3CX pfsense



  • Hi all,

    We are having some diffuclties getting our virtual multitenant 3CX install working.

    I followed this guide:
    http://www.3cx.com/docs/virtual-pbx-firewall-setup/
    https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to

    Our Setup:
    A Pfsense 2.3-1 that has the PPOE session
    Transit VLAN
    a pfsense connected to the transit vlan

    each pfsense that is connected has a virtual external static ip. With a 1:1 NAT mapping.

    so I'll try to give an example:
    1.1.1.1 –> 192.168.1.1 pfsense 1
    192.168.1.2 --> 192.168.0.1 pfsense 2 (has 2.2.2.2 as Virtual IP - NAT mapping)
    192.168.0.100 --> 3CX

    3CX instance 9 (yeah somehow this is the first? :) )
    Sip port: 13060
    Sip Tunnel: 13090

    Now the problem:
    Every phonecall got disconnected after 32 seconds.

    A second try:
    I moved the 3CX into the transit VLAN.
    1.1.1.1 --> 192.168.1.1 pfsense 1
    192.168.1.100 --> 3CX (has 2.2.2.2 as Virtual IP - NAT mapping)

    The problem with this is:
    The phone keeps connected now, but I have no sound.
    Logs keep telling me:

    31-mei-2016 14:03:30.506  NAT/ALG check:L:5.1[Extn:202] REQUEST 'INVITE' - some of SIP/SDP headers may contain inconsistent information or modified by intermediate hop
      SIP contact header is not equal to the SIP packet source(IP:port):
          Contact address:192.168.1.2:37587
          Received from :192.168.1.2:57977
    'audio' media IP is not equal to the IP specified in contact header:
      'audio' media IP is not equal to the SIP packet source(IP:port):

    So obviously I am doing something wrong.
    I just don't know what. I checked over and over for settings.

    Need more info? Please ask!



  • Actually I am going to reply it myself.

    There was nothing wrong with the setup. Maybe the first (I am not sure).

    I tried with my laptop (connected on the neighbors wifi) and it worked sublime!

    So back to 2 firewall's, tested and perfect!

    So the problem in fact lays in our own outgoing firewall. Anyone a idea? I created a nat outbound mapping:
    Interface: WAN
    Protocol: TCP/UDP
    Source: network: 10.223.1.0/24
    Destination: Any
    Static port!



  • Check your SIP debug on 3CX and/or on the client. Find what is missing (particular request or response) and where it was blocked or dropped. And don't use the SIP ALG, never.



  • @AndrewZ:

    And don't use the SIP ALG, never.

    How do you shut this down in pfsense? I did not found this option?



  • @CM350:

    How do you shut this down in pfsense? I did not found this option?

    Uninstall siproxd ?