Voip one way audio on incoming calls and drops after 30 seconds
-
Hi All,
I know this has been discussed many times but I am truly stumped for a good solution.
I have a pfsense 2.1 box. The only wan connection at the moment is a static IP on DSL. (There are 2 other ISPs going to the box but both have failed so it has just the one outbound connection.) The DSL is not that great of a connection but I can make it work. On the LAN side of pfSense, there are about 20 PCs and 20 SIP phones all sharing the same /24 (192.168.1.0/24) network in addition to a FreePBX server (192.168.1.200). I have the PBX setup to use the correct outbound IP address and turned off reinvite. Outbound calls work well but inbound only have audio in one direction and drop after 30 seconds.
On the pfsense box I have port forwards on the WAN interface for ports 5060, 5004, 10000 - 20000 to the PBX at 192.168.1.200.
The phones register on the PBX and commicate with it without problems, as I would expect. Local voice quality is good over all despite sharing the LAN with a bunch of PCs.
From what I can tell, this problem matches so many other people's issues of inbound calls lacking audio in one direction and a disconnect after 30 seconds. As far as I can tell, the 30 seconds comes from the RTP timeout value on the PBX. The RTP on inbound call is not being handled correctly in my config. So, I ask you alls help here.
I've tried siproxyd and I've had no luck solving the one way audio. We use voipinnovations for our DIDs and inbound calls. The SIP portion of a call makes it to the PBX so my belief is that this is a problem with the RTP and NAT.
Is there a good solution to this? I don't understand the Manual oubound NAT well enough to keep tinkering with it and this is a live PBX and firewall so I don't want to take out the ability to access the internet.
Any help or useful suggestions would be much appreciated.
-
you need to enable manual outbound nat
and for the section that NATs your subnet out to the internet you need to check the box for "static port"
-
-
in my experience, you never need those ports forwarded when using sip registration from the phone server to your carrier
UNLESS you have phones registering to the PBX with SIP externally.
Otherwise exposing your PBX to 5060 WILL lead to multiple attacks against SIP, I hope you have anonymous and sip guests disabled and have fail2ban installed and configured for SIP
in freepbx you can adjust these settings in settings -> advanced sip settings
you may have to install that module if you don't have it already
-
i build and deploy pfsense firewalls and custom asterisk phone servers for a living, feel free to PM me if you have any further questions.
also ensure your NAT settings appear like this on your "advanced sip settings" page
otherwise your SIP headers will not be transmitted properly for your setup
-
Honestly, you should not need any of those ports forwarded back to the PBX once NAT is setup properly.
As long as you're using SIP registration for your trunk.
Meaning your PBX reaches out to your carrier to obtain it's registration.
And RTP does not need to be forwarded either unless you have external phones or terrible jitter in your internet connection.
I run many freepbx with ZERO ports externally open to the internet, just manual outbound NAT and static ports.
-
Hi,
mattb253, you've mentioned you're quite good in asterisk. I'm new to asterisk and have an issue, I wonder whether I can run it by you and see whether you can help.
Regards,
Aldulaimi