We have two Vyos routers running VyOS 1.4.0-rc3 one connected to VDSL bridged modem and one router connected to a 4G router. When PPPoE connection gets lost it fails over to the other router without any interuptions. When the PPPoE line restores it fails back only SIP phones not able te register to the hosted provider. When i do reset conntrack it instantly restores all phones.
I have no fancy conntrack settings and is all default.
How to make sure my phones are able to register after failover. Can i force something like flush connection when pppoe is back up or whats the best approach here?
Yeah ive seen some documentation about it but would be nice to have an example of basic config for this feature. Currently have no conntrack configured.
Applied the givin config but it made it even worse⊠Now not only SIP is affected but also ping.
Applied config on both routers:
Blockquote
set service conntrack-sync accept-protocol âtcpâ
set service conntrack-sync accept-protocol âudpâ
set service conntrack-sync accept-protocol âicmpâ
set service conntrack-sync failover-mechanism vrrp sync-group âCONNTRACK-SYNCGROUPâ
set service conntrack-sync interface eth0.50
set service conntrack-sync mcast-group â225.0.0.50â
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set high-availability vrrp sync-group CONNTRACK-SYNCGROUP member âDATA-VRRPâ
set high-availability vrrp sync-group CONNTRACK-SYNCGROUP member âDMZ-VRRPâ
set high-availability vrrp sync-group CONNTRACK-SYNCGROUP member âGUEST-VRRPâ
set high-availability vrrp sync-group CONNTRACK-SYNCGROUP member âIOT-VRRPâ
set high-availability vrrp sync-group CONNTRACK-SYNCGROUP member âMNG-VRRPâ
set high-availability vrrp sync-group CONNTRACK-SYNCGROUP member âSERVER-VRRPâ
set high-availability vrrp sync-group CONNTRACK-SYNCGROUP member âVOICE-VRRPâ
set high-availability vrrp sync-group CONNTRACK-SYNCGROUP member âVPN-VRRPâ
Blockquote
I should be quite straightforward. Can your provide a drawing with some info like IPâs? Post some relevant Firewall rules if being used. Is there any other infra involved which might do firewalling?
On a side note, I always used SIP without the helper since the helper always gave me headaches.
as long as the phone keeps sending udp5060 packets, the conntrack entry will live onâŠforever.
On fail-over/failback , flush the table:
set load-balancing wan flush-connections
Iam not using wan loadbalancing feature. I use kernel route failover on the PPPoE Router/Firewall and DHCP default gateway on the 4G Firewall / Router. Then routes are shared between the firewall using OSPF. All the SVIâs are on the Firewalls thus no SVIs are configured on the switches.
Firewall 1
kneqt@CE01:~$ show ip route 8.8.8.8
Routing entry for 0.0.0.0/0
Known via âkernelâ, distance 0, metric 1, best
Last update 1d20h47m ago
185.102.44.0, via pppoe0
Routing entry for 0.0.0.0/0
Known via âstaticâ, distance 90, metric 0, tag 210
Last update 5d01h42m ago
directly connected, pppoe0, weight 1
Firewall 2
kneqt@CE02:~$ show ip route 8.8.8.8
Routing entry for 0.0.0.0/0
Known via âospfâ, distance 110, metric 1, best
Last update 1d20h47m ago
10.1.10.2, via eth0.50, weight 1
Routing entry for 0.0.0.0/0
Known via âstaticâ, distance 210, metric 0, tag 210
Last update 01w3d22h ago
192.168.1.1, via eth0.10, weight 1
Yes sir, that is correct. Unfortunate am not able to put the SIM in the VyOS Firewall. I use external 4G router. This router is only used when primary link fails. When it fails it uses 4G without any interuptions. When failing back to primary we need to register the SIP phones by rebooting them for instance. To solve this we can also reset conntrack on Firewall 1