No audio on VOIP calls after calls transferring

ts1101

Hi,

Apologies for the slow response. I can't see any mismatch between IPs and port numbers.

We can see RTP traffic coming from the PBX, we just can't see any RTP traffic going to the phone system from the customer's network once the call is transferred.

stephenw10

It's arriving on the WAN but not leaving on the LAN?

And state exists for it?

Is the incoming traffic using the same ports as the outgoing?
It seems likely that it isn't if the reply traffic doesn't pass.

You might need to set static source ports somewhere.

Steve

Warrenranklin

This post is deleted!

wintok

I know this is an old post but I hope we can still get replies from people who had the same issues and managed to solve this.

I have the same problem. Recently I deployed my freepbx instance on Vultr cloud. I'm still experimenting with this awesome opensource pbx. I created two extenstions and registered a softphone and a hand-set phone for this setup. Behind my pfsense firewall I can only ring each other but no audio between them. Took these phone to a different network with no pfsense. I could make calls and the audio was loud and clear. Perfect.

I have not been able to solve this.

MAW

@wintok Sorry to anyone if I am stating the bleeding obvious, but.........

Reading through this thread takes my thinking to the way a stateful firewall works relative to problem.

a) LAN side of pfSense has multiple PBX client VoIP nodes.
b) The PBX is located in the cloud on the WAN side of pfSense.

I expect you can do everything without issue when just one LAN side VoIP node is involved for the duration of an external call, either inboud or outbound, correct?

VoIP traffic should always be maintained for the original traffic flow between the PBX and the same LAN VoIP node to succeed. The LAN VoIP node should be able to successfully transfer a call with the PBX, but because the cloud based PBX will, I expect, now intiate a new connection to a different VoIP Client LAN node, pfSense will likley see this as unsolicitied traffic and ignore the traffic as it arrives on the WAN interface.

To test if this is the problem, maybe make some very specific inbound Cloud PBX source FQDN/IP and port traffic forwarding rule/s, to allow inbound traffic from just that specific cloud PBX to the relevant LAN VoIP addresses. This should then allow call traffic to be successfully initiated in either direction. In this instance to transfer the call successfully and completely to a new LAN side VoIP node. The effect being that PfSense would no longer treat the call transfer traffic at the WAN as unsolicitied.

Of course this is if I am reading your problem correctly.

Cheers

MAW

@maw Correction to my previous post.

"maybe make some very specific inbound Cloud PBX source FQDN/IP and port traffic forwarding rule/s"

Should have read....

maybe make some very specific inbound Cloud PBX source FQDN/IP and destination port traffic forwarding rule/s

Patch

@maw said in No audio on VOIP calls after calls transferring:

Should have read....

Editing your post is easier to read, the option in behind the three dots

MAW

@patch Thanks Patch, noted.

wintok

@maw Reading your suggested solution it seems I need to do port forwarding in pfsense firewall ? which basically means port foward to FreePBX running locally in my LAN ? FreePBX is hosted in the Cloud (Vultr cloud).

wintok

@stephenw10 it will be great if you show how to do with pfsense, maybe some screen shot.

thanks

MAW

@wintok "it seems I need to do port forwarding in pfsense firewall" - Correct

" which basically means port foward to FreePBX running locally in my LAN ?" - No
"FreePBX is hosted in the Cloud (Vultr cloud)" - Yes
I am confused why you are referring to two instances of FreePBX. Are there actually two instances involved, one local and one remote? Is this like a multi branch VoIP phone system?

If FeePBX was ONLY local, hanging off your LAN, you wouldn't be having the problem, I am sure.

But if this issue only involves a single remote instance of FreePBX then..........
You will need the following for your port forwarding rule/s on the WAN interface.
a) The FQDN or IP address of the remote FreePBX system (as the source in the rule).
b) The destination/target (LAN) port or ports you needs to include in the port forward.
c) The LAN IP addresses on the LAN you require the remote FreeBPX to reach.

Since you likely have multiple IP's and ports involved, I suggest you make use of aliases in pfSense to simplify the port forwarding rule construction.

Hope that helps.

To be clear, I am assuming you need your remote FreePBX instance to be able to reach your IP phones/end points on you LAN, when ever IT needs to for any reason. No tailored port forwarding rule/s on the WAN interface then this will not be able to happen.

MAW

@wintok As another thing for you to keep as an avenue of investigation.

It may be that your phone's cyclic registration period with FreePBX is too long. What can happen is that pfSense drops the inactive state/s associated with the phones and the remote PBX. So then it is possible the PBX cannot access the phone/s that have been inactive for a while. Dropped states due to too long a VoIP registration frequency is not uncommon.

You can troubleshoot this potential cause in two ways.
1/ Reduce the handset/phones registration period to a small frequency, around 30 seconds. This can often be anywhere between 1 to 10 minutes by default.

2/ On pfSense go to System --> Advanced --> Firewall NAT and temprarily set "Firewall Optimization Options" to "Conservative.

Item "2/" will cause pfSense to hold onto existing states for a longer period. No need to ultimately leave pfSense in "conservative mode if this resolves your issue. Just experiment with your VoIP phones registration frequency.

This alludes to some of what stephenw10 has mentioned regarding states.

PS: Sometimes you can also configure IP phones to ping an end point as a "keep alive" tool. If you have this facility available on your phones, then set it up to periodically ping the FreePBX IP address (every 20 to 30 seconds). That is another way to keep the relevant pfSense states active.

wintok

@maw I've configured port forward and I tested it to make calls but still no audio, not sure if this is the correct port-forwarding. To be honest I have not seen this type of port-forward. I've still alot to learn ..

Appreciate your help

MAW

@wintok Hmm, not sure that looks right.

There is usually two parts to a port forward in pfSense

Please read here on how to add a Port Forward in pfSense.
https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html

Scroll down to the section "Adding Port Forwards"

In pfSense you add a port forward in Firewall --> NAT --> Port Forward
Once you add the port forward definition and save it, a firewall rule on the relevant interface will be auotmatically implemented using the port forward definition you just created.

So when you are finished,you should have......
a) A port forward definition under Firewall --> NAT --> Port Forward.
b) A Firewall rule on the WAN interface that employs the port forward definition you created.

Do you currently have that?

MAW

@wintok Just checking, if when you set up the FreePBX instance on Vultr Cloud, did you leave the "Firewall Group" set to "No Firewall" as recommended during the installation from the ISO Library?

Just in case you missed that and so there is traffic blocked at the Vultr Cloud instance. I have no idea, never used the service, but I just had a look at their Web site. I also read an article about setting up FreePBX on Vultr Cloud and noticed that point was made regarding the firewall.

MAW

@wintok I have another important throubleshooting option to your problem!
On your phones, in their configuration options, do you have a facility to set the phone to NAT mode?
This will set the phone to indicate to the remote PBX that your WAN IP address is the extensions IP address. If you don't do this, the phone will indicate it's IP address is it's LAN address to the PBX and that isn't going to work.

MAW

@wintok Also note the following FreePBX/Asterisk requirement when a lack of audio is experienced per your set up.............

For a VoIP system comprising of remote off site hosted FreePBX server instance and local IP phones behind a NAT firewall

FreePBX server's sip.conf file important settings.
nat=force_rport,comedia
directmedia=no

Also in rtp.conf file you will see the RTP ports range. By default the settings should be...
rtpstart=10000
rtpend =20000
But you can set the range to whatever you like.
So make sure traffic within the set range can pass end to end within the overall VoIP system. For example, if you have lock down your pfSense appliance's outbound traffic rules with limited and specific traffic rules, add an outbound traffic rule from your phones to your remote FreePBX, for the required rtp port range. Also check if your phones need to be configured to use the FreePBX server's rtp port range. Usually if an IPPBX is able to auto-provision your phones, it will auto configure things like this on your phones. If there is no auto provisioning of your phones, then just check that the rtp port ranges match across server and phones configuration.

Hopefully you now have several things to try help you to resolve your problem. I thought I would provide a few things to inc=vestigate to limit the back and forth which can be more time consuming.

Cheers

wintok

@maw said in No audio on VOIP calls after calls transferring:

This is what it looks like

a) A port forward definition under Firewall --> NAT --> Port Forward

and another rule that get auto created based on the above under WAN interface

wintok

@maw I leave to No Firewall during my installation

Thanks

wintok

@maw

I use handset phone Matrix Sparsh VP110
There is a NAT with only two values : Disable or STUN.

For Softphone I use MicroSIP there are some there I might need to change.

Thanks