Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IP Phone doesn 't register over VPN Tunnel

    Scheduled Pinned Locked Moved
    WireGuard
    2
    3
    138
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zockerherz
      last edited by

      Hello,

      so, after several days of searching for a solution, I turn to you.
      Maybe I'm missing something, but I can't get any further.

      We have rented an office, and I want to access my FRITZ! Box 7590 at home. However, the phone does not register via UDP. If I switch the phone to TCP, it registers and I can call out of it. But my conversation partner doesn't hear me. Also, the phone does not ring for incoming calls.

      The Site 2 Site Network consists of three pfSense instances.
      One pfSense at home and one in the office and one on an external VPS from Hetzner.
      Since I can't get a public IPv4 thanks to DS-Lite, this way has to be.

      The pfSense on the VPS provides the Wireguard server and the two pfSenses connect to the server as clients. Static routes are set up on all three instances and work just fine.
      I have access to the various VLANs at home from the office, and to the VLANs from home in the office.

      The FRITZ! Box is configured as a pure IP client, for telephone. At home, another IP phone is also connected to the FRITZ! Box and making calls has been working for 3 years without any problems.
      In the FRITZ! Box, both phones are set up with a username and password, and the check mark is set for "accessible via Internet".

      So far I have an Allow any to any rule for the Wireguard tunnel on every WG interface.
      The right firewall rules come when everything is working and set up.
      The IP phone is a Yealink MP58. At home, a SIP-T54W is at work. I had already installed the MP58 at home on the FRITZ! Box in operation.

      In the pfSense at home, all the necessary port releases and NAT settings have already been set, and have been working for 3 years. The firewall logs on all 3 pfSense instances are inconspicuous. Ping works, access to the web interfaces too.

      The packet recording for the VOIP Net shows that the connection from the IP phone to the FRITZ! Box and vice versa.

      Since the data traffic from the IP phone to the FRITZ! Box runs completely over the tunnel, and it establishes the call from home, I assume that I don't actually need port releases or an outgoing NAT on the pfSense in the office. Especially since the any-to-any rule was supposed to let everything through.

      As a test, I had still created port shares and outgoing NAT rules.
      On the WAN and the Wireguard interface.
      I have also created a rule in each of the respective VOIP Nets: FRITZ! Box to IP_Phone and IP-Phone to FRITZ! Box.
      Nothing works.

      The strange thing:
      It had already worked once. Then I had accidentally removed the tick at "Allow from the Internet" at home. Although the check mark is set again, and the device in the FRITZ! Box, the Yealink no longer registers via UDP.

      It registers via TCP, but has the problem described at the beginning that it does not ring for incoming calls. And when I make outgoing calls, I don't hear my counterpart. The packet recording shows that it is sent via TCP and UDP. I have also already reset the states on all three pfSenses, just in case.
      Since the routing works, I strongly suspect that it must be something with the firewall.
      As if the UDP connection is blocked. But then I should see this in the logs, which is not the case.

      Currently, the pfSense runs in the office with a ZTE LTE stick. the IP of pfSense has been entered as DMZ.

      Does anyone have an idea?
      The solution is probably simple, but I'm really at my wit's end.

      Thank you very much and have a nice weekend.

      Best Wishes Maximilian

      Z 1 Reply Last reply Reply Quote 0
      • Z
        Zockerherz @Zockerherz
        last edited by Zockerherz

        UPDATE:
        Finaly I got it working.

        After a lot of testing and trying, everything is now running.
        I had to install the siproxd package in the office, but now calls can be answered and made.

        I suspect that the FRITZ! Box had a hiccup. Because it now runs without any special rules in the pfSense. So as initially set up a
        AVM really drives me crazy.

        The topic can be closed.

        E 1 Reply Last reply Reply Quote 1
        • E
          eagle61 @Zockerherz
          last edited by eagle61

          @Zockerherz

          Good to know you got it working. I dismissed my FritzBox since it did not work with my ISP (o2) behind a pfsense at all. Since in the Box is a predefined configuration for o2 i need to make a user defined one for make it working behind pf sense. But all my tries to make the user defined configuration working sucks. always if i enter the o2 sip server, the box destroy my own config and switch back to the predefined config.

          Therefor i do use a Gigaset go box 100 and Gigaset DECT-Phones now. Much less trouble to config.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.