Sip calls not working
-
I cannot get my external sip calls to work with PFSENSE. I am using FreePBX with Flowroute, and i can not make calls out from my PBX. I have portfowarding of 5060,5061,5160, 5161, and 10000-50000 forwarded to my PBX, not sure what is causing the issue?
-
You didn't mention it, so take a look at static port https://doc.pfsense.org/index.php/Static_Port
-
Check your SIP and RTP traffic then 'translate' the issue to IP language. pfSense is out of discussion at this point.
Follow pfSense guides for VoIP (static ports, etc).
Remove all the port forwardings until you fully understand why you need to do this for every port and port range, don't blindly follow your provider guidelines regarding this. -
This is a NAT problem. You would be better off using the sip package you can add to pfsense and configuring things manually. No NAT to deal with that way.
Not sure if you can still add the asterisk package though. Seems missing from the available packages.
-
The siproxd package is almost never required any more and unless it is used for the specific use-case it is designed for (which is multiple SIP clients/phones on the inside all requiring the same static outside source port talking to the same remote address:port) then it usually just makes things worse.
https://doc.pfsense.org/index.php/Siproxd_package
Note the warnings all over that page.
-
No - I was talking about a sip server without any nat. This used to be a package in pfsense. The seemingly now gone Asterisk package.
Asterisk used to be a package and so that would put a public IP on it. Much less trouble. -
I had issues with outbound SIP until I checked Disable Firewall Scrub under System->Advanced->Firewall & NAT. Before doing that outbound calls would fail with weird authentication errors.
-
I disabled firewall scrub and still no dice, I tried setting up portforwarding the same as on my old router and sip calls are not working, except sometimes I can make a single call. I'm not sure where the issue lies :(
-
Disabling scrub is not what you want to do. That is also a specific fix for a specific problem that will probably break VoIP.
You will probably need to show whatever guidance FreePBX and Flowroute give for getting through NAT and just make pfSense do that.
It generally involves:
1. Port forwards for the connections from the outside to the PBX.
2. Static outbound ports for connections from the PBX out
3. Setting the PBX to send the proper outside address instead of the local private address in its SIP conversations.
-
I have never been able to get a SIP server to work correctly behind NAT on pfsense or any router unless the devices connecting to it from the outside had a Public IP.
Or if the devices on the outside had a private IP sitting behind NAT, then my SIP server needed a Public IP.
Or if SIP server was behind the same firewall as all the devices it served and the SIP trunk had a public IP.
SIP and RTP packets hate NAT.
This is one of the reasons I can't wait for IPV6 to finish rolling out. These problems all go away.
VPNs also work. If the remote sites or remote devices have a VPN back to pfsense, usually cures the craziness.
Typical NAT problems usually show up as a phone that will ring but there is no audio or only 1 side gets audio.
Running your own sip server is tricky when your SIP server is in site A and the phones connecting to it are at site B.
I still don't have enough information about the network your sip server is sitting behind and the location of those calling in and out and how they connect to your server to know which problem you are having.
Also, 1st step. Make sure your pfsense LAN isn't 192.168.1.1
-
Yeah. I generally ask:
In relation to pfSense, where are the:
PBX
Phones
SIP trunks (if any)
-
The key question what is the problem in relation to pfSense?
I cannot get my sip calls to work - that's not about pfSense!Would be great to finally see something about pfSense [mis]behaviour, something like this:
my pfSense appliance is not passing some UDP packets through, as a result my LAN-side Asterisk is not getting RTP data from my WAN-side SIP provider -
I am using freepbx, the phones can reach the box fine, but cannot reach out the external sip trunks to flowroute who provides my trunking service. I have enabled all firewall rules and port forwarding as documented by freepbx and flowroute, but calls still cannot get out.
-
Sounds like your pbx is not registering with the trunk properly. Probably a configuration error, not a firewall error.
I'd bet your trunk has a public IP, so NAT wouldn't be an issue for you on an outgoing call via a trunk.
A set up like that where the pbx is behind pfsense, and so are the phones but you are dialing out through a trunk shouldn't make a lot of NAT issues or firewall issues.
You could close all the ports except 5060 and 5061 and that should still work. (thats what I used to do).
If you aren't even ringing phones, something in the pbx config (like a user name and password) are likely messed up.
Do make sure you have static nat set for outbound routing for 5060 and 5061 and probably all your RTP ports as well. Just to be safe.
-
I have enabled all firewall rules and port forwarding as documented by freepbx and flowroute, but calls still cannot get out.
Where is this documentation?
Where are the screen shots of said rules?
If you had done everything they said correctly it would (probably) be working.
It REALLY, REALLY (REALLY!) sounds like you either need static outbound NAT from the PBX and/or your PBX is sending its inside address in the SIP session instead of the outside address and flowroute is too stupid to deal with that.
-
I rebooted my entire network setup, waited 30 seconds, and now everything is working fine. Must have been something in the Network hanging or something.
