@black3dynamite said in FreePBX / Random loss of audio ...:

When I was trying out FreePBX, I was using linphone and it worked a lot better.
https://www.linphone.org/

So I was going to switch to linphone. After installing I had same problem with it that I had yesterday with Zoiper, no audio. Checked codecs and all seems ok so doesn't appear to be the same issue.

Checked a SIP message trace from the Asterisk CLI and noticed the following :

From Linphone message trace, in one of the SIP messages I see:

Peer audio RTP is at port xxx.xxx.xxx.150:7078

This is the WAN IP (x'd out) of my router.

When I compare that to one I had taken when I was using the Zoiper client (that had no audio issues) I see the corresponding :

Peer audio RTP is at port 192.168.2.57:8000

This is the LAN IP of the machine the zoiper client was installed on.

I'm thinking that for the linphone client somehow the RTP stream is being sent to the router instead of back to the machine the client is on thus no audio. Is that a correct interpretation of what I'm seeing here?

I don't see anything obvious that's different about the extension setups in FreePBX for each. The setting that I thought might control this on a per extension basis was NAT Mode but that is set to No for both types of clients.

I don't see anything in the Linphone setup that would make me think I can control that from the application. I had thought that if all my extensions resided on the same LAN subnet that I wouldn't need to worry about any of the RTP traffic going to the router like that but perhaps I'm mistaken.

---

@scottalanmiller said in FreePBX / Random loss of audio ...:

The codec you probably want on both is Opus. Since you paid for that in your Gold package on Zoiper.

I didn't pay for Zoiper. I downloaded the client from their site and when it starts it offers me to upgrade to Pro or something like that but I just choose the option that says continue with a free account. This is Zoiper5. I did just install it yesterday right before I started testing so perhaps they are letting me use that as a trial but will go away? Not sure, but I haven't paid for it for sure.

@scottalanmiller said in FreePBX / Random loss of audio ...:

@BraswellJay said in FreePBX / Random loss of audio ...:

It did seem to be the codec, in this particular instance at least. I changed Zoiper to only allow G.711a/u and that seemed to fix the issue. I'm going to do some more testing tomorrow and verify.

That's a first. What was it set to choose first before? And what is your server set to accept?

It is strange. This image shows my current codecs. The two left columns are from Zoiper and the rightmost from FreePBX. Yesterday when I was having the issue, all of the codecs from Zoiper were in the selected codec list. When I moved all but G.711 a/mu over to the available but not selected then all of my issues cleared up.

How does the SIP negotiation work for selecting codec? Is the client or the server the master when determining which one to use?

@scottalanmiller said in FreePBX / Random loss of audio ...:

Looks like your phones are on a private network separate from the PBX. That's normal, but that's the kind of starting point we need for diagnosis.

By far these issues tend to come from router / firewall issues. The most common of those is having SIP-ALG turned on (it's normally on my default.) SIP-ALG more or less seems to exist to create these kinds of headaches (to help vendors sell more services.)

If SIP-ALG is disabled, make sure your STUN settings are correct. That's common, too.

It did seem to be the codec, in this particular instance at least. I changed Zoiper to only allow G.711a/u and that seemed to fix the issue. I'm going to do some more testing tomorrow and verify.

The PBX and the phones are all on the same network, 192.168.2.0/24

They run through an unmanaged netgear switch that sits behind a Cisco ASA 5505. The Zoiper client was running on a laptop connected wirelessly to a Ubiquiti AC Pro which itself feeds into the netgear switch.

I didn't think the STUN server would play into this particular call test since it was extension to extension on the same network segment and never had to exit the WAN interface on the router.

@DustinB3403 said in FreePBX / Random loss of audio ...:

Audio issues tend to be due to codec issues.

Thanks, you were right it was codec issue which I hadn't even considered. I changed zoiper to exclude some of the one's it was saying were available and have had zero issues in about 15 test calls since then.

I'm setting up a FreePBX instance and doing some testing. Right now I have two extensions, one a SIP extension using Zoiper softphone and the other a virtual extension with voicemail enabled, just for something to test with.

I seem to be able to make a call from the softphone to the virtual extension with no problem in that it seems to connect each time but the audio to hear the voicemail greeting is not received most of the time.

I've broke out wireshark to see if I could determine anything. One thing I noticed is that when my Zoiper softphone first registers with the server it seems to receive a 401 Unauthorized from the server before successfully registering. Is it normal to receive receive 401 Unauthorized before a successful registration? .248 is the server and .139 is the softphone.

Source,Destination,Protocol,Length,Info
192.168.2.139,192.168.2.248,SIP,619,Request: REGISTER sip:192.168.2.248;transport=UDP  (1 binding) | 
192.168.2.248,192.168.2.139,SIP,604,Status: 401 Unauthorized | 
192.168.2.139,192.168.2.248,SIP,787,Request: REGISTER sip:192.168.2.248;transport=UDP  (1 binding) | 
192.168.2.248,192.168.2.139,SIP,683,Request: OPTIONS sip:[email protected]:56778;rinstance=b05461348c8fdb80;transport=UDP | 
192.168.2.248,192.168.2.139,SIP,661,Status: 200 OK  (1 binding) | 
192.168.2.139,192.168.2.248,SIP,712,Status: 200 OK | 
192.168.2.139,192.168.2.248,SIP,784,Request: REGISTER sip:192.168.2.248;transport=UDP  (remove 1 binding) | 
192.168.2.248,192.168.2.139,SIP,616,Status: 401 Unauthorized | 
192.168.2.139,192.168.2.248,SIP,784,Request: REGISTER sip:192.168.2.248;transport=UDP  (remove 1 binding) | 
192.168.2.248,192.168.2.139,SIP,567,Status: 200 OK  (0 bindings) | 
192.168.2.139,192.168.2.248,SIP,619,Request: REGISTER sip:192.168.2.248;transport=UDP  (1 binding) | 
192.168.2.248,192.168.2.139,SIP,604,Status: 401 Unauthorized | 
192.168.2.139,192.168.2.248,SIP,787,Request: REGISTER sip:192.168.2.248;transport=UDP  (1 binding) | 
192.168.2.248,192.168.2.139,SIP,683,Request: OPTIONS sip:[email protected]:56778;rinstance=3b911898cd7a2274;transport=UDP | 
192.168.2.248,192.168.2.139,SIP,661,Status: 200 OK  (1 binding) | 
192.168.2.139,192.168.2.248,SIP,712,Status: 200 OK | 
192.168.2.139,192.168.2.248,UDP,46,56778  >  5060 Len=4

I notice also that if I capture then the softphone is constantly sending RTP packets to the server but the server is not sending any RTP packets back to the softphone, which I presume is why I'm not hearing the audio of the voicemail greeting from the server.

@marcinozga said in Cloudflare 301/2 Redirects ...:

DNS doesn't do url redirects, that's the role for web server. Point both domains at you web host and do redirects there.

Thanks. I think I'm understanding a little better what Cloudflare does now and how it works which was causing me some confusion before.

I think I just need to turn on the orange cloud option for the relevant DNS entries. This way our site will run through the Cloudflare system and then the page rules will work to perform the redirect that I want.

I've set up a forwarding URL page rule and I'll test that out but I think will do what I want.

We have two domains that we own, one was our old original one and then when we went through a rebranding a couple of years ago we changed to a new one. The old domain is set up to redirect to the new.

I had intended to move the nameservers for both of these domains to Cloudflare but I'm unsure if the redirect from old to new will continue to work.

On Cloudflare it looks like to set up redirects you have to use what they call page rules. However according to this support page :

https://support.cloudflare.com/hc/en-us/articles/200172286-How-do-I-perform-URL-forwarding-or-redirects-with-Cloudflare-

The note at the bottom mentions that page rules are not active if you're only using DNS on Cloudflare which we are since the website itself is hosted on Squarespace.

Am I out of luck on trying to migrate our nameservers to Cloudflare? Can I use page rules on Cloudflare even if the website itself is hosted elsewhere?

Thanks

@scottalanmiller said in MS Audit???:

@BraswellJay said in MS Audit???:

Anyway, for us it was a bit of a time sink to go through, and like I said we were a little out of compliance but nothing significant. We made good through our normal way of getting licenses and it all ended after that.

How do you know? SAM audits are neither official nor accurate. That's actually how everyone figured out that they were a scam - they get the audits so completely wrong and often the auditing process isn't even aware of current MS licensing and products. It's generally really obvious that MS isn't even providing them with the most basic information, like a product list. It's just random people with no knowledge of MS licensing trying to figure out what they can convince you to buy.

I guess I don't really. It would have been more accurate to say that they quit contacting us regarding the issue.

In my case they actually did have information which was accurate. They provided me a spreadsheet that had correct license count information in it, in terms of the number of Windows and SQL server licenses and their respective user CALs. It matched exactly with our records of what we had purchased. I think that plus the fact that they had a microsoft.com email gave it legitimacy in my eyes. I'll know better next time if they try again.

You should always be auditing yourself to know if you are compliant. If you worry that you are not, you want to bring in a licensing expert to help (it's not expensive and very fast.) But a SAM audit is the worst thing to do, because they act like experts but lack knowledge, expertise, or any reason to be accurate because they don't report to you or to Microsoft and in a court case are protected because they are off shore and not affiliated with anyone, they are just scammers offering a free service - so there is no one for you to sue. You are the only one at risk in a SAM audit.

Good advice and something I have already adopted. Part of my scheduled yearly tasks now is to review our license posture, review any changes that have been made in the previous year and make sure we have stayed compliant.

@scottalanmiller said in MS Audit???:

The v- lets you know its a reseller that paid for access to you. Nothing with v- is a true audit.

Is that 100% true? If so I may have unnecessarily participated last Mar/Apr.

The contact I had had email of [email protected] so I thought was legit as did our MSP. We were out of compliance on a handful of user CALs and they let us purchase them through our regular supplier. They never asked us to purchase anything from them.

Our MSP said it was contractors working direct for Microsoft, mostly with call centers in New Zealand.

Anyway, for us it was a bit of a time sink to go through, and like I said we were a little out of compliance but nothing significant. We made good through our normal way of getting licenses and it all ended after that.

@scottalanmiller said in Edgerouter firewall question:

@BraswellJay said in Edgerouter firewall question:

I guess the core of my question is why would a ruleset that is assigned as direction local on the WAN interface get processed due to traffic from a LAN side client visiting a web page?

Well part of my point there is that we'd need to see the ruleset and see if it is designated as you are thinking. A prominent reason that it would do what you say, is because it doesn't something different than you think it does.

I see. Sorry, should have realized to do that.

 firewall {
     all-ping enable
     broadcast-ping disable
     group {
     }
     ipv6-receive-redirects disable
     ipv6-src-route disable
     ip-src-route disable
     log-martians enable
     name WAN_IN {
         default-action drop
         description "WAN to internal"
         rule 10 {
             action accept
             description "Allow established/related"
             state {
                 established enable
                 related enable
             }
         }
         rule 20 {
             action drop
             description "Drop invalid state"
             state {
                 invalid enable
             }
         }
     }
     name WAN_LOCAL {
         default-action drop
         description "WAN to router"
         enable-default-log
         rule 1 {
             action accept
             description "Allow established related"
             log disable
             protocol all
             state {
                 established enable
                 invalid disable
                 new disable
                 related enable
             }
         }
         rule 2 {
             action drop
             description "Drop Invalid"
             log disable
             protocol all
             state {
                 established disable
                 invalid enable
                 new disable
                 related disable
             }
         }
     }
     name eth1_LOCAL {
         default-action accept
         description "eth1_LOCAL (for admin)"
     }
     receive-redirects disable
     send-redirects enable
     source-validation disable
     syn-cookies enable
 }
 interfaces {
     ethernet eth0 {
         address dhcp
         description Internet
         duplex auto
         firewall {
             in {
                 name WAN_IN
             }
             local {
                 name WAN_LOCAL
             }
         }
         speed auto
     }
     ethernet eth1 {
         address 192.168.12.254/24
         description Local
         duplex auto
         firewall {
             local {
                 name eth1_LOCAL
             }
         }
         speed auto
     }
     ethernet eth2 {
         address 192.168.13.254/24
         description "Local 2"
         duplex auto
         speed auto
     }
     ethernet eth3 {
         duplex auto
         speed auto
     }
     loopback lo {
     }
 }
 service {
     dhcp-server {
         disabled false
         hostfile-update disable
         shared-network-name LAN1 {
             authoritative enable
             subnet 192.168.12.0/24 {
                 default-router 192.168.12.254
                 dns-server 192.168.12.254
                 lease 86400
                 start 192.168.12.100 {
                     stop 192.168.12.199
                 }
                 static-mapping ACProAP {
                     ip-address 192.168.12.240
                     mac-address xx:xx:xx:xx:xx:xx
                 }
                 static-mapping EdgeSwitch8 {
                     ip-address 192.168.12.253
                     mac-address xx:xx:xx:xx:xx:xx
                 }
             }
         }
         shared-network-name LAN2 {
             authoritative disable
             subnet 192.168.13.0/24 {
                 default-router 192.168.13.254
                 dns-server 192.168.13.254
                 lease 86400
                 start 192.168.13.100 {
                     stop 192.168.13.199
                 }
             }
         }
         static-arp disable
         use-dnsmasq disable
     }
     dns {
         forwarding {
             cache-size 150
             listen-on eth1
             listen-on eth2
         }
     }
     gui {
         http-port 80
         https-port 443
         older-ciphers enable
     }
     nat {
         rule 5010 {
             description "masquerade for WAN"
             outbound-interface eth0
             type masquerade
         }
     }

@scottalanmiller said in Edgerouter firewall question:

WAN_IN and WAN_LOCAL are just names. They can do anything. It's what the rules within them are that determine their behaviour.

Ok I do understand that.

I guess the core of my question is why would a ruleset that is assigned as direction local on the WAN interface get processed due to traffic from a LAN side client visiting a web page?

Wouldn't all the traffic be between the LAN interface and the WAN interface? None of it would be destined for the router nor any of it's services would it? In which case no ruleset defined as local would ever be processed? I wasn't expecting to see that but I concede my knowledge of networking is weak.

Thanks.

I bought an Edgerouter to play with at home and after setting up was seeing behavior in the firewall that I didn't expect and so I think I'm missing something fundamental about how the firewall rules work.

The device is configured with the WAN port on eth0 and LAN on eth1. I set up what I thought were the basic firewall rules to get started:

• WAN_IN : eth0 / in allow established/related; drop everything else

• WAN_LOCAL : eth0 / local allow established/related; drop everything else

With that configuration though while looking at the stats tab I noticed that I was getting hits on WAN_LOCAL for the allow established/related rule which I wasn't expecting to see. Each time a LAN device hit a webpage I would see the packet count for this rule increase. Why would a LAN device reaching for a web page cause the WAN_LOCAL ruleset to get hit? My understanding was that that traffic was simply pass thru traffic from one interface to another and thus wouldn't be processed by the local ruleset.

Is my understanding there correct? What would cause a LAN side client browsing the web to have this ruleset hit? Isn't the local ruleset only for handling incoming requests to services that reside on the router itself not for traffic destined for the LAN interface?

Thanks.

@Dashrender said in FreePBX FXO gateway recommendation ...:

Does qwest supply the equipment? is that why their end of lifing it matters?

I'm not sure where it originally came from. It was not leased so we purchased it at some point but that predates my time here and the no one seems to remember the exact history. We have had a support contract for as long as I've been here with CenturyLink where they would fix and program it for us and that is what is being ended.

Their stated reason was lack of parts in the marketplace and inability for them to get vendor support.

@scottalanmiller said in If you are new drop in say hello and introduce yourself please!:

Welcome @BraswellJay

Thanks! I have lurked here for a while and learned a great deal from the posters here so thanks to all who have contributed.

I'm assuming that they have to have the T1s already for Internet. So potentially no charge at all for them. Not that they are free, but they are needed in both cases.

That is correct. It is our internet access as well. We're running up against some bandwidth issues without the SIP already though so I'm hesitant to add to that.

Centurylink is slowly bringing fiber that way and they tell me by end of year I should be able to get it there. I had intended to switch to FreePBX/SIP at that time but this support cancellation means I need to act sooner than expected.

@JaredBusch Great. Thanks for the feedback. That's good to hear.

Re: 8 port FXO gateway needed

I have a site where I need an 8 port FXO gateway. I had been leaning toward the Grandstream gxw4108 but based on the linked thread above from a few years ago that seems maybe to be a low call quality device so I'm hesitant to try that now.

I see that Sangoma has an updated model, the Vega 60. Has anyone had any experience with this device with FreePBX? How was call quality?

This site currently has an old Nortel BCM but Centurylink just advised me that they are terminating our support agreement for that system at the end of April due to it's age.

This site is in a rural area and my only access is dual T1s so I don't think ditching the POTS lines and going SIP is an option.

Thanks!