Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Ad SIP Inspection for RTP pinholes #4477

Closed
sjjh opened this issue Nov 21, 2020 · 1 comment
Closed

Feature: Ad SIP Inspection for RTP pinholes #4477

sjjh opened this issue Nov 21, 2020 · 1 comment
Labels
help wanted Contributor missing / timeout

Comments

@sjjh
Copy link

sjjh commented Nov 21, 2020

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

[x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md

[x] I have searched the existing issues and I'm convinced that mine is new.

Is your feature request related to a problem? Please describe.
We're using an internal PBX for SIP based VoIP. Phoning in general works fine. But there's a problem if we configure a call forwarding to an external (e.g. mobile) number. If a caller from outside calls in and gets forwarded to an external number, no audio is transfered for the first 15 seconds of the call. The SIP invite package contains the dynamic UDP ports for the RTP stream (often in the range between 10,000 and 20,000), but OPNsense doesn't inspect them and thus the needed ports stay closed until after 15 seconds a keep alive package gets send which opens the needed ports.

Describe the solution you'd like
I'd like to have a config option (e.g. check box) to enable the feature SIP inspection. If enabled OPNsense shall inspect the SIP invite packages and open the mentioned ports for the duration of the call (so called RTP pinholes).

Describe alternatives you've considered
The only work around currently available seems to be to statically open the ports (e.g. 10,000 ports in the range between port 10,000 and port 20,000). A limit to the IP of the PBX and SIPtrunk provider is possible.

Additional context
The feature seems to be common in other firewall solutions, e.g. https://www.fortinetguru.com/2020/02/voip-solutions-sip-pinholes/ or https://help.fortinet.com/fos50hlp/52/index.html#page/FortiOS%205.2%20Help/SIP.190.045.html
Relevant forum thread: https://forum.opnsense.org/index.php?topic=20126.0
@OPNsense-bot
Copy link

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue,
just let us know, so we can reopen the issue and assign an owner to it.

@OPNsense-bot OPNsense-bot added the help wanted Contributor missing / timeout label May 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Contributor missing / timeout
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sjjh @OPNsense-bot