Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    3CX pfsense

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CM350
      last edited by

      Hi all,

      We are having some diffuclties getting our virtual multitenant 3CX install working.

      I followed this guide:
      http://www.3cx.com/docs/virtual-pbx-firewall-setup/
      https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to

      Our Setup:
      A Pfsense 2.3-1 that has the PPOE session
      Transit VLAN
      a pfsense connected to the transit vlan

      each pfsense that is connected has a virtual external static ip. With a 1:1 NAT mapping.

      so I'll try to give an example:
      1.1.1.1 –> 192.168.1.1 pfsense 1
      192.168.1.2 --> 192.168.0.1 pfsense 2 (has 2.2.2.2 as Virtual IP - NAT mapping)
      192.168.0.100 --> 3CX

      3CX instance 9 (yeah somehow this is the first? :) )
      Sip port: 13060
      Sip Tunnel: 13090

      Now the problem:
      Every phonecall got disconnected after 32 seconds.

      A second try:
      I moved the 3CX into the transit VLAN.
      1.1.1.1 --> 192.168.1.1 pfsense 1
      192.168.1.100 --> 3CX (has 2.2.2.2 as Virtual IP - NAT mapping)

      The problem with this is:
      The phone keeps connected now, but I have no sound.
      Logs keep telling me:

      31-mei-2016 14:03:30.506  NAT/ALG check:L:5.1[Extn:202] REQUEST 'INVITE' - some of SIP/SDP headers may contain inconsistent information or modified by intermediate hop
        SIP contact header is not equal to the SIP packet source(IP:port):
            Contact address:192.168.1.2:37587
            Received from :192.168.1.2:57977
      'audio' media IP is not equal to the IP specified in contact header:
        'audio' media IP is not equal to the SIP packet source(IP:port):

      So obviously I am doing something wrong.
      I just don't know what. I checked over and over for settings.

      Need more info? Please ask!

      1 Reply Last reply Reply Quote 0
      • C
        CM350
        last edited by

        Actually I am going to reply it myself.

        There was nothing wrong with the setup. Maybe the first (I am not sure).

        I tried with my laptop (connected on the neighbors wifi) and it worked sublime!

        So back to 2 firewall's, tested and perfect!

        So the problem in fact lays in our own outgoing firewall. Anyone a idea? I created a nat outbound mapping:
        Interface: WAN
        Protocol: TCP/UDP
        Source: network: 10.223.1.0/24
        Destination: Any
        Static port!

        1 Reply Last reply Reply Quote 0
        • A
          AndrewZ
          last edited by

          Check your SIP debug on 3CX and/or on the client. Find what is missing (particular request or response) and where it was blocked or dropped. And don't use the SIP ALG, never.

          1 Reply Last reply Reply Quote 0
          • C
            CM350
            last edited by

            @AndrewZ:

            And don't use the SIP ALG, never.

            How do you shut this down in pfsense? I did not found this option?

            1 Reply Last reply Reply Quote 0
            • A
              AndrewZ
              last edited by

              @CM350:

              How do you shut this down in pfsense? I did not found this option?

              Uninstall siproxd ?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.