Help Needed: Possible NAT/Firewall Issue - VoIP Registration over VPN



  • Hi,

    Not sure if this should be in /IPSec or /Firewall (If incorrect please move to appropriate sub-forum),

    I'm new to pfSense (and anything beyond basic firewall knowledge), but hoping to get some help with a remote VoIP phone registering on our FreePBX box, through an IPSec IKE VPN connection.

    Office Firewall - pfSense Netgate SG-2440 (v2.3.1-RELEASE-p5)
    Home VPN Router - Cisco RV215W (v1.3.0.7)    (** Web Interface Emulator - https://www.cisco.com/assets/sol/sb/RV215W_Emulators/RV215W_Emulator_v1.0.0.16/default_EN.asp.htm )
    Both connected via IPSec IKE VPN Connection

    After following the pfsense docs, a few forum posts and a couple of blog articles I managed to successfully setup the IPSec connection between the office firewall and the home vpn router.

    I can ping all clients from each end and access our severs network shares.
    But the remote phone cannot register with our office PBX.
    When connected directly into the office network, phone registers without issue.
    But connected to VPN router. Fail.
    Phone receives a reserved IP from the Home Router OK (192.168.63.20).
    PBX console log do not show any connection attempts from phone.
    Phone's web interface is fully accessible from office over VPN.
    Checked phone settings for any timeout settings. None.
    Ping between sites is 63ms.
    Tried forwarding all SIP related ports to PBX ip. Same.

    Please see linked screen shots of my current Firewall, Port Forwarding, NAT and IPSec settings.
    http://imgur.com/a/fgadE

    Is there a way I can view a specific VPN client's (Phone: 192.168.63.20) connection logs to/through the firewall?
    I'm not entirely sure if the problem is with my pfSense config or setup of the Cisco router.

    All help advice/help is greatly appreciated with this last hurdle!

    Kind Regards

    Alex



  • @01A:

    PBX console log do not show any connection attempts from phone.

    Check the packet capture on pfSense LAN instead.



  • Thank you!

    It is incredibly helpful getting re-pointed when feeling stuck in the middle of a problem.
    And overlooking what should have been an obvious cause. (Trees for the woods etc).  :)

    Confirmed packets were going to PBX and I had completely missed the integrated firewall.

    Silly mistake, but hopefully this may help another.

    Thanks Again.