCE, FOR ANY HELP, SERIOUSLY!

    If I can’t figure this out, I’m going to get a DLink WBR-2310 router (because they are supposed to work perfectly for SIP) and separate the voice LAN, then consider trying zeroshell on different (atom?) hardware in the future. I can’t find the link but it’s currently running on a small Lite-ON ‘Book PC’ VIA C3 533MHz 500ram 40hdd, but maybe that’s not enough, or there is an incompatibility.

    ** As an aside, I believe the moderators should start a VOIP/SIP section in the forum index, as it’s a growing indispensable component.

    #51369

    AussieWISP
    Member

    Hi Lip, great to see your comments, some of which may help with my mission; based on athelings comments, I think I should downgrade from beta13 to beta12, this being due to being unable to do some of the suggestions by atheling and it also seems his patch is crucial to asterisk/voip and from his posts the patch may not yet be compatible with beta13. I also note that ppalias mentioned that the patch had some glitches which is why it wasn’t released with beta13.

    Does anyone know what that Asterisk patch is on the ZS downloads section?

    On a side question, my scenario I am building is 4 x adsl 8mbps & 1 x fibre 100 mbps fed into ZS, feeding Asterisk, feeding up to 300 internet and voip subscribers via Ubiquiti Wifi. Am I choosing the right software? ie ZS?

    #51370

    lip
    Member

    Hey AussieWISP – I hope I didn’t add to the confusion, and atheling will be able to clear us up.

    I’m not sure of the patch status but I read the same thing, and am still on b12 (not the vitamin).

    Asterisk in the downloads section is to install (barebones) asterisk right on your zeroshell box.

    My next question is the same as yours. If successful next is to bond/balance/failover my 2 connections, and it seems rules are put into the section to control the behavior?
    If that’s successful I’ll then try MLPPP(as our ISP does, and must support it) with 4 or 5 connections bonded.

    #51371

    atheling
    Member

    @aussiewisp wrote:

    Hi Lip, great to see your comments, some of which may help with my mission; based on athelings comments, I think I should downgrade from beta13 to beta12, this being due to being unable to do some of the suggestions by atheling and it also seems his patch is crucial to asterisk/voip and from his posts the patch may not yet be compatible with beta13. I also note that ppalias mentioned that the patch had some glitches which is why it wasn’t released with beta13.

    Does anyone know what that Asterisk patch is on the ZS downloads section?

    On a side question, my scenario I am building is 4 x adsl 8mbps & 1 x fibre 100 mbps fed into ZS, feeding Asterisk, feeding up to 300 internet and voip subscribers via Ubiquiti Wifi. Am I choosing the right software? ie ZS?

    I have not bothered to upgrade to beta13 since the changes were not ones I needed but the files my patch touches are unchanged between beta12 and beta13 so there should be no conflict.

    You VoIP setup is much more ambitious than mine. I’ve heard of large Asterisk deployments but wonder how stable they are. I’d be looking at a pure SIP proxy for that many users rather than a back-to-back user agent setup like Asterisk.

    Along the same line, even with my patches, ZS does have some issues with session to session persistence which might not make it suitable for a large scale deployment. (Not really ZS issue in that the problem I’ve noted is in the Linux routing so any Linux based router would be suspect in my mind. Perhaps there is some magic incantation to give the routing cache but my web searches have turned up negative.)

    So, while what you are trying to achieve might be possible, I think you will be breaking new ground.

    #51372

    AussieWISP
    Member

    Atheling your comments are appreciated; can you expand on what you mean by ‘session to session persistance’?

    I have 100% confidence in Asterisk as it is used by Australias 2nd largest ISP and apparently 16% of the global voip market. If I was to look at pure SIP proxy, where would you suggest i start looking?

    For WAN balancing I originally considered a TP-LINK 4 wan router but ZS seemed to give more control.

    BTW the comment ‘breaking new ground’ is too exciting to not pursue, would also learn a bucket load in the process. Prior to all this I knew nothing about linux programming, sometimes still feals like i do…

    #51373

    atheling
    Member

    @lip wrote:

    …snip…
    Questions:
    First, I’ve had horrible call quality for the last few days, and restarted the asterisk box several times which changed nothing. So I rebooted zeroshell and it’s all clear again. Any ideas why this could be? Anything in zeroshell I can check, or setup to monitor? I’d at least like to determine if it is a hardware, software, or configuration related.

    As the system is all voip (no pstn/pri), my primary concern is the voip provider sip trunk connection(5060,10000-20000). Does your setup cover this as well as the occasional remote phones?

    So should I erase the RTP rules, and make SIP only 5060 (or is it 1 port per remote phone or something)? Could these extra open ports cause a problem or just less secure?

    THANKS, IN ADVANCE, FOR ANY HELP, SERIOUSLY!

    If I can’t figure this out, I’m going to get a DLink WBR-2310 router (because they are supposed to work perfectly for SIP) and separate the voice LAN, then consider trying zeroshell on different (atom?) hardware in the future. I can’t find the link but it’s currently running on a small Lite-ON ‘Book PC’ VIA C3 533MHz 500ram 40hdd, but maybe that’s not enough, or there is an incompatibility.

    ** As an aside, I believe the moderators should start a VOIP/SIP section in the forum index, as it’s a growing indispensable component.

    During times of bad call quality, I’d check the load on your Asterisk box and your ZS box and check the log for anything out of the ordinary. I’d also check the ping timings to your VoIP provider(s) and to some other site that is like to be up with a good server.

    The times I’ve had bad call quality and I’ve been able to dig into it, it was due to ISP issues or, more recently, floods of log in (break in) attempts which have overloaded my Net5501 based Asterisk box. (ZS is on a different Net5501 box.) In my case I’ve had to add specific IP blocks against attackers in ZS to get my Asterisk box unloaded enough to handle normal traffic.

    Regarding your setup, it is very similar to mine. Except I don’t have the RTP ports forwarded and I only have 5060 forwarded for SIP. Nor do I have firewall rules specific to the SIP port. The SIP kernel module deals with all the RTP UDP ports as needed and since they aren’t normally open there is not need for specific firewall rules.

    On the Asterisk side, I have re-invite set to no but don’t tell Asterisk that it is behind a NAT firewall (again the ZS SIP kernel module handles that). I do have NAT set on the two roving devices that might from time to time connect from behind someone else’s NAT router.

    I have two VoIP providers and the setup that one uses (manual proxy setup) does not survive a ZS switch over from one of my WAN links to the other. I need to manually tell the Asterisk box to switch to a different proxy then switch back. I believe that to be an issue with the caching of proxy information in Asterisk. My other VoIP provider uses DNS NAPTR records and Asterisk will detect the registration issue with that and re-establish its connection after a WAN switch over. Of course any calls in progress are disrupted in both cases.

    Edit: “NAPTR” above should have been “SRV”. Was in a hurry before leaving for work and had “thinko” (kind of like a typo).

    #51374

    atheling
    Member

    @aussiewisp wrote:

    Atheling your comments are appreciated; can you expand on what you mean by ‘session to session persistance’?

    I have 100% confidence in Asterisk as it is used by Australias 2nd largest ISP and apparently 16% of the global voip market. If I was to look at pure SIP proxy, where would you suggest i start looking?

    For WAN balancing I originally considered a TP-LINK 4 wan router but ZS seemed to give more control.

    BTW the comment ‘breaking new ground’ is too exciting to not pursue, would also learn a bucket load in the process. Prior to all this I knew nothing about linux programming, sometimes still feals like i do…

    You want all traffic in a TCP session to use the same WAN link. My patch does that. However for things like a HTTPS session you also want subsequent TCP sessions to use the same WAN link otherwise the server you are going to will reject the traffic. That is what I meant by “session to session persistence”. However you don’t want that persistence to be forever either. Linux achieves this through a route cache. But the controls for aging things out of the route cache is, in my mind, arcane and very poorly documented.

    My experience with Asterisk has been with either an old, slow computer or with a net5505 (new slow computer). Since all traffic goes through that one computer it is the first thing to be overloaded. Especially if you are doing any transcoding of the voice. A SIP proxy only handles the SIP exchange (low data rates) and the RTP (voice) data takes a more direct path. So generally that type of system scales better. That said, if you have enough horsepower in your Asterisk server you can achieve a lot more. I haven’t done enough research to recommend a specific SIP proxy system.

    #51375

    atheling
    Member

    @lip wrote:

    Hey AussieWISP – I hope I didn’t add to the confusion, and atheling will be able to clear us up.

    I’m not sure of the patch status but I read the same thing, and am still on b12 (not the vitamin).

    Asterisk in the downloads section is to install (barebones) asterisk right on your zeroshell box.

    My next question is the same as yours. If successful next is to bond/balance/failover my 2 connections, and it seems rules are put into the section to control the behavior?
    If that’s successful I’ll then try MLPPP(as our ISP does, and must support it) with 4 or 5 connections bonded.

    If you can get MLPPP working that would handle failover and load balancing a lot better than multiple links with different end point IP addresses. Neither your Asterisk server nor your VoIP provider(s) would need to be fooled about changing IP addresses on failover.

    However I don’t have experience in that area so will be unable to assist.

    #51376

    AussieWISP
    Member

    Ok, with all that being said, I am keen to go to my wits end to see what ZS and Asterisk can do, to do that I need to install your patch, I have not been able to as yet. I have access to the bash cli on ZS and your patch code, I created the database/custom but wasn’t sure how to make a file with your code in it, I though putty might help but wasn’t able to log into ZS, no option for username p/w etc. I guessed its probably easy but I’ve been on Windows OS for too long. I even saw a GNU3 video but to no avail. Also I saw a link that someone created a ZS version with your patch built in but the links were expired.

Viewing 15 posts - 1 through 15 (of 25 total)

You must be logged in to reply to this topic.