Losing my mind getting H.323 traffic from Pexip through Pfsense

  • Have pfsense community edition trying to dial out from a Polycom Group 310 to a pexip mcu via h.323 and cannot get the call established to save my life (or job).

    This is my first time using a pfsense but I can't see any logical reason this connection is failing. We've got a Polycom RMX in the same remote network which we can dial into via h323 without issue.

    I checked the states and the only difference I can see between calls from the RMX to the Pexip mcu is that all the UDP sessions appear to have no return traffic-

    SIP works fine on this network and trying H323 from out second network through a commander firewall works fine. I've tried playing with the firewall options on the group ssystem and using the different dial-in strings vmr@ip, vmr@domain, ip##VMR

    I'm not sure if you're familiar with pexip but it will pick a random port between 30000-59999 to send audio/video down and I can't set a specific forwarding rule for all traffic to this one endpoint as we have multiple endpoints on this network. I also don't want to assign a public IP to this endpoint as I can't think of any reason it wouldn't work via nat.

    I'm not sure what info is relevant here but if someone wants to pick up a torch and assist me on this I'm will to tip some ark or eth since i'm desperate to get his working.

  • Here's a ss of the active states during h323 call to our RMX. These UDP streams hsould be the media as we can see from the Pexip mcu that the call is established and signalling looks ok but no media or video is hitting our site.

  • Hi Steve,

    Pexip doesn't support NAT for H323 calls, which means that for an H323 call to work from a video system on a private (NAT'd) address, you will have to configure NAT on the Polycom device itself, and then configure appropriate port forwards on pfSense, so that media and signalling sent from Pexip will reach your Polycom device (I'm assuming here that your Group 310 is sitting somewhere on your internal network).

    Let me know if that makes sense!

    Edit: As you mention, SIP should also work fine since Pexip does support NAT/FW traversal for SIP calls (Is there a reason you prefer using H323 rather than SIP here?)


Log in to reply