Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgrade CE 2.6 to CE 2.7 breaks VOIP

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 4 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SteveITS Galactic Empire @brianjmc1
      last edited by

      @brianjmc1 What PBX? We have several clients for which we host 3CX servers and have no issues, on various recent Plus versions. Though, the standard with 3CX is to use an SBC for phones to connect out to a hosted server.

      Did you find https://docs.netgate.com/pfsense/en/latest/recipes/nat-voip-phones.html ?

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      B 1 Reply Last reply Reply Quote 0
      • B
        brianjmc1 @SteveITS
        last edited by

        @SteveITS
        Freepbx in the cloud. Again, I can confirm, ce2.6 no problem, just did another clean install of ce2.7 and phones will not register. Then did cl an install of ce2.6 on same hardware and all is fine. So there has to be some difference between 2.6 and 2.7. I can ping pbx in cloud fine....

        Thanks,
        Brian

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          What states do you see opened when the phones try to register?

          B 1 Reply Last reply Reply Quote 0
          • stephenw10S stephenw10 moved this topic from Problems Installing or Upgrading pfSense Software on
          • B
            brianjmc1 @stephenw10
            last edited by

            @stephenw10
            what do you mean by "states"??

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Go to Diag > States and filter by the IP address of the phone.

              When the phone tries to connect out the traffic creates firewall states on the internal interface and firewall states with NAT on the WAN.
              If something is not behaving as expected you may see it there. For example a missing state or incorrect NAT.

              1 Reply Last reply Reply Quote 0
              • planedropP
                planedrop
                last edited by

                Not using CE in prod but I can validate that I've never had VOIP issues at all during any of the more recent updates, I would definitely check the states etc.... to see what's going on.

                Additionally, if you run 2.6 and register a phone, and then swap to 2.7 does the phone still work or does it un-register so to speak?

                1 Reply Last reply Reply Quote 0
                • B
                  brianjmc1
                  last edited by brianjmc1

                  Re: Upgrade CE 2.6 to CE 2.7 breaks VOIP

                  Sorry, for not replying back, between work travel and sick kids been a rough 4 weeks...

                  Went to friends Office and swapped out router(same settings except current v2.6, new v2.7) outgoing calling does not work, busy signal. Swap LAN\WAN cables without rebooting modem, routers or phones, calling works fine(also rebooted everything with same outcome, v2.6 works fine, v2.7 no outgoing)

                  Office has static IP. Took v2.7 back to my Office, changed static IP(to one of mine) and gateway(and whitelisted my static IP), outgoing works fine...

                  aghhhhhhhhh

                  will do more testing and check states next time im in friends Office...

                  planedropP 1 Reply Last reply Reply Quote 2
                  • planedropP
                    planedrop @brianjmc1
                    last edited by

                    @brianjmc1 Yeah if it's working on 2.7 back at your office, then sounds like it's maybe not a pfSense specific issue, definitely odd though....

                    B 1 Reply Last reply Reply Quote 0
                    • B
                      brianjmc1 @planedrop
                      last edited by

                      OK, i am actually onsite and found whats breaking VOIP traffic. I have three IPSEC VPN's setup. If I boot 2.7 router with them disabled, calls work fine. The minute i enable on ANY IPSEC VPN, calls fail outgoing.

                      any idea? Same setup with 2.6 and VPN's on, call still work fine....
                      so its something different with 2.7

                      Thanks for any help!

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        The VoIP doesn't actually go over the VPNs? Or shouldn't presumably but maybe some of it does?

                        What do you have set in System > Advanced > Firewall in the VPN Processing section. Some of that applies on to the subnets defined in the IPSec config when it's enabled. Specifically MSS clamping.

                        B 1 Reply Last reply Reply Quote 0
                        • B
                          brianjmc1 @stephenw10
                          last edited by

                          @stephenw10 nothing, again, exact same setup on two routers 2.6 and 2.7. 2.6 with IPSEC VPN's enabled, no problem...
                          2.7, no IPSEC enabled, no problem, minute i enable on any IPSEC VPN, no outbound calls. also, only way i can get phones to work after that is reboot, so turning off ipsec vpn on 2.7 still wont let calls out. Only a reboot will work...

                          B 1 Reply Last reply Reply Quote 0
                          • B
                            brianjmc1 @brianjmc1
                            last edited by

                            @brianjmc1 So 2.6 setup, with VPN's enabled works
                            2.7 with VPN's disabled works, minute they are turned on, outgoing calls fail. Only way to get working again on 2.7 is reboot...

                            B 1 Reply Last reply Reply Quote 0
                            • B
                              brianjmc1 @brianjmc1
                              last edited by

                              OK, back in my office. I have 5 Static IP's to play with.

                              reconfigured 2.7 router to VPN to my main Static IP. As long as the IPSEC VPN is off - outgoing calls work. The minute i enable the IPSEC vPN - outgoing fails....

                              Again, and I know I am repeating my self, same setup does work on 2.6

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                And none of the IPSec P2 policies conflict with the VoIP traffic?

                                B 1 Reply Last reply Reply Quote 0
                                • B
                                  brianjmc1 @stephenw10
                                  last edited by

                                  @stephenw10 negative. I copied the EXACT same settings from 2.6 to 2.7....

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Ok so reviewing the thread are phone still failing to register when using 2.7 with IPSec enabled? Or is it just that calls fail?

                                    Either way look at the SIP traffic from a phone. Check the states and/or run packet captures. Where does it appear? Where doesn't it appear? Is it somehow going over the VPN?

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.