Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Jun 2021
    Posts
    13

    Question Bypass Rules | FUp to a Post from Skynight in 2017

    I have a client with some issues with VoIP phones... in looking at some older posts, I found this post from Skynight:

    +++
    For this reason I always recommend you make two bypass rules.

    The first rule, is simple, destination address: IP of VoIP Server, looks like 198.38.7.36 in your case.
    The second rule, is almost the same, source address: IP of VoIP Server.
    +++

    My question is in a Bypass Rule, can you use an IP Address format such as this (Destination Address = 198.38.7.0/24) to bypass all the IP Addresses from 198.38.7.1 thru 198.37.7.254?

    Thank you in advance!

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,559

    Default

    Yes you can, but why bypass a range?

    You should only have a singular IP address for the VoIP server itself, bypass everything to and from that singular address. It's far cleaner and easier to work with than bypassing an entire IP range of phones.

    Though if you have a dedicated VLAN made out of phones and you don't want Unangle touching it ever, bypassing the entire CIDR /24 is quite reasonable. And yes, to do so you do exactly what you described, destination address = 192.38.7.0/24 will bypass everything bound for a device with an IP address of 192.38.7.*.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Jun 2021
    Posts
    13

    Default

    Thank you sir... trying to troubleshoot some VoIP issues and thought this might be a good starting place... will hopefully not leave it that way.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,559

    Default

    Why? Do you want one way audio issues and jitter? Because this is how you get one way audio problems had jitter!

    Untangle bypasses SIP on UDP 5060 by default. The reason why I suggest the additional bypass rules is to handle two things:

    1.) SIP isn't always on 5060, and you need to make sure it's bypassed.
    2.) RTP isn't SIP, and since it's connecting from a random high port, to a random high port you cannot do a proper service bypass.

    RTP is the problem child here, as that's what moves your audio around. So you really do need to have the bypass rules in place permanently. If you do not do so, you will have intermittent call quality problems based on all sorts of potential load issues impacting the Untangle server.

    In short, if you don't bypass VoIP, you summon ghosts to your network, and I hate ghosts they make my hair fall out. Given how quickly my hairline is receding, I'd rather not accelerate things.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2