Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense update causing SIP issues?

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      richtj99
      last edited by

      Hi,

      I have had a Pfsense box & Flowroute with freepbx for close to 2 years - never a problem.  Recently I am getting dropped calls at exactly 15:30 every call.  I spoke to Flowroute who said it was a PFsense firewall issue & they suggested this:

      https://tickets.flowroute.com/customer/portal/articles/1852969-pfsense-firewall-configuration

      The strange thing is that when I choose source & put my internal PBX IP, it will only save it as 192.168.1.0 though I am trying to do 192.168.1.180.  I am following the instructions but it does not work.

      I have never setup a nat rule & have not had any issues.  Flowroute said the problem is that the port keeps changing internally (doesnt make much sense).

      Logs attached for reference.

      [root@localhost ~]# asterisk -rvv
Asterisk 13.18.3, Copyright (C) 1999 - 2014, Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 13.18.3 currently running on localhost (pid = 2034)
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] WARNING[3908][C-00000001]: pbx_functions.c:460 func_args: Can't find trailing parenthesis for function 'DB(DEVICE/311/dial'?
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] WARNING[3908][C-00000001]: pbx_functions.c:460 func_args: Can't find trailing parenthesis for function 'DB(DEVICE/311/dial'?
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Spawn extension (from-internal, 311, 1) exited non-zero on 'SIP/311-00000004'
== Spawn extension (ext-intercom, *80311, 34) exited non-zero on 'SIP/150-00000002' in macro 'exten-vm'
== Spawn extension (ext-intercom, *80311, 34) exited non-zero on 'SIP/150-00000002'
[2018-02-01 11:26:44] NOTICE[2099]: chan_sip.c:29560 check_rtp_timeout: Disconnecting call 'SIP/flowroute-3007-00000001' for lack of RTP activity in 31 seconds
== Spawn extension (macro-dialout-trunk, s, 30) exited non-zero on 'SIP/314-00000000' in macro 'dialout-trunk'
== Spawn extension (from-internal, 339025930487, 7) exited non-zero on 'SIP/314-00000000'
== Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/314-00000000' in macro 'hangupcall'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000000'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000000'
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
[2018-02-01 11:28:55] NOTICE[2099]: chan_sip.c:24592 handle_response_peerpoke: Peer '302' is now Lagged. (2017ms / 2000ms)
[2018-02-01 11:29:05] NOTICE[2099]: chan_sip.c:24592 handle_response_peerpoke: Peer '302' is now Reachable. (19ms / 2000ms)
== Spawn extension (macro-dialout-trunk, s, 30) exited non-zero on 'SIP/314-00000005' in macro 'dialout-trunk'
== Spawn extension (from-internal, 339025930487, 7) exited non-zero on 'SIP/314-00000005'
== Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/314-00000005' in macro 'hangupcall'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000005'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000005'
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
localhost*CLI>
localhost*CLI>
localhost*CLI>
localhost*CLI> sip show ch
channels channelstats channel
localhost*CLI> sip show channels
channels channelstats
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:05:14 0000015595 0000000000 ( 0.00%) 0.0000 0000015567 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:05:14 0000015582 0000000000 ( 0.00%) 0.0000 0000015605 0000000000 ( 0.00%) 0.0002
2 active SIP channels
localhost*CLI> sip show channels
Peer User/ANR Call ID Format Hold Last Message Expiry Peer
192.168.1.198 311 377d10b8-dea54a (ulaw) No Rx: ACK 311
21.11.69.144 19025930487 2cc5776731fc4ec (alaw) No Tx: ACK flowroute-
2 active SIP dialogs
localhost*CLI> sip show channels
Peer User/ANR Call ID Format Hold Last Message Expiry Peer
192.168.1.198 311 377d10b8-dea54a (ulaw) No Rx: ACK 311
21.15.69.144 19025930487 2cc5776731fc4ec (alaw) No Tx: ACK flowroute-
2 active SIP dialogs
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:08:23 0000025052 0000000000 ( 0.00%) 0.0000 0000025024 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:08:23 0000025039 0000000000 ( 0.00%) 0.0000 0000025062 0000000000 ( 0.00%) 0.0005
2 active SIP channels
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:13:01 0000038942 0000000000 ( 0.00%) 0.0000 0000038913 0000000000 ( 0.00%) 0.0002
21.15.69.144 2cc5776731f 00:13:01 0000038928 0000000001 ( 0.00%) 0.0000 0000038952 0000000000 ( 0.00%) 0.0001
2 active SIP channels
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:13:53 0000041526 0000000000 ( 0.00%) 0.0000 0000041498 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:13:53 0000041513 0000000001 ( 0.00%) 0.0000 0000041536 0000000000 ( 0.00%) 0.0001
2 active SIP channels
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:14:55 0000044650 0000000000 ( 0.00%) 0.0000 0000044621 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:14:55 0000044636 0000000001 ( 0.00%) 0.0000 0000044660 0000000000 ( 0.00%) 0.0002
2 active SIP channels
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.180 377d10b8-de 00:15:30 0000046404 0000000000 ( 0.00%) 0.0000 0000046375 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:15:30 0000046390 0000000001 ( 0.00%) 0.0000 0000046414 0000000000 ( 0.00%) 0.0001
2 active SIP channels
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:15:48 0000047294 0000000000 ( 0.00%) 0.0000 0000046579 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:15:48 0000046593 0000000001 ( 0.00%) 0.0000 0000047304 0000000000 ( 0.00%) 0.0001
2 active SIP channels
[2018-02-01 11:47:13] NOTICE[2099]: chan_sip.c:29560 check_rtp_timeout: Disconnecting call 'SIP/flowroute-3007-00000008' for lack of RTP activity in 31 seconds
== Spawn extension (macro-dialout-trunk, s, 30) exited non-zero on 'SIP/311-00000007' in macro 'dialout-trunk'
== Spawn extension (from-internal, 229025930487, 7) exited non-zero on 'SIP/311-00000007'
== Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/311-00000007' in macro 'hangupcall'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/311-00000007'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/311-00000007'
localhost*CLI></markster@digium.com>
      1 Reply Last reply Reply Quote 0
      • A
        AndrewZ
        last edited by

        Follow this guide:
        https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to
        read this as well:
        https://doc.pfsense.org/index.php/VoIP_Configuration
        don't use siproxd

        If the problem persists - check your sip debug first.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          If you are saving .180 and it is being changed to .0 you are probably setting a /24 netmask. Not a /32 as described there to limit static port to just connections made by the PBX, not the whole subnet.

          ![Screen Shot 2018-02-01 at 3.13.07 PM.png](/public/imported_attachments/1/Screen Shot 2018-02-01 at 3.13.07 PM.png)
          ![Screen Shot 2018-02-01 at 3.13.07 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-02-01 at 3.13.07 PM.png_thumb)

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • R
            richtj99
            last edited by

            Hi,

            Thank you for the /32 - that seems to have solved it.

            Two questions:

            1.  The flowroute instructions show the Nat Address as a *, mine says Wan Address (does that matter)?
            2.  Just to confirm the outbound mapping rule, has a grayed out X  & the text is grayed out - beyond applying changes is there anything I need to do to make it work?  It seems not to be working but I dont see where to 'enable' the rule, just disable the rule in the settings?

            Thanks,
            Rich

            PBX.JPG
            PBX.JPG_thumb

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              A grayed out rule is disabled and thus not actually present in the active rule set. Edit and enable it. But if it is working you likely do not need it. ;)

              I would recommend WAN Address over * (any) as a port forward destination. There is no reason not to be specific there.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • R
                richtj99
                last edited by

                @Derelict:

                A grayed out rule is disabled and thus not actually present in the active rule set. Edit and enable it. But if it is working you likely do not need it. ;)

                I would recommend WAN Address over * (any) as a port forward destination. There is no reason not to be specific there.

                Thank you for replying.  I admit - I am really confused.

                In the attached - would you say this is enabled or disabled?  It looks disabled but when I edit the rule, then check it as disabled, save - it has no change.  When I edit the rule, uncheck it, then save, it still looks the same.

                Is there something i am missing to enable the rule?

                Thanks,
                Rich

                PBX.JPG
                PBX.JPG_thumb

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Disabled.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • GrimsonG
                    Grimson Banned
                    last edited by

                    Your outbound NAT mode has to be set at hybrid or manual, if it's on auto your rules will always be disabled.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.