Thanks for taking the time to open this post. I don't post very often, and I usually keep trying and testing until I get something working, but I think I might have hit a wall ( or a bug in the routerOS SIP helper perhaps ).
One of our customers has a simple network with two connections :
A) ADSL2 connection with static IP 58.xxx.xxx.126
B) Fixed Business Wireless connection with static IP 202.xxx.xxx.214
Both connections work. They both have public IP addresses.
If we set the default gateway ( 0.0.0.0/0 ) to use A), then everything works ( including VoIP )
If we set the default gateway ( 0.0.0.0/0 ) to use B), then everything works ( including VoIP )
The customer would like to use the A) connection for their VoIP traffic, and their B) connection for VPN traffic and other internet traffic. So , we setup a mangle rule that will routing mark traffic to the VoIP (SIP) server :
Code: Select all
/ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; DO NOT DISABLE : Mark route for VoIP packets over ADSL
chain=prerouting action=mark-routing new-routing-mark=adsl passthrough=yes protocol=udp src-address=10.1.1.250
1 chain=prerouting action=mark-routing new-routing-mark=adsl passthrough=yes protocol=udp src-address=202.xxx.xxx.0/27
Their Asterisk VoIP server has IP 10.1.1.250 and their SIP provider has IP 202.xxx.xxx.10. ( I have removed the particular IP addresses of this customer )
By setting these mangle rules, the VoIP traffic is correctly being marked ( when making a call, I see the numbers go up ).
So that's step 1 done, works well. So Step 2 would be to route traffic with the "adsl" routing-mark over the other gateway. ( I have removed some useless information like active VPN connections )
Code: Select all
/ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 X S 202.xxx.xxx.0/27 58.xxx.xxx.126 pppoe-out1 1
1 A S 120.xxx.xxx.167/32 202.xxx.xxx.213 1
2 A S 0.0.0.0/0 202.xxx.xxx.213 2
3 ADC 10.1.1.0/24 10.1.1.1 bridge 0
7 ADC 198.xxx.xxx.26/32 58.xxx.xxx.126 pppoe-out1 0
8 ADC 202.xxx.xxx.212/30 202.xxx.xxx.214 ether3-wireless 0
202.xxx.xxx.0/27 is the VoIP provider's SIP server IP range.
202.xxx.xxx.213 is their wireless connection.
0.0.0.0/0 is the default route which is configured with a distance of 2 in the hopes that the distance 1 ( rule 0 ) would override this. I have tested with different distances. As you can see, rule 0 is DISABLED at this moment, because if I enable it, VoIP doesn't work. This is a live environment so I can only "test" during the weekends or late at night when noone is on the phone ).
So, when I configure it like this, and I enable rule 0, I can successfully ping from the Asterisk VoIP machine ( 10.1.1.250 ) to the VoIP provider's SIP server and it uses the separate ADSL route. So everything seems to be working correctly.
But, the SIP server won't connect (timeout). In the packet dump logs, I see that the router is trying to connect to the VoIP provider SIP server from IP address 202.xxx.xxx.214 ( their wireless provider ). Did I forget something ? Perhaps the Routing Lookup table in /ip route rule ? ... Any advice is very welcome.
I'm running RouterOS 4.6 on a RB450G platform, I have gone through the firmware release notes and see nothing related to SIP , so I see no reason to upgrade unless someone here advises to upgrade.
Cheers!