4COM Hosted SIP: Audio drops out.



  • Hi all, I am experiencing total loss of audio in VOIP calls from SIP phones (hosted PBX solution from 4com). I have done everything available from the online info with regards to the conservative states, UDP timeouts, NAT'ing etc… However I am still experiencing the same issue. The dead audio occurs seemingly at a random interval but usually within 10 minutes on a call. The call remains connected however, just no sound.

    I have put a couple of the phones on a VLAN thats in the public domain and assigned public IP's (vlan is switched straight into virgin media's cisco router). We have a /28 public subnet. These phones have not experienced the dropped audio issue now for over a week. So im pointing the finger at pfSense.

    The only thing I have not tried is the sipproxd package, but since this is 2017, Im hoping 4com's hosted PBX platform isn't strict on 5060 source ports from handsets.

    They have even supplied me with a little router/vpn box that VPN's all phone traffic to them (set the gateway of phones to this box), which should mean pfsense isn't able to identify UDP voip traffic as its encapsulated in the VPN....... But still no.... Any phones under pfSense are having issues.

    Now I looked at the traffic graphs in pfSense and can see the following on the VOIP lan side interface. (Attached).

    What bothers me is that I can see 'blocked in/out' traffic even though I have a rule on this interface to allow ALL traffic inbound (outbound to internet obviously) on the interface.

    How can I identify what this tiny bit of traffic is and does anyone have any suggestions on what to try next?

    Tom

    ![Screen Shot 2017-07-14 at 10.42.46.png](/public/imported_attachments/1/Screen Shot 2017-07-14 at 10.42.46.png)
    ![Screen Shot 2017-07-14 at 10.42.46.png_thumb](/public/imported_attachments/1/Screen Shot 2017-07-14 at 10.42.46.png_thumb)



  • I'm assuming you have been through these steps already? https://doc.pfsense.org/index.php/VoIP_Configuration

    How is the PFSense box configured for the phones? Do you use QOS?

    I don't know 4com to well as a vendor. I normally go with RingCentral or BluIP but some vendors have ports required for the PBX connection. It could be possible they are dropping packets and causing phones to re-register?

    Can 4Com see any of these types of things going on from the their back end?

    Can you enable logging and watch the PFSense for a phone behind it and see whats being blocked?

    How is the ISP line? Any drops? Did you check network for jitter rates? Any traffic shaping going on that might be causing these issues? Have you tried turning traffic shaping off?



  • @tomstephens89:

    Hi all, I am experiencing total loss of audio in VOIP calls from SIP phones interface.

    I bet Ive posted 100 times about how to set up VOIP. Many others as well. Search is your friend..  ;D

    Can you post a screenshot of any WAN rules that pertain to your VOIP service?

    Really nowadays the VOIP configuration document quoted above is not needed.

    Maybe one of these below might help..

    https://forum.pfsense.org/index.php?topic=121125.msg680358#msg680358

    https://forum.pfsense.org/index.php?topic=114924.msg638514#msg638514

    https://forum.pfsense.org/index.php?topic=113275.msg632059#msg632059

    https://forum.pfsense.org/index.php?topic=127331.msg702897#msg702897



  • @chpalmer:

    @tomstephens89:

    Hi all, I am experiencing total loss of audio in VOIP calls from SIP phones interface.

    I bet Ive posted 100 times about how to set up VOIP. Many others as well. Search is your friend..  ;D

    Can you post a screenshot of any WAN rules that pertain to your VOIP service?

    Really nowadays the VOIP configuration document quoted above is not needed.

    Maybe one of these below might help..

    https://forum.pfsense.org/index.php?topic=121125.msg680358#msg680358

    https://forum.pfsense.org/index.php?topic=114924.msg638514#msg638514

    https://forum.pfsense.org/index.php?topic=113275.msg632059#msg632059

    https://forum.pfsense.org/index.php?topic=127331.msg702897#msg702897

    Perhaps I wasn't clear in my original post. I have already gone through everything documented I can find in relation to pfSense and VOIP.

    We have about 12 phones in the office, the issue is as follows:

    Both incoming and outgoing calls work. However at a random interval, usually within 10 minutes, the audio of a call will drop. This isn't happening on every call, but a lot of them. The phones will still say the call is connected.

    4com have run some traces their end and said that they can see packet loss at the point before loss of audio in the RTP stream.

    I have no WAN rules configured for VOIP, no QoS and no traffic shaping. All outgoing traffic is allowed from the VOIP VLAN. I have not been told I need to configure any rules incoming on the WAN interface.

    4com provided a small Microtik router that establishes a VPN connection to them, I placed it on the VOIP vlan and have changed the gateway of the phones to use this microtik router. 4Com have confirmed that voip traffic is now reaching them via the VPN. However the same issues are still occuring. The purpose of this was to encapsulate the traffic so that pfSense does not see and therefore do anything to it.

    As a test I placed a couple of phones above pfSense, on the public internet with public addresses from our range. These have NOT experienced a dropped call once.

    So this leaves me pointing the finger at pfSense still. Could it be that I need to create some incoming WAN rules to allow the hosted PBX to get traffic into the phones? But if this is the case how come calls are able to work for a random duration and sometimes without issue?

    The WAN connection is a Virgin Media MIA leased fibre circuit, 100/100.

    Ideas? I have been using pfSense at the office for 4 years and at the datacenter in a cluster configuration for the same amount of time and so far have never had myself puzzled like this.

    EDIT: I have just checked states for 5060 traffic on pfSense and as I suspected there is none. The states on this microtik VPN router thing show all the phones 5060 traffic is indeed traversing the VPN using private addresses.

    Tom



  • SIP was not originally designed to transverse NAT but was only amended later when the idea of residential service caught on..  There are many different ways a provider might configure their product. I can tell you about my provider and a little about Vonage to help with some clues but you will have to know some things about your service to make this work without issues.  Some services just work out of the box and some need to be persuaded.

    If your using a cable connection and have a Puma 6 equipped modem I can tell you your going to have issues with UDP traffic which most VOIP and VPN's rely on. There is info on that on this forum and at DSLreports.com

    Some providers (like mine) only handle SIP.  RTP is actually directly between the carrier they use and my equipment. So to the firewall the RTP traffic can look unsolicited and thus be blocked.

    Vonage for years used SIP port 10000 and rtp (If I remember right) 10010-10030. Both from the same server (same IP.)  This made life easier for them.

    Don't  confuse incoming firewall rules (which you probably need) with port forwarding (which you don't want or need)

    Figure out your SIP server IP address and make a rule allowing it to contact your VOIP LAN inbound ports(s).

    Figure out where your RTP streams are coming from by watching your firewall logs and create WAN rules to allow those servers (or server if its just one) to your inbound RTP streams.

    I like to use SIProxd just because it makes my life easy. I have terrific luck with it after I figured out how to properly configure it..  But that's me..

    My guess is that your firewall is dropping states. Ive run into that in the past and found I needed incoming WAN firewall rules pointed at my WAN address (SIProxd) to alleviate it.    (No SIProxd then point any inbound to your VOIP LAN.)