3CX pfsense
-
Hi all,
We are having some diffuclties getting our virtual multitenant 3CX install working.
I followed this guide:
http://www.3cx.com/docs/virtual-pbx-firewall-setup/
https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-toOur Setup:
A Pfsense 2.3-1 that has the PPOE session
Transit VLAN
a pfsense connected to the transit vlaneach pfsense that is connected has a virtual external static ip. With a 1:1 NAT mapping.
so I'll try to give an example:
1.1.1.1 –> 192.168.1.1 pfsense 1
192.168.1.2 --> 192.168.0.1 pfsense 2 (has 2.2.2.2 as Virtual IP - NAT mapping)
192.168.0.100 --> 3CX3CX instance 9 (yeah somehow this is the first? :) )
Sip port: 13060
Sip Tunnel: 13090Now the problem:
Every phonecall got disconnected after 32 seconds.A second try:
I moved the 3CX into the transit VLAN.
1.1.1.1 --> 192.168.1.1 pfsense 1
192.168.1.100 --> 3CX (has 2.2.2.2 as Virtual IP - NAT mapping)The problem with this is:
The phone keeps connected now, but I have no sound.
Logs keep telling me:31-mei-2016 14:03:30.506 NAT/ALG check:L:5.1[Extn:202] REQUEST 'INVITE' - some of SIP/SDP headers may contain inconsistent information or modified by intermediate hop
SIP contact header is not equal to the SIP packet source(IP:port):
Contact address:192.168.1.2:37587
Received from :192.168.1.2:57977
'audio' media IP is not equal to the IP specified in contact header:
'audio' media IP is not equal to the SIP packet source(IP:port):So obviously I am doing something wrong.
I just don't know what. I checked over and over for settings.Need more info? Please ask!
-
Actually I am going to reply it myself.
There was nothing wrong with the setup. Maybe the first (I am not sure).
I tried with my laptop (connected on the neighbors wifi) and it worked sublime!
So back to 2 firewall's, tested and perfect!
So the problem in fact lays in our own outgoing firewall. Anyone a idea? I created a nat outbound mapping:
Interface: WAN
Protocol: TCP/UDP
Source: network: 10.223.1.0/24
Destination: Any
Static port! -
Check your SIP debug on 3CX and/or on the client. Find what is missing (particular request or response) and where it was blocked or dropped. And don't use the SIP ALG, never.
-
And don't use the SIP ALG, never.
How do you shut this down in pfsense? I did not found this option?
-