SIP Show peers

sababa

Joined
Jul 28, 2010
Messages
63
Likes
0
Points
0
#1
Hi Everyone,

Can someone please help me I have been going crazy with this problem for a month.

I have a network that has a 50 by 5 cable connection going to a DD-WRT that is now split via VLANS to voice and data. The data goes to a Wireless access point and to a switch for a server and the voice goes to a PoE Switch. They are now completely separated but I am having lag issues. When someone calls in and the phone is answered the call continues to ring on other phones.
In SIP show peers I am getting latency of 50ms and up on my yealink phones and on a linksys pap2t I am getting around 15ms.

Has anyone run into this problem before?

I have replaced the switches, routers and ran new cables. I am not sure what else to try.

Any suggestions would be great.

Thanks
Gill

Below is my SIP show peers results

Name/username Host Dyn Nat ACL Port Status
1001/1001 10.0.100.11 D N A 5062 OK (53 ms)
1002/1002 10.0.100.12 D N A 5062 OK (55 ms)
1003/1003 10.0.100.13 D N A 5062 OK (52 ms)
1004/1004 10.0.100.14 D N A 5062 OK (60 ms)
1005/1005 10.0.100.15 D N A 5062 OK (52 ms)
1006/1006 10.0.100.16 D N A 5062 OK (58 ms)
1007/1007 10.0.100.17 D N A 5062 OK (55 ms)
1008/1008 10.0.100.18 D N A 5062 OK (50 ms)
1009/1009 10.0.100.19 D N A 5062 OK (57 ms)
1010/1010 10.0.100.20 D N A 5062 OK (52 ms)
1011/1011 10.0.100.21 D N A 5062 OK (52 ms)
1012/1012 10.0.100.22 D N A 5062 OK (83 ms)
1013/1013 10.0.100.23 D N A 5062 OK (51 ms)
1014/1014 10.0.100.24 D N A 5062 OK (52 ms)
1015/1015 10.0.100.25 D N A 5060 OK (15 ms)
1016/1016 10.0.100.25 D N A 5061 OK (16 ms)
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2
DD-WRT especially on underpowered hardware (linksys or whatever) is not a great solution for VOIP, especially if doing QOS et al. the 200MHz cpu just craps out. OPEN-WRT is marginally faster if supported on your hardware. Think of using the box itself as the firewall, it is probably powerful enough.
 

sababa

Joined
Jul 28, 2010
Messages
63
Likes
0
Points
0
#3
Thanks for the quick reply.
What hardware would you recommend to use instead?

Think OPEN-WRT would fix the issues on the current wrt54G? (I started off with a buffalo WHR-G300N but it doesn't support VLAN.

Thanks so much
Gill
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#4
Your asterisk box already natently supports routing, vlans, qos, firewalling and ids, why waste electricity? add a nic and go for broke ( a little RTFMing needed however)
 

sababa

Joined
Jul 28, 2010
Messages
63
Likes
0
Points
0
#5
Cool I'll look into it more
Thanks for the help.
Any chance you can point me to a starting point to learn how to do this?
Thanks again
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#6
yum install -y vconfig # for vlan function, then man vconfig for WTF next.


http://www.configserver.com/cp/csf.html # for an effective Firewall/IDS

Webmin for a "cheap and cheerful" Router config (and csf frontend)

google for any remaining problems
 

sababa

Joined
Jul 28, 2010
Messages
63
Likes
0
Points
0
#7
haha
awesome
thank you so much!
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#8
Also I notice you are a RoadRunner( presumably TimeWarner) customer, I have experienced them destructively messing with my RTP connections before I dumped them, (they of course denied it even with tcpdump proof) caveat emptor.
 

Lee Sharp

Joined
Sep 28, 2010
Messages
332
Likes
0
Points
0
#9
As a long time dev for m0n0wall and a former active dev for Untangle, I do not recommend just tacking a gateway on your PBX. If the PBX is on the net, you do have some hardening to look at, and it is significant.

But, I am paranoid. :)
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#10
I agree Lee but:-

Also as a long time user of Monowall and PFsense

.
.
www.configserver.com/cp/csf.html # for an effective Firewall/IDS
.
.

does indeed IMHO replace effectively the Firewalls in the above two offerings for something as simple as a two nic Asterisk box, at least for a WAN/LAN type scenario, and further adds a level of IDS that I have been unable to match in the freebsd addons that can be added to the aforementioned.

After all iptables is iptables no matter what platform you run it on, in this case it will run much better on a megaGHZ Linux box than a 200MHz cheap-ass linksys/buffalo/whatever add QOS and IPSec and you are now officially SOL on those boxen.

As with any firewall , start off with deny all, then add what is allowed, by port, IP space, protocol, connection status, direction etc. It really isn't rocket science, just a logical brick by brick removal from the firewall to allow the minimum transparency necessary.
 

Lee Sharp

Joined
Sep 28, 2010
Messages
332
Likes
0
Points
0
#11
dicko said:
After all iptables is iptables no matter what platform you run it on, in this case it will run much better on a megaGHZ Linux box than a 200MHz cheap-ass linksys/buffalo/whatever add QOS and IPSec and you are now officially SOL on those boxen.
We can agree that those WRT54G systems will not cut it anymore. Get a real system and you will notice a real difference. I use old Dell GX110 SFF systems with p3 128 meg of ram, and it is night and day.

But I still say separating application and security is a good thing. Not always needed, but never bad.

PS: pfsense does not use iptables... ;)
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#12
The good thing about modern linuces is that all that ip stuff is now kernel based, it's a gozzinta/gozzouta thing, fast as you want and way before the application layer. sysctl.conf and iptables are your friend, pf, less so.

Personally I'm a greenie and see no reason to waste electricity on two boxes that are basically as vulnerable as each other. What protection you put on a freebsd box are simply equally valid on the downline linux box. A simple fanless atom box with two nics will happily sit under your utility closet and service several dozen or more hosts and Asdterisk with all the protections of your own efforts.

I hope we can agree to disagree.


regards

dicko
 

Lee Sharp

Joined
Sep 28, 2010
Messages
332
Likes
0
Points
0
#13
dicko said:
The good thing about modern linuces is that all that ip stuff is now kernel based, it's a gozzinta/gozzouta thing, fast as you want and way before the application layer. sysctl.conf and iptables are your friend, pf, less so.

Personally I'm a greenie and see no reason to waste electricity on two boxes that are basically as vulnerable as each other. What protection you put on a freebsd box are simply equally valid on the downline linux box. A simple fanless atom box with two nics will happily sit under your utility closet and service several dozen or more hosts and Asdterisk with all the protections of your own efforts.

I hope we can agree to disagree.
We surprisingly disagree very little when you come down to it. :) (like when I came around to your side on the latvian codes with no tool chain)

I am not un-green. I use old Dells for firewalls because they are cheap, already tested long term, last forever, and would otherwise go to a landfill. And you are correct that 2 boxes will use more power than one. But you can scope the boxes down enough to make it minimal. My firewall at home runs on an old Geode box off e-bay... There is also the advantage of having to crack two different platforms. A Linux kernel vuln will hit elastix, but not m0n0wall.

But that said, it is a sliding scale, not an absolute. A good ipchains ruleset is not a bad way to go at all. But to lock it down tighter, have a VPN, have easy traffic shaping, and a captive portal for the wireless... No way I want all that on my phone server. Too many things to go wrong and take it all down. Then again, my mothers house does not need all that. :)

Lastly, I have found that a good discussion teaches more than a one sided instruction. I really enjoy having someone who can do this professionally and not take things personal. (Or invoke Goodwin) :) And you have a lot of nice links to old and very valid info. I love it! Funny how often that same old wheel needs reinventing, ain't it?
 

sababa

Joined
Jul 28, 2010
Messages
63
Likes
0
Points
0
#14
What do you guys think of ClearOS?
They seem to have more documentation and may be easier to implement.
I want to make it as easy as possible for my techs.

Thanks so much guys.
 

Lee Sharp

Joined
Sep 28, 2010
Messages
332
Likes
0
Points
0
#15
Clear OS is a MS SBS replacement. It has a lot of gateway functionality, and a web server and so on... Untangle is strictly a filtering gateway. Untangle is quite good with the fully open product, and they have paid components that add functionality if needed. (Like Kaperski AV as opposed to Clam)

So what do you need?

A solid firewall? (m0n0wall or Elastix as a router)
A loaded firewall with VPN and QOS? (m0n0wall)
A filtering gateway? (Untangle or CearOS)
A filtering gateway with webserver and more? (ClearOS)

http://hardforum.com/showthread.php?t=1496543
 

sababa

Joined
Jul 28, 2010
Messages
63
Likes
0
Points
0
#16
Hi Lee,

I am looking for a firewall with qos basically dd-wrt has all the functionality I need but given what dicko has said I need a more powerful platform to run it on.

What would you recommend?

Thanks for the help
gill
 

Lee Sharp

Joined
Sep 28, 2010
Messages
332
Likes
0
Points
0
#17
I really like m0n0wall. I am a dev, so I am biased... :) But it runs well on small hardware from an old PC, to a new Atom mini. You can also set the hard drive to sleep, and it runs from ram, so it will only spin up on boot. It also has some of the most granular QOS of any product out there. That does make it a tad complex, however. :) Best yet, you can have elastix on a routed segment with no NAT! All the protection and none of the hassle. It does, however, require a block of IPs.
 

sababa

Joined
Jul 28, 2010
Messages
63
Likes
0
Points
0
#18
can I use dyndns and port forwards with m0n0wall?
How hard would it be to set up? The nice part about dd-wrt is I can just restore a backup and change the WAN settings and I am set.
Any similar features with m0n0wall?

I do really really simple stuff. The most complex is the QoS and separating the voice and data netowkrs with VLANs.
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#19
There is both a DDNS client and a system state backup built into monowall.
 

ramoncio

Joined
May 12, 2010
Messages
1,663
Likes
0
Points
0
#20
This ClearOS looks very nice indeed!

And unlike untangle, m0n0wall, Zentyal (former eBox) or some other well known firewall distros, it is CentOS based, so I think it might be quite doable to integrate it with Elastix.
I have had a look at the demo and it looks very nice, I'm downloading the iso right now.

I wish they used Zarafa as email gateway!
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,887
Members
17,565
Latest member
omarmenichetti
Top