UDP packet drop - how to investigate

nyit_dk

Hi

I have a fairly simple setup with a 100/100mbits fiber WAN and gigabit LAN, there is 5 users and they all have IP phones.
The problem is that the IP phone calls often get dropped, the IP phone Company says it could be that the firewall drops UDP packets.
There is no outbound rules
There is no traffic shaping
The avarage WAN load is below 5mbits with Peaks at ~30mbits
The WAN quality is good with 0% packet loss

How/where can i see if there is an UDP packet drop?

Thanks

Nullity

@nyit_dk:

Hi

I have a fairly simple setup with a 100/100mbits fiber WAN and gigabit LAN, there is 5 users and they all have IP phones.
The problem is that the IP phone calls often get dropped, the IP phone Company says it could be that the firewall drops UDP packets.
There is no outbound rules
There is no traffic shaping
The avarage WAN load is below 5mbits with Peaks at ~30mbits
The WAN quality is good with 0% packet loss

How/where can i see if there is an UDP packet drop?

Thanks

You could run tcpdump on pfSense.

nelioromao

Same Sample info about NAT and VOIP

"NAT and VOIP don't speak very good"

https://www.voip-info.org/wiki/view/NAT+and+VOIP
http://kb.smartvox.co.uk/voip-sip/sip-nat-problem/

chpalmer

@nyit_dk:

The problem is that the IP phone calls often get dropped, the IP phone Company says it could be that the firewall drops UDP packets.
There is no outbound rules
Thanks

Im betting you have outbound rules on your LAN interface that your phones connect to of some kind..  Can you enlighten us on what that rule set is?

You may want to look at your firewall logs and state table (or use your packet capture) to identify the outbound server(s) that your phones are connecting to.  With those IP's then build firewall rules on your WAN interface allowing those servers UDP connections to your LAN net where your phones reside.

chpalmer

@5E:

"NAT and VOIP don't speak very good"

Thanks for the links.  ;)

Ive mentioned here many times that VOIP was not originally designed to be behind NAT since it was purely a commercial venture..  NAT considerations were added later.

These days it does not mean it cannot be made to work and most of the time it works without interaction. But there are a few of us with slightly off systems/providers that need a little help.  I have 6 different lines from 3 different servers coming into this location right now using the SIProxd package quite successfully.    :)