Hosted VOIP and pfSense
-
This interesting…. I set up that
WAN 192.168.100.0/24 * * 5060 * * YESbut pfsense is sending 5060 using 22xxx port ..... why pfsense with STATIC PORT YES is not sending that using 5060?
Question for brainy techs ....
THX
-
Hi,
I've got the same problem.
We use an external SIP provider and multiple SIP phones but after switching to PFSense only one phone will get connected to the provider. If I reset states and connect another phone than the other one gets connected but never more than one.
I've opened the firewall port from SIP provider IP ->WAN->SIP LAN TCP/UDP 5060 and the provider instructed me to open a range of potrs SIP provider IP ->WAN->SIP LAN UDP 6000-6050.
I've been reading around the net and found people stating that only one SIP device would work at a time and that I'd need siproxd to get it working.
But I keep trying to configure siproxd but anything I try jst keeps one phone working. Just to see if it works I connected an old linksys wrt54gs to see if it worked and it did all phones synced with the provider.
I just don't get it.What would I have to do to get the phones working?
Do I just configure the NAT outbound to manual and the default rule to static port yes?
Or would I configure siproxd but how?Thanks for the help and any relevant information.
Bye
-
I never got siproxd working right. If you have multiple phones behind pfsense and they go to the same provider, you are screwed unless you can change the ports they register on (reason being: due to NAT the provider will see all requests coming from the same IP/port.) Alternatively, you could put something like pbx in a flash behind pfsense and have the sip phones register to it and have it register to the provider.
-
Hi,
well my first thought for a backup plan was to setup a pbx behind the PFS but the provider didn't supply any information for the phone accounts (aka usernames and passwords weren't supplied. Ok usernames, sip addresses and ports aren't a problem since I could have gotten them out of the phone but the passwords can't be gotten). So that option was pretty much out too.
But I got the thing working anyway with PFS.
Here's how(I think):
1. siproxd config:
inbound if = Tel(the lan that the phones are on)
outbound if = WAN
port = 5060
RTP port range = 6000-6050 (got this from SIP provider)
Expedited Forwarding = ticked2. firewall config:
SIP registration - WAN rule: IP of SIP provider, ports TCP/UDP 5060 -> Tel(the lan that the phones are on);
Audio channels - WAN rule: IP of SIP provider, ports UDP 6000-6050 -> Tel(the lan that the phones are on);3. NAT config:
NAT->Outbound
set to Manual Outbound NAT rule generation
and added this mapping
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN 192.168.5.0/24 * * * * * NO VoIP
(the source is the IP range of my local network that the SIP devices are connected to)4. Applied the setting
applied the settings on PFS
restarted all the phonesAfter witch all the phones registered with the SIP provider and I could phone out and in with all the phones running at the same time.
But I'm still not sure if this is what got it working nor weather siproxd is working(it is running) and is responsible for the phones working.
If it was one thing or all of the above.
Well one day I'll give it a try but for now it's working and I don't want to screw it up. By the way in the meanwhile I installed a new PFS on another machine and connected it, copied the config from the working to the new one and plugged it in and everything works.Thanks for the help guys and I hope my input also helps someone else.
Bye
-
the AON rule seems useless to me, since it doesn't look like it does anything the standard invisible rule does?
-
It is because port 5060 (and I think another one of two) are not covered by the Automatic rule. I read that in the pfSense Definitive Guide book but I think it's also in the docs somewhere.
-
I think you misread that. What is treated specially for port 5060 is pfsense not doing the rewriting of it.
-
I'm seeing the same thing with our hosted PIAF setup. We have 4 SPA-942 phones and 1 Aastra 57i CT and they randomly unregister over the course of the day. Siproxd didn't do anything, manual NAT works until the phones try and re-register and then they fail.
-
Did you put
nat=yes
externip=xxx.xxx.xxx.xxx
externhost = mypbx.mydomain.com
localnet=192.168.1.0/255.255.255.0
externrefresh=10in SIP_NAT.conf
-
localnet=192.168.1.0/255.255.255.0 make it to match your network
-
@mst:
localnet=192.168.1.0/255.255.255.0 make it to match your network
Our PIAf hosted box has a public IP, do I still need this? Our setup worked perfectly fine with an SG565 in place and Sip Proxy turned on.
-
if you have public IP then no
-
@mst:
if you have public IP then no
Thanks for the clarification. I didn't think it was needed. Our phones just unregistered again. I'm pulling this box until this issue is fixed somehow. I'm beyond frustrated and we NEED our IP Phones to work reliably.
-
check this post: http://www.trixbox.org/forums/vendor-moderated-forums/aastra-endpoints/57i-not-registering-no-service can be usefull
MST
-
My phone ARE getting separate ports when they boot up initially, they only lose the registration when they try and re-register. I put the SG565 back into service at that office and the phones have been rock solid for the past few hours.
-
I use Askozia PBX in VmWare setup… Works like a charm.....
-
I use Askozia PBX in VmWare setup… Works like a charm.....
I don't think this has to do with the PBX so much as the natting of SIP ports. We are going to demo OnSIP in the coming weeks and I saw one of the threads pertaining to SIP nat.
I'm just frustrated because this should just work and it's "sort of" working which is worse than not working at all.
-
I tweeted about my problems and Chris sent me this link:
http://doc.pfsense.org/index.php/VoIP_Configuration
I think #2 should help me out, but I can't test until next week.
-
I know, but I just forward the used ports through PFSense to the PBX, handling the SIP traffic.
Good audio and no problems at all.
I use Askozia PBX in VmWare setup… Works like a charm.....
I don't think this has to do with the PBX so much as the natting of SIP ports. We are going to demo OnSIP in the coming weeks and I saw one of the threads pertaining to SIP nat.
I'm just frustrated because this should just work and it's "sort of" working which is worse than not working at all.
-
I changed the System->Advanced-> Firewall Optimization options to conservative and the phones have stayed registered for an hour which is longer than normal.
-
Just change the keep connection alive settings in the SIP phones…..
-
I could do that, but with 20 phones in 3 states this was much easier to do.