Hosted VOIP and pfSense

devnull

Hi,

well my first thought for a backup plan was to setup a pbx behind the PFS but the provider didn't supply any information for the phone accounts (aka usernames and passwords weren't supplied. Ok usernames, sip addresses and ports aren't a problem since I could have gotten them out of the phone but the passwords can't be gotten). So that option was pretty much out too.

But I got the thing working anyway with PFS.

Here's how(I think):

1. siproxd config:
inbound if = Tel(the lan that the phones are on)
outbound if = WAN
port = 5060
RTP port range = 6000-6050 (got this from SIP provider)
Expedited Forwarding = ticked

2. firewall config:
SIP registration - WAN rule: IP of SIP provider, ports TCP/UDP 5060 -> Tel(the lan that the phones are on);
Audio channels - WAN rule: IP of SIP provider, ports UDP 6000-6050 -> Tel(the lan that the phones are on);

3. NAT config:
NAT->Outbound
set to Manual Outbound NAT rule generation
and added this mapping
Interface  Source                  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
WAN            192.168.5.0/24  *                  *                  *                          *                  *                  NO                 VoIP 
(the source is the IP range of my local network that the SIP devices are connected to)

4. Applied the setting
applied the settings on PFS
restarted all the phones

After witch all the phones registered with the SIP provider and I could phone out and in with all the phones running at the same time.
But I'm still not sure if this is what got it working nor weather siproxd is working(it is running) and is responsible for the phones working.
If it was one thing or all of the above.
Well one day I'll give it a try but for now it's working and I don't want to screw it up. By the way in the meanwhile I installed a new PFS on another machine and connected it, copied the config from the working to the new one and plugged it in and everything works.

Thanks for the help guys and I hope my input also helps someone else.

Bye

danswartz

the AON rule seems useless to me, since it doesn't look like it does anything the standard invisible rule does?

leaded

@danswartz

It is because port 5060 (and I think another one of two) are not covered by the Automatic rule. I read that in the pfSense Definitive Guide book but I think it's also in the docs somewhere.

danswartz

I think you misread that.  What is treated specially for port 5060 is pfsense not doing the rewriting of it.

rugby

I'm seeing the same thing with our hosted PIAF setup.  We have 4 SPA-942 phones and 1 Aastra 57i CT and they randomly unregister over the course of the day.  Siproxd didn't do anything, manual NAT works until the phones try and re-register and then they fail.

mst

Did you put

nat=yes
externip=xxx.xxx.xxx.xxx
externhost = mypbx.mydomain.com
localnet=192.168.1.0/255.255.255.0
externrefresh=10

in SIP_NAT.conf

mst

localnet=192.168.1.0/255.255.255.0  make it to match your network

rugby

@mst:

localnet=192.168.1.0/255.255.255.0  make it to match your network

Our PIAf hosted box has a public IP, do I still need this?  Our setup worked perfectly fine with an SG565 in place and Sip Proxy turned on.

mst

if you have public IP then no

rugby

@mst:

if you have public IP then no

Thanks for the clarification.  I didn't think it was needed.  Our phones just unregistered again.  I'm pulling this box until this issue is fixed somehow.  I'm beyond frustrated and we NEED our IP Phones to work reliably.

mst

check this post:  http://www.trixbox.org/forums/vendor-moderated-forums/aastra-endpoints/57i-not-registering-no-service  can be usefull

MST

rugby

My phone ARE getting separate ports when they boot up initially, they only lose the registration when they try and re-register.  I put the SG565 back into service at that office and the phones have been rock solid for the past few hours.

Supermule

I use Askozia PBX in VmWare setup… Works like a charm.....

rugby

@Supermule:

I use Askozia PBX in VmWare setup… Works like a charm.....

I don't think this has to do with the PBX so much as the natting of SIP ports.  We are going to demo OnSIP in the coming weeks and I saw one of the threads pertaining to SIP nat.

I'm just frustrated because this should just work and it's "sort of" working which is worse than not working at all.

rugby

I tweeted about my problems and Chris sent me this link:

http://doc.pfsense.org/index.php/VoIP_Configuration

I think #2 should help me out, but I can't test until next week.

Supermule

I know, but I just forward the used ports through PFSense to the PBX, handling the SIP traffic.

Good audio and no problems at all.

@rugby:

@Supermule:

I use Askozia PBX in VmWare setup… Works like a charm.....

I don't think this has to do with the PBX so much as the natting of SIP ports.  We are going to demo OnSIP in the coming weeks and I saw one of the threads pertaining to SIP nat.

I'm just frustrated because this should just work and it's "sort of" working which is worse than not working at all.

rugby

I changed the System->Advanced-> Firewall Optimization options to conservative and the phones have stayed registered for an hour which is longer than normal.

Supermule

Just change the keep connection alive settings in the SIP phones…..

rugby

I could do that, but with 20 phones in 3 states this was much easier to do.