Hello,
I have done the same process for a lot of customers (same setup) but we usually just disable sip. This time I deleted all the conntrack modules; figured I didn’t need them.
Software SIP ALG is detected: Screen Shot 2022-10-20 at 10.23.17 AM
Version:
Release train: equuleus
Build commit ID: 7ce86511888635
Architecture: x86_64
It’s a custom build (docker image, no customizations, so our version number shows as 2022.09)
Config (relevant section):
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
}
}
ntp {
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}
Reboot proof:
vyos@vyos:~$ show system uptime
14:30:20 up 11 min, 1 user, load average: 0.00, 0.00, 0.00
Example of conntrack table still after reboot:
show conntrack table ipv4
TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED,
FW - FIN WAIT, CW - CLOSE WAIT, LA - LAST ACK,
TW - TIME WAIT, CL - CLOSE, LI - LISTEN
CONN ID Source Destination Protocol TIMEOUT
4110764646 10.0.0.99:64761 1.1.1.1:8080 tcp [6] ES 431995
When adding back 1 conntrack:
set system conntrack modules tftp
Config:
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
tftp
}
}
console {
device ttyS0 {
speed 115200
}
}
[ … ]
rebooted and now I receive: Screen Shot 2022-10-20 at 10.46.28 AM