VOIP Issues
-
I have a feeling your issue is related to NAT. You said you changed it to static NAT and phones broke? Are you sure you configured static Nat properly? You can't simply just enable it, you also have a clone and edit a rule to allow static NAT traffic to be used properly. (you can define just the VOIP subnet for the static NAT only if you want, you don't have to do it globally).
I have a feeling your right, the only documentation I could find on enabling static ports was to go to the outbound NAT switch to Manual (which I was already on) go to the rule for the VLAN, which in my case is the entire 192.168.150.0 network, scroll down and check the box that said "Static port" leaving the port field empty.
After doing that, none of the phones (except maybe the first one to grab the desired port) were able to communicate with the external VOIP server.Please correct me if this is not the correct way, but the documentation isn't very clear.
And actually after re-reading https://doc.pfsense.org/index.php/Static_Port it makes it sound like it is for one IP address, do I need to create a rule for each of my ip addresses in use by the phones?
-
Yeah I agree, its not very detailed. Had same issues myself when I first went through it. However, it sounds like you did it properly.
Did you make sure to filter and kill existing connections under states?
Did you try to reboot other phones and/or the switch after the change? It could be possible some packets from the previous state where in the mix? Reboots should clear them out etc..
On the phone that actually did connect. Were you able to do any testing on it while it was up?
-
Yeah I agree, its not very detailed. Had same issues myself when I first went through it. However, it sounds like you did it properly.
Did you make sure to filter and kill existing connections under states?
Did you try to reboot other phones and/or the switch after the change? It could be possible some packets from the previous state where in the mix? Reboots should clear them out etc..
On the phone that actually did connect. Were you able to do any testing on it while it was up?
I will test again tomorrow morning, it is business hours right now and I don't want to bring down the entire phone system, they would not be happy. :P
-
Ha yeah not a good idea. Good luck!
-
https://forum.pfsense.org/index.php?topic=133600.msg735013#msg735013
Maybe some of this will help.
Your not on a cable connection for internet are you? Any modem with a Puma 6 chipset can wreak havoc on a VOIP system..
-
I tried to enable the static ports again and here is what happened. While the phones seem to communicate to the hosted server, some wouldn't even register, the ones that did appear to be registered could not make or receive calls.
https://forum.pfsense.org/index.php?topic=133600.msg735013#msg735013
Maybe some of this will help.
Your not on a cable connection for internet are you? Any modem with a Puma 6 chipset can wreak havoc on a VOIP system..Unfortunately these don't appear to be relevant, these are mostly for users trying to get one Voip device working behind the firewall. I have about 20 phones.
Although I will check the documentation on the ports used and see if adding firewall rules to allow those ports from their Voip servers to our local voip network resolves any issues. -
I wonder if it has to do with the packet rules once it changed over to static.
Could you put a phone on a static IP as well then make a rule to allow all inbound and outbound traffic to that phone, then reboot the phone and see if it can register?
-
I do have a customer with multiple Cisco SIP phones behind his firewall (another brand) and he has to specify a different SIP port for each phone. 5060-5090.. (inbound) though all phones go out to port 5078 on their SIP server..
I have to go back and look but I believe this is a shortcoming of NAT in this case… Might be a clue for you.
In my case here Ive always used SIProxd for multiple phones so no real experience myself there trying without it.
Reason I ask about the type of connection is that when we were using a PUMA 6 equipped cable modem we had similar issues with audio and DTMF due to the modem dropping UDP packets.
-
Could it simply be a DTMF issue?
http://community.polycom.com/t5/VoIP/FAQ-Phone-unable-to-send-DTMF-to-an-IVR-system-or-how-to/td-p/4237
"If you are unable to send DTMF Signals to a IVR or Voice Mail System you may need to change the method or the payload type.
Please liaise with your SIP Platform Support in order to gather this Information.
Changing from SIP Inbound (RFC2833) to SIP INFO (RFC2976) must be done with a Configuration File loaded from a Provisioning Server."
-
This post is deleted!