Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SIP no audio with FreePBX

    Scheduled Pinned Locked Moved Firewalling
    asteriskfreepbxnatsip
    4 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TO2020
      last edited by TO2020

      Dear Community

      I have a pair of pfSense firewalls running 2.4.5-RELEASE-p1.
      They are running in HA with CARP on LAN, WAN and DMZ.
      I have a FreePBX v13 in DMZ.
      Since I have additional WAN IP addresses from my ISP, I configured an IP Alias using one of these IP addresses.
      Setup
      LAN CARP IP: 10.5.1.254
      DMZ CARP IP: 10.5.5.254
      FreePBX: 10.5.5.10
      WAN CARP IP: x.x.x.216
      WAN IP Alias: x.x.x.218

      I have a 1:1 NAT between x.x.x.218 and 10.5.5.10
      I have "AON - Advanced Outbound NAT" from 10.5.5.10/32 on UDP to x.x.x.218 on UDP using static ports
      In DMZ, I have a rule which allows all traffic to all destinations from 10.5.5.10
      On WAN, I have two rules which allows from any to 10.5.5.10 on UDP5060 and from any to 10.5.5.10 on UDP ports 10000:20000

      I have a SIP client on internet which is configured to connect on x.x.x.218.
      The client registers on FreePBX and I can make and receive calls, but audio is a problem.
      If I place the call on the SIP client, there is no audio at all.
      If I place the call elsewhere and call the SIP client, the SIP client side has audio, but not the other side.

      What I have tested

      1. Toggled between static and non-static ports on AON
      2. Specified specific ports on AON (2 rules, one with 5060 and one with 10000:20000)
      3. Included both TCP and UDP in AON rules
      4. Moved Outbound AON rules to the top of the list

      I have read through so many different articles and I think I have done this correct, but it is still failing.
      Would greatly appreciate some help here.

      Kind regards,
      Thomas

      1 Reply Last reply Reply Quote 0
      • L
        Lamia
        last edited by

        @to2020 said in SIP no audio with FreePBX:

        I have a SIP client on internet which is configured to connect on x.x.x.218.
        The client registers on FreePBX and I can make and receive calls, but audio is a problem

        Your payload is likely going through another route. I would think that calls within the network works.

        Try use a VPN from Pfsense for clients away from office/home and call when both clients are on the same network i.e."A" via company's Pfsense VPN connects to the freepbx and "B" is a phone already on the network within the premises also connected to the same freepbx.

        Your rules are for SIP signalling not the payload - RTP. And I would imagine that the addresses in use frequently change.
        A VPN may be necessary if you can't hardcore the addresses, say frequently changing and not all the addresses are known.

        T 1 Reply Last reply Reply Quote 0
        • T
          TO2020 @Lamia
          last edited by

          @lamia
          Thank you very much for the comments.
          Calls within my network are indeed working. All phones (physical phones and softphones) inside my LAN, which only has to go via a route (no NAT) to reach the PBX in DMZ, works well.

          Introducing VPN requirements for this, is quite a challenge and I don't know if this is really doable all things considered.

          I have previously managed an almost identical setup using Cisco ASA firewalls and FreePBX with no such issues at all. I don't understand why this is not working on pfSense.

          "Your payload is likely going through another route"
          Not sure how that is possible to be honest. There is a single route in DMZ and WAN.

          "Your rules are for SIP signalling not the payload - RTP. And I would imagine that the addresses in use frequently change"
          I think my rules covers both signalling and RTP. As said, I configured AON which should apply to all ports. Or is that not how AON would actually work?
          What is considered frequently changing addresses? My environment is rather small (around 35 users) and right now, I am the only one using (or testing) the softphone app on an external laptop and on an Android phone. The external laptop has a static address in my WAN segment (x.x.x.217)

          I performed another test last week where I deleted the VIP (IP Alias) and just did a direct NAT using the WAN CARP IP, but with the same results.

          Based on several articles and forum posts, using AON with static outbound NAT seems to be the common or recommended way of setting this up.

          Kind regards,
          Thomas

          1 Reply Last reply Reply Quote 0
          • T
            TO2020
            last edited by

            After another round of extensive troubleshooting, it turned out that everything I had done on the pfSense side was correct all along.
            The 1:1 NAT with static Outbound NAT rules were working perfectly fine.

            One thing I did not mention in my initial post, was the fact that I am also using DNS Resolver in my DMZ.
            This is done so that any softphone clients using my guest WiFi network, will be able to resolve the IP address of my PBX to the internal IP, rather than the external.
            While the PBX itself was configured with static IP address and using public name servers, it would somehow still resolve the PBX name to the internal IP, rather than the public IP.
            I don't know if there is a bug in the OS where FreePBX is running on, or a configuration error or something else. This is still a mystery to me, which I am trying to figure out.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.