  • Not sure if this is firewall related or NAT related but it VoIP related.

    I just setup 2 pfsense boxes (2.3.1-RELEASE-p1) on nice powerful hardware so I don't that's the issue.  I have CARP working with Master and Slave setup.  I have multiple Virtual IP addresses setup on the WAN interface and 1 setup on the LAN interface all CARP.

    I have setup NAT per the directions from PFsense and setup to use static ports (some worked without it but I went ahead and set it up for every NAT anyways).  NAT is setup with internal IPs going to External IPs and the rest of the settings are any/any.

    I have setup port forwarding per Pfsense directions for standard VoIP ports.  Including 5060, 4569, and 10000-20000.  These port forwards go from the external IP addresses to an internal addresses.

    I run multiple asterisk servers connecting to the VoIP carrier using SIP and g711.  Each asterisk server has its own external IP address.  The asterisk servers connect to outside asterisk servers using IAX trunks and SIP endpoints (phones).  Everything registers and works, mostly.

    The problem is sometimes the calls drop for no reason.  Sometimes the audio is one way only.  The major issue is when forwarding a call from an external phone to another external phone on a different asterisk server the audio is always dropped at least one way.

    Example 1: Call comes in to (internal) asterisk server "A" which rings (external) phone"A" everything works, mostly.

    Example 2: Call comes into (internal) asterisk server "A" which forwards to (external) landline or cell phone the audio drops.

    Example 3: (External) Phone "A" calls through (internal) asterisk server "A" to (internal) asterisk server "B" to (External) phone "B" the audio drops.

    Keep in mind in example 3 the traffic between asterisk servers passes through the firewall to the VoIP carrier and back from the VoIP carrier through the firewall between servers. (again, each server has its own dedicated external IP address NATed and port forwarded to its own dedicated internal address).

    It seems anytime the traffic comes into an asterisk server then back out through the carrier and then back into a different asterisk server the audio is lost.  The audio is also lost when it comes in to the asterisk server and then is forwarded back out to the carrier to a landline or cell.

    This all probably seems confusing but it does work on another UTM type firewall.  I would just like to get PFsense working because it seems "lighter" than what we have now.

    I have tried using the GUI packet capture but it never captures the RTP packets…just everything else.

    Any ideas, questions or comments would be appreciated.

