Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SIP SDP Private IP

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deucalion
      last edited by

      I'm having the same SIP issue as detailed in this post: https://forum.pfsense.org/index.php?topic=42503.0

      Outbound NAT is assigning the correct public IP to the network layer, however, the SIP SDP data layer still contains our private IP.  This will not work for our SIP trunk provider.  As in the thread I linked, I confirmed that siproxd does not seem to support SIP trunks to a service provider.

      What is the recommended solution to get the data layer transparently rewritten?

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by

        This is a good example of how SIP was not originally designed to be behind a NAT device but later adapted to do so.

        Im assuming a SIP server here as you didn't mention what your trying to connect with.

        Do you have more than one public IP address?  In your case I would probably make use of a third interface on your pfSense box and bridge the WAN to that interface. Assign your "spare" IP address directly to your SIP server and build any firewall rules you need between the WAN and the new interface. Obviously you will have to set manual outbound NAT and leave this interface out of your NAT table.

        or- did you actually get your SIP server to register with Siproxd?  Can you set an "Outbound Proxy" on your device(s)?

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • D
          deucalion
          last edited by

          @chpalmer:

          Im assuming a SIP server here as you didn't mention what your trying to connect with.

          Trying to connect to a SIP trunk provider with a ShoreTel virtual switch.

          @chpalmer:

          Assign your "spare" IP address directly to your SIP server and build any firewall rules you need between the WAN and the new interface.

          Unfortunately, it seems that ShoreTel devices can only be assigned IP addresses inside the private IP space.

          @chpalmer:

          Can you set an "Outbound Proxy" on your device(s)?

          No, ShoreTel devices do not have an "outbound proxy" setting.

          1 Reply Last reply Reply Quote 0
          • chpalmerC
            chpalmer
            last edited by

            @deucalion:

            the SIP SDP data layer still contains our private IP.  This will not work for our SIP trunk provider.

            Unfortunately, it seems that ShoreTel devices can only be assigned IP addresses inside the private IP space.

            From these two comments it seems that without a go between these two technologies are not compatible.

            Triggering snowflakes one by one..
            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.