Help migrating from Ipcop 1.4.21
-
Yes, the phones are all connected to 192.168.1.X (LAN Network) while Elastix server is connected to the Orange network card (192.168.3.X)
Thanks
Renato -
If all of your phones and your server are on the LANs side of pfsense, you don't need any sip rules on the WAN. None.
Is there anything OUTSIDE your pfsense network that is using your elastix server? Phone? Video? Audio?
Are you pointing the SIP phones at the local LAN IP of the server or at some domain name or public IP?
-
This is just me… However.
If I had an elastix server (I do have something like that) and ALL of my phones and other clients to that server were inside my network, I would not have any rules on my wan at all related to elastix. Also, I would put my elastix server on the same subnet as my clients just to make things easy unless you feel a need to have access to elsatix firewalled off from the LAN. Even if I decided to put my elastix box on a seperate subnet, I would no DMZ it. Why bother unless you have external clients?
-
Kejianshi
Thanks again for your reply.
Perhaps this pics will help clarify.
Net:
I have Sip Phones connected the LAN interface and I also have remote phones which would be connecting thru the WAN.In both scenarios, all phones have mydomain.com in the domain setting.
Hope this helps clarify.
Renato
-
How many remote phones are out there? Are they at many sites?
On your pfsense you will need a domain override to point to the local address of your server.
-
I fixed remote site and my laptop also have a SIP softphone which I use for my travel.
How do I enable the "domain override"? Sorry for the dumb question :)
Renato
-
I'd set up VPN at the remote site just for the sip and laptop also. Then close all those forwarded ports. This will 100% eliminate NAT issues and make things far more secure.
-
With a sip server, you can end up fighting with NAT for ages. A good UDP VPN server will fix you right up.
as far as domain overrides, what are you using for DNS?
-
pfsense is getting the default DNS servers from Verizon
i.e. 71.242.0.12 and 71.252.0.12Renato
-
DNS forwarder?
Try Services: DNS forwarder
Then in there at bottom, Host overrides / domain overrides.
You can use this to make your things resolve to a internal local IP (sip server IP for example), instead of the public IP.
https://doc.pfsense.org/index.php/DNS_Forwarder
Me personally, I just use IPs directly at the SIP device instead of relying on DNS.