SIP / NAT - Stopped working after update (1.2.3 -> 2.0.1)

desmondfuller · Jan 17, 2012, 3:18 AM

Incoming SIP calls don't work. Outgoing do.

SIP Registrations (multiple providers) to PBX don't seem to be working either. OnSIP.com says, "NAT Address: NAT not detected"

Port Forwarding / NAT

WAN UDP * * WAN address 5060 (SIP) pbx 5060 (SIP)
WAN UDP * * WAN address 10000 - 20000 pbx 10000 - 20000

Firewall Rules (linked from NAT)

UDP * * pbx 5060 (SIP) * none NAT SIP Registration
UDP * * pbx 10000 - 20000 * none NAT SIP Audio

Outgoing NAT

Set to "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)"

WAN 10.20.30.0/24 * * * * *

Static Port: YES

Inside network is 10.20.30.x of course.

What am I missing? SIP.conf on Asterisk hasn't changed, but I double checked on NAT=yes, etc. Also Conservative state table optimization

cmb · Jan 18, 2012, 6:06 AM

Were you on manual outbound NAT to begin with? 1.2.3 defaulted to static port on SIP while 2.0.x does not because that's currently the most likely scenario to work out of the box. But if you had manual outbound NAT to begin with, that would be no different. There are no other SIP-related differences between 1.2.3 and 2.0.x.

N8LBV · Jan 19, 2012, 8:59 AM

Also PLEASE let us know when/if you get it working (report back) I'm having a possibly related problem and have read many posts
Where they just die and never come back & tell us if they got it working or not.

Bpedersen · Jan 27, 2012, 7:57 PM

Drop the port forward and firewall rules, you dont need them.

You only need the manual outbound nat with the static source port option.

phazethree · Feb 3, 2012, 6:47 PM

This works fine for me on the phone side. But as soon as I enable Manual NAT and Static port, it breaks squid proxying for other subnets..
Any suggestions?

blakestar · Mar 18, 2012, 5:01 AM

Hi, I am dealing with the exact same issue. Updated from 1.2.3 to 2.0.1. Asterisk sitting behind Pfsense. Can call out no problem but cannot receive inbound calls now. Wondering if someone has any resolution advice?

Have nearly the same config as the original poster only 192.168 internal addresses.

Bpedersen, when you say "Drop the Port Forward & Rules" what exactly do you mean by this?

Much appreciated, any advice!!

djau · Apr 5, 2012, 2:08 PM

Hi

I have always the problem with 2.0.1.
Incoming SIP calls don't work => SIP 404

SIP Request on pfsense :
xx.xx.xx.xx:5060 xx.xx.xx.xx:54453

Now i have open 54453, and works but not fine one call /4 .
pfsense will not change this port after x call?

Do you have other issue ?

Regards

itsJim · Apr 10, 2012, 7:24 PM

I had issues until I created an Outbound NAT rule like the following:

WAN 192.168.6.0/24 udp/5060 * udp/5060 * * YES VoIP

cmb · Apr 11, 2012, 3:01 AM

@itsJim:

I had issues until I created an Outbound NAT rule like the following:

WAN 192.168.6.0/24 udp/5060 * udp/5060 * * YES VoIP

This is precisely what you need to do if you need to retain 1.2.3's default behavior of not rewriting the source port on SIP. Most of the time it doesn't matter, where it does, that will take you back to 1.2.3's behavior.

Unfortunately with VoIP there isn't a "one config suits all", 1.2.3's default caused problems more than it helped, but changing defaults going forward from 1.2.3 to 2.x is going to bite a very small percentage of users. Just need the above manual outbound NAT to fix for those who have an issue.

dwood · May 31, 2012, 12:04 AM

Just realized our inbound VOIP calls don't work. We typically route outbound calls via VOIP, and direct inbound to a non-voip line…so just realized we had the inbound call issue.

From what I can tell, to use this manual outbound NAT rule, you must therefore disable automatic outbound NAT.

What are the implications of doing this? We're running SQUID3, snort, and several LAN subnets through two WAN connections.

itsJim · Jun 1, 2012, 8:38 PM

You don't have to disable it

dwood · Jun 5, 2012, 3:11 AM

For what it's worth, I have inbound SIP calls working now, but with a new VOIP provider, in this case Babytel.ca Using manual outbound NAT did not work as it broke Squid web access.

For google search purposes, we're using a Talkswitch VOIP enabled PBX behind PFSENSE, and Babytel is configured on the unit to handle long distance calls (auto call routing). Once I made the switch to this provider, everything works. Automatic NAT is enabled, however port forwards for SIP signalling and audio are set up on PFSENSE 2.0.1

Inbound calls (via VOIP), remote extensions etc. all work properly now. Previous provider was iristel.ca , and the switch to babytel.ca, solved the previous issues of SIP invites not being recieved through the router due to NATing I suspect of the packets. For what it's worth, babytel's online account configuration as well as iphone app (softphone) all performed flawlessly in testing. Quite impressed with their feature set/pricing etc.