VoIP SIP telephone, static-route.

soft0

@intenso:

OK, I got it working.. dunno how but it works!  ;D
I have static routes enabled, odd beacuse I had the same config yeasterday but it wouldnt work.

BTW, tnx for a great firewall!

Hey!
Could i see what your static route looks like?

micke

how do i setup staticroute for my voip-phone (tele2) ? ,i have NAT rules UDP 5060-5061 and UDP 10000-10007,
and i cant still get it to work. (according to tele2support thats all i need).

sullrich

Advanced outbound NAT.

This has been covered umpteen times here in the forum.

hoba

And to stop the confusion, you need a static port, not a static route.

micke

i've spend lots of time to figure how to get it to work. only progress is still that i managed to call from my voipphone to
my mobile and it was only one directioncall ..  :-\

i've advanced outbound NAT and static port activated for the ports.

states show:

Proto    Source -> Router -> Destination    State     
udp 192.168.0.244:3478 -> 83.233.97.165:51987 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:59853 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:5060 -> 130.244.125.91:5060 SINGLE:NO_TRAFFIC
udp 130.244.125.91:3478 <- 192.168.0.244:3478 MULTIPLE:MULTIPLE
udp 130.244.125.91:3478 <- 192.168.0.244:5060 MULTIPLE:MULTIPLE
udp 130.244.125.91:5060 <- 192.168.0.244:5060 NO_TRAFFIC:SINGLE

192.168.0.244 is my voip.

Firewall: NAT: Outbound shows:

Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
WAN  192.168.0.0/24 5060 192.168.0.244/32 5060 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 5061 192.168.0.244/32 5061 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 3478 192.168.0.244/32 3478 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 3479 192.168.0.244/32 3479 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10000 192.168.0.244/32 10000 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10001 192.168.0.244/32 10001 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10002 192.168.0.244/32 10002 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10003 192.168.0.244/32 10003 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10005 192.168.0.244/32 10005 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10006 192.168.0.244/32 10006 * *
YES
tele2 
[edit mapping]
[add a new nat based on this one]
WAN  192.168.0.0/24 10007 192.168.0.244/32 10007 * *
YES
tele2

and i do not have any rules on "Firewall: NAT: Port Forward" for the phone,exept rules for dc++ and games
that i play online that works exelent!!

hoba

As you can see from the state table your static port doesn't work:

@micke:

Proto    Source -> Router -> Destination    State     
udp 192.168.0.244:3478 -> 83.233.97.165:51987 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:59853 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:5060 -> 130.244.125.91:5060 SINGLE:NO_TRAFFIC

Just create a single rule on top of your advanced outbound NAT rules for source IP-phone, destination any, static port. Save and apply. After that reset states at diagnostics>ststes, reset states to make the phone recreate the states with the static port.

micke

thanx for fast reply ,almost there..  :o
the phone still doesnt work but the states looks better ,heh ..

udp  192.168.0.244:3478 -> 83.233.97.165:3478 -> 130.244.125.91:3478  MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:5060 -> 130.244.125.91:5060 SINGLE:NO_TRAFFIC
udp 192.168.0.244:3478 -> 130.244.125.130:3479 SINGLE:NO_TRAFFIC
udp 130.244.125.91:3478 <- 192.168.0.244:3478 MULTIPLE:MULTIPLE
udp 130.244.125.91:5060 <- 192.168.0.244:5060 NO_TRAFFIC:SINGLE
udp 130.244.125.130:3479 <- 192.168.0.244:3478 NO_TRAFFIC:SINGLE

anyone with tele2/sweden who can post some info? , i dont want to go back to my zyxelrouter ,due
the autonegationproblem i have with my ISP (bb2 100mbit full duplex) ,when i only get worthless speed.  :'(

hoba

Which direction does not work? incoming or outgoing?

micke

outgoing works occasionally .. incoming never ..

i read somwere that 1:1 nat could help ?!?  or upnp ??

-i'm thinking of to get another nic and run with a raisercard a dmz or something like that,
is that possible to get it run easier? (currently i have via-miniitx nehemiah mobo) +hp procurve switch

hoba

static port does something similiar to 1:1 nat (at least when it comes to the natting). Does your phone use STUN and does your provider support it? SIP providers handle things very different. Some use STUN, some use a proxy at their end that rewrites ports/IPs to the IPs that the server sees and not the info that is inside the voip packages, others don't use any of these mechanisms which can lead to serious problems behind NATs. SIP and NAT are not good friends in general.

micke

:D  ,yes..  it works now ,i dont know really how ,but i installed miniupnpd package.
thx for all , pfsense roxx .

Gronis

Dose this work now? I going to trye PF agin i fhink but i need to now that the tele2 voip works.

micke

yes ,tele2 works.  =D