VoIP coming to pfSense

December 11th, 2008 by Holger Bauer

Some of you might have noticed already that there is a new package listed in your pfSense’s package manager: FreeSWITCH. Mark Crane is working hard to bring you VoIP-PBX-features to pfSense. More information on FreeSWITCH can be found here.

Check out this screenshot for a sneak peak:

The package is not yet completely done but feel free to check it out. Feedback is appreciated, however if you want to discuss a bug that you have found or a special configuration please take this to the forum or mailinglist.

34 Responses to “VoIP coming to pfSense”

  1. Kevin Bowling Says:

    Very nice! Is there any plan for Zaptel or other hardware support? I’ve been using Asokzia PBX but eliminating an always on machine would be nice at home.

    Perhaps also a TFTP server for phone firmware? Also would be useful for PXELinux or other firmwares :).

  2. picasso Says:

    I 2nd that tftp is a must for most setups.

  3. Bern Says:

    I must admit I feel that there is some diversification going on here. I always thought that pfSense was meant to be a security device, not an application server.

    Calls for the integration of FTP/NAS/Samba have been rejected on this basis in the past.

  4. mrguitar Says:

    WooHoo!!!!! This project only gets better.

    …..I was kind-of hoping for Asterisk instead of FreeSwitch. Any reason not to go w/ the industry standard? (more or less) :)

    The interface looks great; I’m going to go learn more about Free Switch now!
    Cheers!

  5. Chris Buechler Says:

    Bern: It can be whatever you want it to be. This is a package, it’s not installed by default. We won’t ever add something of this nature to the base system, but nothing is ruled out of Packages.

  6. Mark J Crane Says:

    Kevin Bowling:
    “Zaptel or other hardware support?” I have it working on another FreeBSD 7 system in preparation for this.

    picasso:
    I will consider making a tftp package.

    mrguitar: “…..I was kind-of hoping for Asterisk instead of FreeSwitch. Any reason not to go w/ the industry standard?”

    Here is just a few of the reasons I chose FreeSWITCH.

    FreeSWITCH is mult-threaded. Asterisk is single threaded. Therefore a single machine can scale much better with FreeSWITCH.

    Audio quality on FreeSWITCH is clearer and it supports 8khz, 16khz, and 32khz audio. On my Linksys SPA942 with Asterisk I could hear some static I thought it was the phones fault. When I switched to FreeSWITCH the audio during calls on that phone were clean. So it wasn’t the phones fault after all other than the phone wasn’t good enough to clean up the audio better in the first place.

    FreeSWITCH is MPL which more closely aligns with FreeBSD and pfSense licensing than Asterisk does with the GPL license.

    There is already a FreeBSD appliance called Askozia that runs Asterisk.

  7. Chris Buechler Says:

    Nice work, Mark!

  8. warmbowski Says:

    Nice Mark!

    Also, the conference bridge doesn’t need hardware to work properly (as does Asterisk). Wideband conferences are awesome. You can’t do that with Asterisk 1.4, and noone suggests using 1.6 in a production environment.

    I think that FreeSwitch would be a great replacement to siproxd as I am sure you can configure it as a sip proxy to help secure any asterisk pbx’s on your LAN. It has a great configuration method for setting up a more restrictive policy for users that are connecting from outside of the firewall (sip profiles).

    You made the right choice of softswitch. Freeswitch is going to blow away Asterisk in the next year or two.

  9. VoipMan Says:

    Mark,

    I’ve already talked to you in chat rooms but i want to let you know that I already have some interest in your package and cant wait to implement it. So far, its worked well in my lab.

    -Voipman

  10. phil Says:

    greta exactly what i was looking for !! askoziapbx is simple and great with a great “standardized” interface but voicemail only by email attachement is a little bit short. i Hope common voicemail availability with Freeswitch would be there.
    Amazing guys !!
    Your the best !!

  11. Mark J Crane Says:

    phil: To access your voicemail you can dial extension 4000 then your id (extension number) then the voicemail password. This can be accessed from any extension on the system or from any phone through the IVR (auto attendant).

    In addition to that if your extension is 1001 and you were currently on that extension you simply call extension 1001 and it will go to your voicemail.

    Voicemail to email is coming soon.

    Chris Buechler, VoipMan, and warmbowski thanks for the encouragement and excitement with the project!

  12. Chris Says:

    And info on setup for extension with freeswitch in 1.2.1 pfs?
    Having trouble not getting sip phone to register to inside or outside address.

  13. Mark J Crane Says:

    By default FreeSWITCH will bind to the WAN IP address. If your phone is on the LAN then just point your phone to the WAN IP. If the phone is on the outside of the WAN then you will need to setup a rule to allow the SIP and RTP traffic.

    If you want to make FreeSWITCH bind to a different IP or a domain name you need to set it from the ‘var’ tab and set the ‘domain’. After changing the domain restart FreeSWITCH. If you add or remove an extension go to the Status tab and click on ‘Reload XML’.

    Additional info.
    http://forum.pfsense.org/index.php/topic,11930.0.html
    http://wiki.freeswitch.org

  14. techieg Says:

    While adding FreeSwitch (or any PBX solution for that matter) to a security/firewall/router solution does not make sense to many, I will request that rules for VoIP protocols be added to the firewall so that from a drop down one can simply select any VoIP protocol and point it to the destination IP.

    I think it will be a better idea to robustly develop FreeSwitch as another offering “from the same guys who brought us PFSense” as its own end product rather than squeezing it into PFSense. You will garner a whole gang of followers in another vast area and then compete with other Open Source PBX guys out there. Needless to say, the current implementation of FreeSwitch ontop of PFSense will not get as much fanfare as if they are two independent, robust, and well organized solutions.

  15. Mark J Crane Says:

    techieg: I understand that in many cases a dedicated pbx appliance is desirable and it can be done now with pfSense. However a completely dedicated install for an appliance specifically as a PBX is planned and will arrive in the near future. Also in the plan is to make the GUI able to run from your choice of Operating Systems.

    For those that want power savings you can run it as a package on your firewall. For those who already have a firewall and don’t want to run it on the firewall you can setup pfSense as a dedicated appliance now with either pfSense 1.2.1 or pfSense 2.0 (with a single network card in appliance mode).

  16. Al Says:

    Holy $h!t guys. This is a GREEEEEAAAAATTTTT addition… I had never dreamed of telephony in my pfsense boxes. But that’s just AWESOME. I can’t wait to fire some of this stuff up in my lab.

  17. techieg Says:

    Mark, Some PBX products out there incorporate routing/firewall features but they are usually for small networks. Anything beyond a small network is dedicated router/firewall as well as a dedicated telephony solution to prevent system resource encroachment in order to safeguard call quality. So if even you intend have PFSense with PBX features it may be better to label it a PBX solution with router/firewall for small networks (rather than PFSense with PBX). This can however help you cover SMBs, while standalone PFSense by itself (without PBX) along with the planned PBX you mentioned can then be the dedicated security and telephony solution for larger networks.

    I hope I make sense.

    By the way, have you thought of integrating ClamAV onto PFSense as a gateway anti-virus similar to what Sonicwall, Linksys, and others are doing? Just food for thought….do the dishes too. ;^D

  18. Tim Says:

    @warmbowski

    I had the exact same thoughts. I’d like to see the configuration allow for easy setup of SIP proxying to an internal SIP server such as Asterisk and have external peers simply register to FreeSWITCH to get around those pesky NAT issues. Thoughts?

  19. Chris Buechler Says:

    Implementing an entire PBX just to work around NAT issues is overkill since siproxd will handle all that with much less trouble. There are some scenarios where this might make more sense but for reasons of NAT only probably isn’t one.

  20. Holger Bauer Says:

    Actually there are valid reasons to have a configuration like Tim requests. Think of a configuration where you have Clients sitting at LAN or behind VPNs but also want to be able to add some Clients that are coming from WAN. As the rtp packets (audio) are not proxied over the server but will be sent directly from one client to the other you’ll most likely have the issues of unidirectional audio, no audio at all or even calls not being established. to have a freeswitch sitting at the edge of your local network that kind of proxies these clients that are connecting directly to your WAN IP could solve this problem. I have that exact problem with my sip server at home sitting inside my LAN where I want to use my nokia n82 as wlan sip client without using a vpn. My Iphone using FRING is another testcandidate for this. I’ll try to find some time soon to check out this configuration. I had a conversation with Mark in the devchannel some days ago and he thinks that such a config should be possible. I agree that having a wizard for some default scenarios would be pretty neat though ;-)

  21. Chris Buechler Says:

    I found this to be a good read for those interested in the difference between Asterisk and FreeSWITCH.
    http://www.freeswitch.org/node/117

  22. Graves On SOHO VoIP » pfSense + Freeswitch Says:

    [...] to the pfSense blog there’s been an effort to implement Freeswitch as an installable package to pfSense. This is [...]

  23. Scott Ullrich Says:

    For folks wondering *WHY* a package like this is in the making for pfSense… Folks need to understand that pfSense is rapidly morphing into a “appliance framework”. Look at pfDNS and then consider pfPBX. There are plans to release a stand-alone appliance based on FreeSWITCH + pfSense.

  24. Mark J Crane Says:

    I’ve built a TFTP pfSense package for pfSense 1.2.1 and higher. Still need to create the DHCP TFTP option I have some code to do that will likely carefully add it to the package.

  25. Mike Picher Says:

    I’m going to ditto Tim on the 19th.

    This will make an awesome Session Border Controller… Something desperately needed. I’ve been toying with Vyatta / Freeswitch and Vyatta / OpenSBC. No matter what I do there, this no GUI.

    You’re ahead of the curve here Mark. I’ll install on my firewall and test with my SIP server behind and see how far I can get with the SBC config.

    Mike

  26. Bill Marquette Says:

    @Mike Picher: The SBC route is exactly why I was interested and encouraged Mark to make the FreeSWITCH package. I’m hoping that FreeSWITCH will eventually incorporate more security features (probably as part of mod_limit) that make use as a SBC more valuable. In the meantime, I’m just happy to not have to allow external parties the ability to talk directly to my PBX and my internal extensions. I’m hoping to have time this weekend after I wrap up our conversion to GIT to work on an SBC config and a corresponding tutorial on how to set this package up as one (with a pfPBX install on the inside).

    –Bill

  27. Mike Picher Says:

    I started working on it but those config text files for FreeSwitch make my head hurt. One of the reasons I’m a sipXecs guy and not an Asterisk guy.

    I’m leaning more towards OpenSBC at this point as it lets me mangle the SIP header information easier. I don’t particularly want an entire PBX running on my firewall… I just want it to pass voice traffic, deal with SIP & NAT, be able to make tweaks to SIP header information and prioritize voice traffic.

    Mike

  28. phil Says:

    mike, i suggest to define a “virtual” interface (as for IPSEC VPN interface) and to attach the logical freeswitch interface to its. Then, we will be bale to define firewall rules to enforce Freeswitch security policy on its interface.

    do not hesitate to provide your feeling on its mike and all

    Phil

  29. jigpe Says:

    Mark J. Crane is the Man! :) Congrats Mark! :)

    -jigpe

  30. i.kayyali Says:

    Hi all,
    its been a great 2008, I started learning about SIP,VOIP,asterisk and now comes FreeSwitch and pfSence.
    its all great, but how is it possible for someone like me to someone like you guys?
    I always read comments on different websites and wonder when am I going to be this well informed.
    Frankly I dont know where to start.
    I realy like to learn about pfSence and freeswitch but there is many thing i feel that I am missing.

    any advice geeks?

    please help
    thank you

  31. zenny Says:

    This would revolutionize pfSense! Thanks Mark (J. Crane) for your effort. :-)

  32. Kronosei Says:

    Mark Crane is now officially added to the list of people who make my life livable :-) pf is a true lifesaver; thanx to all the pf guys&gals that create solutions that allow an admin to have a life outside of an on-call pager!

  33. jon Says:

    That is a nice addition to the firewall. This makes a perfect appliance to stick on the edge of the network. Handles blocking all your traffic and will make voip calls too.

  34. Jeff Says:

    FreeSWITCH and Asterisk are both great. I’ve implemented both in addition to sipXecs. By the way, sipXecs maybe free but the community is definitely not like the “free” community; you will eventually find Mike above, and his company are not like the free and helpful community of pfSense, FreeSWITHC, or Asterisk. Stick to FreeSWITCH and Asterisk. If you want an SBC look at OpenSIPS – not a pfSense appliance.

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply