Pfsense update causing SIP issues?

richtj99

Hi,

I have had a Pfsense box & Flowroute with freepbx for close to 2 years - never a problem.  Recently I am getting dropped calls at exactly 15:30 every call.  I spoke to Flowroute who said it was a PFsense firewall issue & they suggested this:

https://tickets.flowroute.com/customer/portal/articles/1852969-pfsense-firewall-configuration

The strange thing is that when I choose source & put my internal PBX IP, it will only save it as 192.168.1.0 though I am trying to do 192.168.1.180.  I am following the instructions but it does not work.

I have never setup a nat rule & have not had any issues.  Flowroute said the problem is that the port keeps changing internally (doesnt make much sense).

Logs attached for reference.

[root@localhost ~]# asterisk -rvv
Asterisk 13.18.3, Copyright (C) 1999 - 2014, Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 13.18.3 currently running on localhost (pid = 2034)
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] WARNING[3908][C-00000001]: pbx_functions.c:460 func_args: Can't find trailing parenthesis for function 'DB(DEVICE/311/dial'?
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] WARNING[3908][C-00000001]: pbx_functions.c:460 func_args: Can't find trailing parenthesis for function 'DB(DEVICE/311/dial'?
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
[2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Spawn extension (from-internal, 311, 1) exited non-zero on 'SIP/311-00000004'
== Spawn extension (ext-intercom, *80311, 34) exited non-zero on 'SIP/150-00000002' in macro 'exten-vm'
== Spawn extension (ext-intercom, *80311, 34) exited non-zero on 'SIP/150-00000002'
[2018-02-01 11:26:44] NOTICE[2099]: chan_sip.c:29560 check_rtp_timeout: Disconnecting call 'SIP/flowroute-3007-00000001' for lack of RTP activity in 31 seconds
== Spawn extension (macro-dialout-trunk, s, 30) exited non-zero on 'SIP/314-00000000' in macro 'dialout-trunk'
== Spawn extension (from-internal, 339025930487, 7) exited non-zero on 'SIP/314-00000000'
== Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/314-00000000' in macro 'hangupcall'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000000'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000000'
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
[2018-02-01 11:28:55] NOTICE[2099]: chan_sip.c:24592 handle_response_peerpoke: Peer '302' is now Lagged. (2017ms / 2000ms)
[2018-02-01 11:29:05] NOTICE[2099]: chan_sip.c:24592 handle_response_peerpoke: Peer '302' is now Reachable. (19ms / 2000ms)
== Spawn extension (macro-dialout-trunk, s, 30) exited non-zero on 'SIP/314-00000005' in macro 'dialout-trunk'
== Spawn extension (from-internal, 339025930487, 7) exited non-zero on 'SIP/314-00000005'
== Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/314-00000005' in macro 'hangupcall'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000005'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000005'
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
localhost*CLI>
localhost*CLI>
localhost*CLI>
localhost*CLI> sip show ch
channels channelstats channel
localhost*CLI> sip show channels
channels channelstats
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:05:14 0000015595 0000000000 ( 0.00%) 0.0000 0000015567 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:05:14 0000015582 0000000000 ( 0.00%) 0.0000 0000015605 0000000000 ( 0.00%) 0.0002
2 active SIP channels
localhost*CLI> sip show channels
Peer User/ANR Call ID Format Hold Last Message Expiry Peer
192.168.1.198 311 377d10b8-dea54a (ulaw) No Rx: ACK 311
21.11.69.144 19025930487 2cc5776731fc4ec (alaw) No Tx: ACK flowroute-
2 active SIP dialogs
localhost*CLI> sip show channels
Peer User/ANR Call ID Format Hold Last Message Expiry Peer
192.168.1.198 311 377d10b8-dea54a (ulaw) No Rx: ACK 311
21.15.69.144 19025930487 2cc5776731fc4ec (alaw) No Tx: ACK flowroute-
2 active SIP dialogs
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:08:23 0000025052 0000000000 ( 0.00%) 0.0000 0000025024 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:08:23 0000025039 0000000000 ( 0.00%) 0.0000 0000025062 0000000000 ( 0.00%) 0.0005
2 active SIP channels
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:13:01 0000038942 0000000000 ( 0.00%) 0.0000 0000038913 0000000000 ( 0.00%) 0.0002
21.15.69.144 2cc5776731f 00:13:01 0000038928 0000000001 ( 0.00%) 0.0000 0000038952 0000000000 ( 0.00%) 0.0001
2 active SIP channels
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:13:53 0000041526 0000000000 ( 0.00%) 0.0000 0000041498 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:13:53 0000041513 0000000001 ( 0.00%) 0.0000 0000041536 0000000000 ( 0.00%) 0.0001
2 active SIP channels
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:14:55 0000044650 0000000000 ( 0.00%) 0.0000 0000044621 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:14:55 0000044636 0000000001 ( 0.00%) 0.0000 0000044660 0000000000 ( 0.00%) 0.0002
2 active SIP channels
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.180 377d10b8-de 00:15:30 0000046404 0000000000 ( 0.00%) 0.0000 0000046375 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:15:30 0000046390 0000000001 ( 0.00%) 0.0000 0000046414 0000000000 ( 0.00%) 0.0001
2 active SIP channels
localhost*CLI> sip show channelstats
Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
192.168.1.198 377d10b8-de 00:15:48 0000047294 0000000000 ( 0.00%) 0.0000 0000046579 0000000000 ( 0.00%) 0.0001
21.15.69.144 2cc5776731f 00:15:48 0000046593 0000000001 ( 0.00%) 0.0000 0000047304 0000000000 ( 0.00%) 0.0001
2 active SIP channels
[2018-02-01 11:47:13] NOTICE[2099]: chan_sip.c:29560 check_rtp_timeout: Disconnecting call 'SIP/flowroute-3007-00000008' for lack of RTP activity in 31 seconds
== Spawn extension (macro-dialout-trunk, s, 30) exited non-zero on 'SIP/311-00000007' in macro 'dialout-trunk'
== Spawn extension (from-internal, 229025930487, 7) exited non-zero on 'SIP/311-00000007'
== Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/311-00000007' in macro 'hangupcall'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/311-00000007'
== Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/311-00000007'
localhost*CLI></markster@digium.com>

AndrewZ

Follow this guide:
https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to
read this as well:
https://doc.pfsense.org/index.php/VoIP_Configuration
don't use siproxd

If the problem persists - check your sip debug first.

Derelict

If you are saving .180 and it is being changed to .0 you are probably setting a /24 netmask. Not a /32 as described there to limit static port to just connections made by the PBX, not the whole subnet.


richtj99

Hi,

Thank you for the /32 - that seems to have solved it.

Two questions:

1.  The flowroute instructions show the Nat Address as a *, mine says Wan Address (does that matter)?
2.  Just to confirm the outbound mapping rule, has a grayed out X  & the text is grayed out - beyond applying changes is there anything I need to do to make it work?  It seems not to be working but I dont see where to 'enable' the rule, just disable the rule in the settings?

Thanks,
Rich

Derelict

A grayed out rule is disabled and thus not actually present in the active rule set. Edit and enable it. But if it is working you likely do not need it. ;)

I would recommend WAN Address over * (any) as a port forward destination. There is no reason not to be specific there.

richtj99

@Derelict:

A grayed out rule is disabled and thus not actually present in the active rule set. Edit and enable it. But if it is working you likely do not need it. ;)

I would recommend WAN Address over * (any) as a port forward destination. There is no reason not to be specific there.

Thank you for replying.  I admit - I am really confused.

In the attached - would you say this is enabled or disabled?  It looks disabled but when I edit the rule, then check it as disabled, save - it has no change.  When I edit the rule, uncheck it, then save, it still looks the same.

Is there something i am missing to enable the rule?

Thanks,
Rich

Derelict

Disabled.

Grimson

Your outbound NAT mode has to be set at hybrid or manual, if it's on auto your rules will always be disabled.