SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004472: SIP Proxy Endian 2.5.1 - MantisBT
MantisBT - Endian Firewall
View Issue Details
0004472Endian FirewallUncategorizedpublic2012-10-22 23:432013-05-08 05:44
marioeirea 
luca-endian 
normalmajoralways
resolvedno change required 
2.5 
 
0004472: SIP Proxy Endian 2.5.1
Endian 2.5.1 rewrites sip packets exiting tap1 with the IP to main interface. It also makes the changes inside the SIP packet which makes me believe there is some sort of SIP proxy action. The problem is I cannot find a sip proxy installed and this was a fresh install of Endian 2.5.1 not an upgrade. Is there some daemon running in the back that does these rewrites? Please see attached wire shark sniff. I have removed public IP information. Please note this capture was taken issuing the command: "tcpdump -s 0 -i tap1 -w tap1.pcap" The correct flow show have the internal IP of the phone as the source and not the external IP of the Endian uplink interface. I believe this started happening when I enabled the web proxy in transparent mode with dansguardian but cannot be sure. When the server replies, it replies to the endian public IP address over the public internet.
No tags attached.
jpg tap1 capture.jpg (258,270) 2012-10-22 23:43
https://bugs.endian.com/file_download.php?file_id=997&type=bug
jpg
Issue History
2012-10-22 23:43marioeireaNew Issue
2012-10-22 23:43marioeireaFile Added: tap1 capture.jpg
2012-10-29 17:31luca-endianNote Added: 0008251
2012-10-29 17:35marioeireaNote Added: 0008252
2012-10-29 17:59luca-endianStatusnew => closed
2012-10-29 17:59luca-endianAssigned To => luca-endian
2012-10-29 17:59luca-endianResolutionopen => no change required
2012-10-29 18:43marioeireaNote Added: 0008254
2012-10-29 18:43marioeireaStatusclosed => feedback
2012-10-29 18:43marioeireaResolutionno change required => reopened
2012-10-29 18:43marioeireaNote Deleted: 0008252
2013-05-08 05:43marioeireaNote Added: 0008429
2013-05-08 05:43marioeireaStatusfeedback => new
2013-05-08 05:44marioeireaStatusnew => resolved
2013-05-08 05:44marioeireaResolutionreopened => no change required

Notes
(0008251)
luca-endian   
2012-10-29 17:31   
sip proxy has been removed long time ago now this stuff is handled by linux kernel with conntrack modules.
(0008254)
marioeirea   
2012-10-29 18:43   
Right. However, it should not be changing the connections leaving the tap1 interface. Especially not with Endian's red IP as the source address. If a sip device is supposed to connect over the VPN there should not be a rewrite.
(0008429)
marioeirea   
2013-05-08 05:43   
So this is what happens: When the EFW is restarted, the phones attempt to reconnect before the VPN is established. At this point, conntrack intercepts the connection, rewriting all packets leaving the TAP interface with the RED address. To fix the issue, one must flush the conntrack table issuing the command "conntrack -F conntrack". To prevent this from happening in the future, enable the outgoing firewall and block the destination IP the sip connections will connect to over the VPN. This way the connection is not intercepted with conntrack until the proper interface comes up.