Reply To: Asterisk goes offline when connected to ZS

Forums Network Management ZeroShell Asterisk goes offline when connected to ZS Reply To: Asterisk goes offline when connected to ZS


@lip wrote:

First, I’ve had horrible call quality for the last few days, and restarted the asterisk box several times which changed nothing. So I rebooted zeroshell and it’s all clear again. Any ideas why this could be? Anything in zeroshell I can check, or setup to monitor? I’d at least like to determine if it is a hardware, software, or configuration related.

As the system is all voip (no pstn/pri), my primary concern is the voip provider sip trunk connection(5060,10000-20000). Does your setup cover this as well as the occasional remote phones?

So should I erase the RTP rules, and make SIP only 5060 (or is it 1 port per remote phone or something)? Could these extra open ports cause a problem or just less secure?


If I can’t figure this out, I’m going to get a DLink WBR-2310 router (because they are supposed to work perfectly for SIP) and separate the voice LAN, then consider trying zeroshell on different (atom?) hardware in the future. I can’t find the link but it’s currently running on a small Lite-ON ‘Book PC’ VIA C3 533MHz 500ram 40hdd, but maybe that’s not enough, or there is an incompatibility.

** As an aside, I believe the moderators should start a VOIP/SIP section in the forum index, as it’s a growing indispensable component.

During times of bad call quality, I’d check the load on your Asterisk box and your ZS box and check the log for anything out of the ordinary. I’d also check the ping timings to your VoIP provider(s) and to some other site that is like to be up with a good server.

The times I’ve had bad call quality and I’ve been able to dig into it, it was due to ISP issues or, more recently, floods of log in (break in) attempts which have overloaded my Net5501 based Asterisk box. (ZS is on a different Net5501 box.) In my case I’ve had to add specific IP blocks against attackers in ZS to get my Asterisk box unloaded enough to handle normal traffic.

Regarding your setup, it is very similar to mine. Except I don’t have the RTP ports forwarded and I only have 5060 forwarded for SIP. Nor do I have firewall rules specific to the SIP port. The SIP kernel module deals with all the RTP UDP ports as needed and since they aren’t normally open there is not need for specific firewall rules.

On the Asterisk side, I have re-invite set to no but don’t tell Asterisk that it is behind a NAT firewall (again the ZS SIP kernel module handles that). I do have NAT set on the two roving devices that might from time to time connect from behind someone else’s NAT router.

I have two VoIP providers and the setup that one uses (manual proxy setup) does not survive a ZS switch over from one of my WAN links to the other. I need to manually tell the Asterisk box to switch to a different proxy then switch back. I believe that to be an issue with the caching of proxy information in Asterisk. My other VoIP provider uses DNS NAPTR records and Asterisk will detect the registration issue with that and re-establish its connection after a WAN switch over. Of course any calls in progress are disrupted in both cases.

Edit: “NAPTR” above should have been “SRV”. Was in a hurry before leaving for work and had “thinko” (kind of like a typo).