Thursday, January 1, 2009

OpenSBC on Vyatta Firewall How-To published

After toiling for many hours I was finally able to get OpenSBC running properly on Vyatta. This solution builds a firewall that allows for Inbound SIP calling, Outbound SIP calling and far-end NAT traversal for remote users.

The paper is published HERE and HERE2

Many thanks to Joegen, Eric and Raymond over on the OpenSBC site for their help and patience with me in getting this going.


Anonymous said...

How did it compare with the FreeSwitch build? and are you using near NAT traversal as well?

Michael Picher said...

The FreeSwitch build process was a little better documented as I was able to tag off of somebody else's work with FreeSwitch on Debian Etch.

I'm a bit conflicted with FreeSwitch/Vyatta. I think FreeSwitch on the edge of the network is interesting. But I also think it's a little more than needed at the edge. I certainly wouldn't want a production PBX sitting as the first level of contact with the Internet. But then again on the flip side, if used simply as a gateway (at that location), FreeSwitch has some great connectivity potential.

In the end, OpenSBC was simpler to get going and got me to what I really needed, which is a NAT traversal solution for sipXecs.

For me, if FreeSwitch could pull together a GUI rather than dealing with countless text files I'll be attracted to it. Otherwise it will probably remain being an interesting toy for those who love text files or a good building block for other projects.

I got OpenSBC working for near-end and far-end NAT traversal with sipX.


Dave Roberts said...

Michael, Very cool. I just posted a link to this on my blog, here:

It'll get syndicated on the site as well.

-- Dave
VP of Strategy at Vyatta

Michael Picher said...

Thanks Dave... working on getting SIP Trunking working with this configuration as well...

Anonymous said...

Hi Michael,

Apparently, the new release of Vyatta 5 has broken a lot of these packages. I tried to figure out which ones were required, but I couldn't sort it out. Can you post an update when you get a chance?


Johnny D.

Michael Picher said...

Hey Johnny, just got 5.0.2 on last weekend. The upgrade didn't work for me (i suspect some of the OpenSBC stuff got in the way).

I've got another project with a deadline tomorrow and another deadline the week after so it will be a little bit before I can get back to this.

Thanks for reading.

willgathernomoss said...

Yeah, apparently all the app dependencies are broken that are needed for this in 5.02. I am getting warnings all over the place, with nothing else installed but Vyatta. I'm getting nowhere resolving them either. If I come up with something, I will post a comment. Got any pull with the Vyatta folks Mike? This sure would be a great solution if we could get it working on 5.02, as this is the version that has support for Xen Tools for the Citrix Xen Server.

Michael Picher said...

Hi Will,

Sorry, this is on the back burner for me. I'm pulling about 50 hrs a week at work plus writing a book and now Autocross season has started (plus all of my around the house stuff :-).


gapi said...

I am dealing with these problems to. If OSBC will work on Vyatta release 5 that would be great. I had problems with packages and a lots of error ocured when I tryed to install on Vyatta ver.5!
I am trying now to install Vyatta ver. 4.1.4, then install packages that Michael describe in document for OSBC install and than do full-upgrade on ver. 5.0.2! After that we continue to get OpenSBC and OpenSipstack from CVS and compile both.


Duane said...

I was able to successfully install OpenSBC on the Vyatta 5.0.2 server. You have to change the repositories that apt-get uses. The default Vyatta apt-get repositories are whats messing you up.

Do the following and see if it helps you

From the actual Vyatta router command line we want to add the Debian repositories

set system package repository lenny components "main contrib non-free"
set system package repository lenny distribution lenny
set system package repository lenny url
set system package repository lenny/updates components main
set system package repository lenny/updates distribution lenny/updates
set system package repository lenny/updates url

You need to remove the following repository in order to get some of the packages installed
repository community {
components main
distribution stable

So do
delete system package repository community

Thanks for the post and research Michael Picher

Michael Picher said...

Thanks Duane!

willgathernomoss said...

I was able to do it without deleting the Vyatta repositories using aptitude. So, add the debian repository as shown in Michael's guide, then use
"aptitude install [package name]"

In my case, it was:
"aptitude install build-essential"

I followed the suggestions that it popped up and it worked like a charm, resolved all the gcc and cpp dependencies. From there I was able to install all the other packages using apt-get.

When I get a change I will post my build, which I think is pretty successfully of this. I didnt use the "kitchen sink" approach (as much), so I have a more concise package list but I still need to narrow it down a little more.

Thanks again Michael for your hard work on this- I can't thank you enough. Not only did you turn me on to OpenSBC (you did that for quite a few people), but you gave me an excellent case for giving Vyatta a real go. I've been using OpenSBC in production on CentOS 5.3 for about a month and I'm thrilled with it. I have it on Vyatta 5.0.2 now, virtualized on XenServer 5.0.3, and will be putting into production soon!

Michael Picher said...

Thanks for the update Will.

If you can post the consolidated package list I'll see about updating that document for all to use.