SIP Phones



  • Hi

    I have two SIP handsets sitting behind my pfSense firewall.
    They register to a host PBX without issue. The hosted PBX sits behind a pfSense firewall as well.

    Calls can be made between the two handsets but no audio is heard.

    Looking at my local pfSense firewall logs I can see UDP packets being blocked from the IP Address of the hosted system.

    I've added a WAN Rule of :
    Protocol: IP v4 TCP/UDP
    Source: Host IP Address
    Port: *
    Destination: *
    Port: *

    The logs are now showing the UDP being isn't being blocked but still no audio.

    One suggestion I've read is to ensure the firewall isn't mapping the ports so the port numbers don't change.

    Has anyone any advise on this ?

    Thanks



  • Have a look here:
    https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to
    This is what I use with good result.



  • I suggest to start from SIP debugging. Normally (depending on PBX capabilities) SIP phones should not be allowed to discover their external public IP, so only private IP addresses should appear in SDP and RTP traffic should not traverse firewall for internal calls on the same LAN. If your PBX is remote (how I read hosted) it should be capable to work with NATed endpoints, otherwise you will probably need to work on your firewall/NAT rules and 'hide' remote NAT from the PBX. I do not see any pfSense specific issue yet.
    +1 to DickB recommendation, I recall it was another similar article nearby



  • Locally on the LAN I have a IP PBX with several SIP trunks connected to it from different providers.
    In my NAT Rules I have entries for each trunk providers IP Address and then route them to the IP Address of my PBX.
    Locally everything works fine, we can make & receive calls with two way audio via the trunks. Internal calls are also fine.

    We are looking at moving to a hosted PBX so I'm trying a couple of phone connected to it. The phones are using STUN and connect to the remote hosted PBX.
    The connection and SIP messaging is fine, it's just SRTP that is the issue.
    If I call from handset A to B the connection is instant but we get no audio.

    I'm not sure the 'PBX VoIP NAT How-to' is right in this situation, as that is pretty much how I'm setup with the local PBX now.

    I've allowed the IP Address of the remote PBX in via a WAN rule and set the source to ANY, but still no audio.

    Any further ideas ?
    Thanks



  • @TomT:

    In my NAT Rules I have entries for each trunk providers IP Address and then route them to the IP Address of my PBX.
    The phones are using STUN
    I've allowed the IP Address of the remote PBX in via a WAN rule and set the source to ANY

    I would get rid of all above. Then debug SIP & RTP.
    Try to switch from "we get no audio" to "I see no RTP at address:port"



  • We have several clients using a hosted PBX at Nextiva.  Other than rules to allow all traffic to and from their IPs, there isn't anything else that we've needed to do.  No NATting at all.



  • Cheers.

    I'll have a look at this tomorrow.



  • Hi

    Prior to making any changes this is all working fine for the SIP trunk on the local PBXs, the issue is local SIP phones getting RTP audio from a hosted system.

    This morning I removed all my NAT rules relating to SIP and created one WAN Rule.

    Protocol: IPv4 TCP/UDP
    Source: SIPAddresses Alias
    Port: *
    Destination: *
    Port: *
    Gateway: *
    Queue: *

    SIPAddesses is a list of ALL IP Addresses I want to allow access in, this includes SIP Signaling & RTP Media addresses.
    Once I'd done this I restarted my pfSense and the two PBXs we have on the LAN.

    Each PBX has multiple trunks from different providers (using ports 5060, 5065 or 5068)
    Looking at the PBX logs there are lots of packets being sent to the carriers but no responses coming back.

    I've not changed any rules in LAN.
    I have a default rule of:

    Protocol: IPv4*
    Source: LAN net
    Port: *
    Destination: *
    Port: *
    Gateway: WAN_PPPOE
    Queue: *

    So this looks like packets being blocked coming back in.
    Should the above rule have allowed an traffic from the SIP IPAddresses to any PBX on my LAN, even if two different devices are using port 5060 ?

    How can I work out what is wrong ?

    For now I've reloaded my backup and we're working as was, but no audio on the two SIP phones connected to the remote hosted system.

    Thanks.



  • Hi.
    Anyone any ideas on this ?

    Thanks


Log in to reply