Join.ME - SIP/NAT configuration
Hi there, My name is Jeen
New pfSense user and not especially familiar with firewall config and NAT.
I have pfSense 2.4.1-RELEASE running and all is working fine with our mix of Mac and windows machines apart from Join.me - "web-based collaboration software application for screen-sharing and online meetings".
Laptop users who want to use this can use it fine outside of our network but it wont work when they are behind the pfSense firewall. I've tried it on a couple of machines and non of them will work. They are making audio only calls apparently.
Join.me support are not a lot of help in that they say do the following….
You may need to check your firewall settings.
The join.me internet calling service uses the SIP standard to facilitate communication between the computer and the conference service. In some environments, this may require certain ports and IP ranges to be opened in your firewall.
The following port ranges should be allowed through your firewall:
5060-5100 TCP Outbound (SIP Signaling ports)
7800-32000 UDP Outbound (Voice Traffic ports)
These ports should be opened to a specific IP address range:
After some searching of the net and this forum I have taken this to mean the following...
1. Change the outbound NAT mode to manual
2. Add two outbound mappings at top of mappings list, 1 for upd and one for tcp as follows…
Interface, Source, Source Port, Destination, Destination Port, NAT Address, NAT Port, Static Port
WAN, 192.168.0.0/24, udp/*, JOINMEADDRESSES, udp/SIPUDPPorts, WAN address, , Static
WAN, 192.168.0.0/24, tcp/, JOINMEADDRESSES, tcp/SIPTCPPorts, WAN address, *, Static
JOINMEADDRESSES is an alias with all the IP ranges specified by Join.me support (above).
SIPUDPPorts and SIPTCPPorts are the port ranges specified by Join.me support (above).
Anyway after doing that it still doesn't work.
Can anyone help/nudge me in the right direction? I feel I'm probably missing something somewhere but lost as to where to look.
You should not have to do anything special based on that description.
All traffic for connections from LAN outbound is passed by default.
You should probably undo everything you have done.
I have used join.me and GotoMeeting with pfSense and they work as is without any special config. I've used it with both voip phones as well as my headset.