Hi all. I have what appears to be an interesting one...
I'm provisioning Digium IP phones to a remote Switchvox appliance, i.e., the Switchvox appliance and IP phones are on separate Layer 2 domains. The connection between both sites is an l3vpn where routing is crossing pfSense firewalls at each site. Each pfSense has a dedicated connection between itself and a local router connecting into the l3vpn, so there is no NAT or firewall filters on that pfSense interface, or the router port it's connecting to. Remote provisioning of the IP phones involves booting the phone, looking at it fail to contact a local Switchvox appliance, and then manually entering the IP address of remote Switchvox appliance. The phone SHOULD then connect to the Switchvox appliance over IP and provision itself. That is where the problem begins. It appears udp/5060 packets leaving the phone hit the local pfSense (verified in the state tables), but you never see corresponding state in the other pfSense device. Using Telnet and Netcat to connect to tcp/5060 and udp/5060 from my laptop works fine, and state for that appears in each pfSense. However, when I reconnect the IP phone and try to get it to provision (it uses udp/5060 and udp/5062 for this), again, no state in the remote pfSense, but there is state in the local device. It's unclear whether this is a specific issue do the IP phone, or to Digium and pfSense, since my laptop is able to create state in both pfSense boxes, ruling out a routing issue. Anyone else come across this? Thanks. Cheers, Mark.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
