SIP/Voip - callers can hear me, but I can't hear them
-
pfSense by defaults scrambles the source port. Search the forum for static-port or "static port".
I found this:
http://forum.pfsense.org/index.php/topic,3724.0.htmlwhich I followed, I figured I should attach a couple screenshots
According to what came through on the "states" pages, it appears 5060 is working
udp x.x.x.x:5060 -> y.y.y.y:5060 MULTIPLE:MULTIPLE
where x is the external voip provider and y is my trixbox/asterisk servermainly because this call
udp x.x.x.x:16420 <- y.y.y.y:18364 NO_TRAFFIC:SINGLEand another made later:
udp x.x.x.x:16406 <- y.y.y.y:18472
there were no other states with the IPs of the voip provider
Where have I made an error?
-
Instead of relying on ports, rely on the internal ip. Remove the ports and it should setup static-port entries for any traffic leaving the device. Chances are another port is in use and it is not being applied to the static-port entry.
-
Instead of relying on ports, rely on the internal ip. Remove the ports and it should setup static-port entries for any traffic leaving the device. Chances are another port is in use and it is not being applied to the static-port entry.
Sorry for being thick, but I don't quite follow. I should delete my firewall rules and nat port forwarding rules? This should leave just the single outbound advanced nat rule? What should this look like?
Without the single 5060 port forwarded NAT rule the call doesn't ring through. This is very strange, as most people with this problem have trouble getting themselves heard from behind pf sense, whereas I can't get external voice through pf sense.
-
I would suggest you use 1.2b1, as it automatically fixes this if you have Advanced Outbound NAT disabled.
-
Verify 1.2 beta then create an Advanced Outbound NAT rule for your internal SIP device on bit range 32, then check the box 'static port' so that connectivity for any port on the internal device is not nat-ed out and therefore changed when coming in as well.
-
@cmb:
I would suggest you use 1.2b1, as it automatically fixes this if you have Advanced Outbound NAT disabled.
I've been using 1.2b1 from the start. It still does not work with Advanced Outbound NAT disabled or Automatic outbound NAT rule generation (IPSEC passthrough).
Verify 1.2 beta then create an Advanced Outbound NAT rule for your internal SIP device on bit range 32, then check the box 'static port' so that connectivity for any port on the internal device is not nat-ed out and therefore changed when coming in as well.
Have I not already done that? A faq, or some images, like the ones I've provided would be most helpful, I have used the search function, but all I find are references to other posters being told to search. I've also tried removing the port 5060 rule, but that makes the call go to my provider's voicemail system.
As a test I setup my asterisk server to automatically send the call to voicemail and tried to record a message - the message is completely blank - asterisk compresses it down so that there's a fraction of a second of silence and then I get the menu options to "repeat, delete, etc"
-
Disable Advanced Outbound NAT, make sure changes are applied, and go to a shell and run:
grep 5060 /tmp/rules.debugsee anything?
-
@cmb:
Disable Advanced Outbound NAT, make sure changes are applied, and go to a shell and run:
grep 5060 /tmp/rules.debugsee anything?
Just to be safe I reset the system to factory defaults, changing only the password of the router and the internal IP address scheme 192.168.1.1 to 192.168.0.1
Once again I tried calling on default, with advanced outbound nat disabled and the call was not connected from my sip provider to my asterisk server.without any rules being set I get this output from the shell:
nat on $wan from 192.168.0.0/25 port 5060 to any port 5060 -> (xl1) port 5060
with port 5060 being forwarded I get the following:
nat on $wan from 192.168.0.0/25 port 5060 to any port 5060 -> (xl1) port 5060
rdr on xl1 proto { tcp udp } from any to <my ip="">port { 5060 } -> 192.168.0.12
pass in quick on $wan proto {tcp udp } from any to { 192.168.0.12 } port = 5060
keep state label "USER_RULE: NAT "I actually did the 2nd step first, then the first step (with 2 fresh factory defaults in between). Right now my software has only been changed the tad bit I've mentioned above.
The states table shows it connecting just fine through 5060, but the calls are not sent from my sip provider. I have it setup to timeout after 30 seconds.</my>
-
Good news
I tried a friend's SIP provider and it worked fine. Even without anything in the rules/nat it worked, but took a couple more rings to go through(could be a fluke)
So disregard all of the above, I guess IPKALL is just junk, I'll have to find another provider.
Thanks for your help, but I'm going to chalk this up to being beyond my control.
-
It should work fine with 1.2b1 without any modification - as you see in your rules.debug output there, you have the NAT passthrough that's automatically generated.
Definitely something out of your control and unrelated to pfsense.