When using SIP VoIP [Linphone] the firewall requires opening ports.
However, firewall deny trapping shows that fragmented ip-proto-17 datagrams are not handled and must be reassembled.
I suggest you consider modifying the default /etc/ipfw-profiles/open-out.rules to include
$cmd reass all from any to any in
As I'm not confident Trident Firewall IPv6 can handle reass you might use
$cmd reass ip4 from any to any in
In addition to the current Firewall Manager services pick list, for SIP you might consider adding the supplementary default Linphone ports too:
9078/udp Linphone Video
7078/udp Linphone Audio
To Reproduce
Install Linphone and log firewall deny events with ports open:
9078/udp
7078/udp
5061/udp sip-tld #SIP over TLS
5061/tcp sip-tld #SIP over TLS
5060/udp sip #Session Initilisation Protocol (VoIP)
5060/tcp sip #Session Initilisation Protocol (VoIP)
You should see fragmented datagrams of ip-proto-17, and use of the Linphone default ports.
Modify open-out.rules to include reass and the issue should clear.
More detail on installing Linphone SIP VoIP is on our community forum where I raised a report.
[https://discourse.trueos.org/t/sip-voip-settings/3772]
Expected behavior
Firewall would not block SIP if defined ports are open.
OS Version:
Fresh install of U8 to blank disc.
FreeBSD trident-4783 13.0-CURRENT FreeBSD 13.0-CURRENT GENERIC-NODEBUG amd64
Thanks,
Steve
When using SIP VoIP [Linphone] the firewall requires opening ports. However, firewall deny trapping shows that fragmented ip-proto-17 datagrams are not handled and must be reassembled.
To Reproduce Install Linphone and log firewall deny events with ports open: 9078/udp 7078/udp 5061/udp sip-tld #SIP over TLS 5061/tcp sip-tld #SIP over TLS 5060/udp sip #Session Initilisation Protocol (VoIP) 5060/tcp sip #Session Initilisation Protocol (VoIP) You should see fragmented datagrams of ip-proto-17, and use of the Linphone default ports. Modify open-out.rules to include reass and the issue should clear. More detail on installing Linphone SIP VoIP is on our community forum where I raised a report. [https://discourse.trueos.org/t/sip-voip-settings/3772]
Expected behavior Firewall would not block SIP if defined ports are open.
OS Version: Fresh install of U8 to blank disc. FreeBSD trident-4783 13.0-CURRENT FreeBSD 13.0-CURRENT GENERIC-NODEBUG amd64 Thanks, Steve