Asterisk behind pfsense (no sound)
-
Hmm thanks but that's discouraging that after all that in the end you gave up and used IAX. I already use externhost= and localnet= and have properly set nat=yes/no on my peers and trunks. Been playing with this for months. I know voip.ms supports IAX but most wholesalers don't. (e.g. other trunks I use like flowroute, gafachi or callcentric do not support it). So I really need to get it working. Has anyone ever asked WHY its so difficult to make SIP work behind a pfSense NAT, compared to other routers?
To my observation it looks like pfsense nat mangles the packet on its way out improperly marking the packet out for example look at this state:
10.30.2.102:5060 -> XX.XX.XXX.XX:33441 -> XX.XX.XXX.XX:5060
You see how NAT changed the port on its way out and than re port it (If that's even a word lol)? Well I think that SIP application/providers do not accept that thus marking the packet mangled…
This is just a long shot at something I did not wanted to spent more time than what need it... to be more specific I was up for 32hrs trying to figure this out. at the end I say to hell with it. IAX is my new friend.Note: That behavior can be changed by setting out bound NAT to ONT but even than my system failed to register RTP out bound..
Maybe my isp block's sip as a lot of isp do.
-
Has anyone ever asked WHY its so difficult to make SIP work behind a pfSense NAT, compared to other routers?
I have no problems with it.
When using many sip devices behind any firewall, consider using sipproxy.
RTP issue sample:
You redirected ports from 17000 to 18000 to your sip server.
Your second sip device received a call and remote server sent rtp to 17454. In this case you will have no audio and pfSense is not guilty.SIP issue sample:
You redirected port 5060 to your sip server.
Your second sip device registers at voip.com. When voip.com checks registration who will receive this info? Again pfSense is not guilty.Try to set different sip ports/rtp range to each sip server/device behind your firewall.
:) Just remember that computers do what we tell them to do, not what we want to do. :)
-
Has anyone ever asked WHY its so difficult to make SIP work behind a pfSense NAT, compared to other routers?
I have no problems with it.
When using many sip devices behind any firewall, consider using sipproxy.
RTP issue sample:
You redirected ports from 17000 to 18000 to your sip server.
Your second sip device received a call and remote server sent rtp to 17454. In this case you will have no audio and pfSense is not guilty.SIP issue sample:
You redirected port 5060 to your sip server.
Your second sip device registers at voip.com. When voip.com checks registration who will receive this info? Again pfSense is not guilty.Try to set different sip ports/rtp range to each sip server/device behind your firewall.
:) Just remember that computers do what we tell them to do, not what we want to do. :)
I am going to make one more test over sip tonight and see how far I can get again. In my case its was only one device and I was still unable to get outgoing RTP to function properly.
My sip devices talk to asterisk and than asterisk talks to my provider.I will reply back and see what are the results again.
-
Has anyone ever asked WHY its so difficult to make SIP work behind a pfSense NAT, compared to other routers?
I have no problems with it.
When using many sip devices behind any firewall, consider using sipproxy.
RTP issue sample:
You redirected ports from 17000 to 18000 to your sip server.
Your second sip device received a call and remote server sent rtp to 17454. In this case you will have no audio and pfSense is not guilty.SIP issue sample:
You redirected port 5060 to your sip server.
Your second sip device registers at voip.com. When voip.com checks registration who will receive this info? Again pfSense is not guilty.Try to set different sip ports/rtp range to each sip server/device behind your firewall.
:) Just remember that computers do what we tell them to do, not what we want to do. :)
I am sorry but in pfsense sip is plain impossible. I just tried everything I can think of and nothing works!
If you have your sip working behind your pfsense by all means please post your pfsense config and prove me wrong. but for now I stand by this. SIP is not possible behind pfsense. -
Do you need inbound calls?
If don't you do not need any nat rule, just outbound.
-
Do you need inbound calls?
If don't you do not need any nat rule, just outbound.
Somebody under general gave me some hints that made the registration possible. the issue has been that outbound is not possible.
And I do need inbound and outbound. -
Do you need inbound calls?
If don't you do not need any nat rule, just outbound.
Look here and see if you can chime in:
http://forum.pfsense.org/index.php/topic,41286.0.html
Thanks!
-
can you bridge your router to have real ip at wan?
my setup is very simple:
provider–>real ip-->pfsense->--192.168.3.x ip->asterisk server.
nothing different from nat inbound ports and sip_nat.conf.
-
Well I am back…. Here is what I can say... For an unknown reason I am not able to get SIP working over port 5060. As soon as I switch to 5080 everything started to work as it should. and no I have no other sip device except for my asterisk pbx.
odd..... -
Great news!!! :)
Some dsl routers has a 'sip Alg' option that break out sip comunication. I have no idea why.
Maybe you have something like that on you network. -
Great news!!! :)
Some dsl routers has a 'sip Alg' option that break out sip comunication. I have no idea why.
Maybe you have something like that on you network.Nope not here… I have cable... :) but its all resolved now.
