Pfsense update causing SIP issues?



  • Hi,

    I have had a Pfsense box & Flowroute with freepbx for close to 2 years - never a problem.  Recently I am getting dropped calls at exactly 15:30 every call.  I spoke to Flowroute who said it was a PFsense firewall issue & they suggested this:

    https://tickets.flowroute.com/customer/portal/articles/1852969-pfsense-firewall-configuration

    The strange thing is that when I choose source & put my internal PBX IP, it will only save it as 192.168.1.0 though I am trying to do 192.168.1.180.  I am following the instructions but it does not work.

    I have never setup a nat rule & have not had any issues.  Flowroute said the problem is that the port keeps changing internally (doesnt make much sense).

    Logs attached for reference.

    [root@localhost ~]# asterisk -rvv
    Asterisk 13.18.3, Copyright (C) 1999 - 2014, Digium, Inc. and others.
    Created by Mark Spencer <markster@digium.com>
    Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
    This is free software, with components licensed under the GNU General Public
    License version 2 and other licenses; you are welcome to redistribute it under
    certain conditions. Type 'core show license' for details.
    =========================================================================
    Connected to Asterisk 13.18.3 currently running on localhost (pid = 2034)
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] WARNING[3908][C-00000001]: pbx_functions.c:460 func_args: Can't find trailing parenthesis for function 'DB(DEVICE/311/dial'?
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] WARNING[3908][C-00000001]: pbx_functions.c:460 func_args: Can't find trailing parenthesis for function 'DB(DEVICE/311/dial'?
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:608 ast_func_read: Function PJSIP_HEADER not registered
    [2018-02-01 11:17:51] ERROR[3908][C-00000001]: pbx_functions.c:651 ast_func_read2: Function PJSIP_HEADER not registered
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
    == Spawn extension (from-internal, 311, 1) exited non-zero on 'SIP/311-00000004'
    == Spawn extension (ext-intercom, *80311, 34) exited non-zero on 'SIP/150-00000002' in macro 'exten-vm'
    == Spawn extension (ext-intercom, *80311, 34) exited non-zero on 'SIP/150-00000002'
    [2018-02-01 11:26:44] NOTICE[2099]: chan_sip.c:29560 check_rtp_timeout: Disconnecting call 'SIP/flowroute-3007-00000001' for lack of RTP activity in 31 seconds
    == Spawn extension (macro-dialout-trunk, s, 30) exited non-zero on 'SIP/314-00000000' in macro 'dialout-trunk'
    == Spawn extension (from-internal, 339025930487, 7) exited non-zero on 'SIP/314-00000000'
    == Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/314-00000000' in macro 'hangupcall'
    == Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000000'
    == Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000000'
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
    [2018-02-01 11:28:55] NOTICE[2099]: chan_sip.c:24592 handle_response_peerpoke: Peer '302' is now Lagged. (2017ms / 2000ms)
    [2018-02-01 11:29:05] NOTICE[2099]: chan_sip.c:24592 handle_response_peerpoke: Peer '302' is now Reachable. (19ms / 2000ms)
    == Spawn extension (macro-dialout-trunk, s, 30) exited non-zero on 'SIP/314-00000005' in macro 'dialout-trunk'
    == Spawn extension (from-internal, 339025930487, 7) exited non-zero on 'SIP/314-00000005'
    == Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/314-00000005' in macro 'hangupcall'
    == Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000005'
    == Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/314-00000005'
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
    localhost*CLI>
    localhost*CLI>
    localhost*CLI>
    localhost*CLI> sip show ch
    channels channelstats channel
    localhost*CLI> sip show channels
    channels channelstats
    localhost*CLI> sip show channelstats
    Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
    192.168.1.198 377d10b8-de 00:05:14 0000015595 0000000000 ( 0.00%) 0.0000 0000015567 0000000000 ( 0.00%) 0.0001
    21.15.69.144 2cc5776731f 00:05:14 0000015582 0000000000 ( 0.00%) 0.0000 0000015605 0000000000 ( 0.00%) 0.0002
    2 active SIP channels
    localhost*CLI> sip show channels
    Peer User/ANR Call ID Format Hold Last Message Expiry Peer
    192.168.1.198 311 377d10b8-dea54a (ulaw) No Rx: ACK 311
    21.11.69.144 19025930487 2cc5776731fc4ec (alaw) No Tx: ACK flowroute-
    2 active SIP dialogs
    localhost*CLI> sip show channels
    Peer User/ANR Call ID Format Hold Last Message Expiry Peer
    192.168.1.198 311 377d10b8-dea54a (ulaw) No Rx: ACK 311
    21.15.69.144 19025930487 2cc5776731fc4ec (alaw) No Tx: ACK flowroute-
    2 active SIP dialogs
    localhost*CLI> sip show channelstats
    Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
    192.168.1.198 377d10b8-de 00:08:23 0000025052 0000000000 ( 0.00%) 0.0000 0000025024 0000000000 ( 0.00%) 0.0001
    21.15.69.144 2cc5776731f 00:08:23 0000025039 0000000000 ( 0.00%) 0.0000 0000025062 0000000000 ( 0.00%) 0.0005
    2 active SIP channels
    localhost*CLI> sip show channelstats
    Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
    192.168.1.198 377d10b8-de 00:13:01 0000038942 0000000000 ( 0.00%) 0.0000 0000038913 0000000000 ( 0.00%) 0.0002
    21.15.69.144 2cc5776731f 00:13:01 0000038928 0000000001 ( 0.00%) 0.0000 0000038952 0000000000 ( 0.00%) 0.0001
    2 active SIP channels
    localhost*CLI> sip show channelstats
    Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
    192.168.1.198 377d10b8-de 00:13:53 0000041526 0000000000 ( 0.00%) 0.0000 0000041498 0000000000 ( 0.00%) 0.0001
    21.15.69.144 2cc5776731f 00:13:53 0000041513 0000000001 ( 0.00%) 0.0000 0000041536 0000000000 ( 0.00%) 0.0001
    2 active SIP channels
    localhost*CLI> sip show channelstats
    Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
    192.168.1.198 377d10b8-de 00:14:55 0000044650 0000000000 ( 0.00%) 0.0000 0000044621 0000000000 ( 0.00%) 0.0001
    21.15.69.144 2cc5776731f 00:14:55 0000044636 0000000001 ( 0.00%) 0.0000 0000044660 0000000000 ( 0.00%) 0.0002
    2 active SIP channels
    localhost*CLI> sip show channelstats
    Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
    192.168.1.180 377d10b8-de 00:15:30 0000046404 0000000000 ( 0.00%) 0.0000 0000046375 0000000000 ( 0.00%) 0.0001
    21.15.69.144 2cc5776731f 00:15:30 0000046390 0000000001 ( 0.00%) 0.0000 0000046414 0000000000 ( 0.00%) 0.0001
    2 active SIP channels
    localhost*CLI> sip show channelstats
    Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter
    192.168.1.198 377d10b8-de 00:15:48 0000047294 0000000000 ( 0.00%) 0.0000 0000046579 0000000000 ( 0.00%) 0.0001
    21.15.69.144 2cc5776731f 00:15:48 0000046593 0000000001 ( 0.00%) 0.0000 0000047304 0000000000 ( 0.00%) 0.0001
    2 active SIP channels
    [2018-02-01 11:47:13] NOTICE[2099]: chan_sip.c:29560 check_rtp_timeout: Disconnecting call 'SIP/flowroute-3007-00000008' for lack of RTP activity in 31 seconds
    == Spawn extension (macro-dialout-trunk, s, 30) exited non-zero on 'SIP/311-00000007' in macro 'dialout-trunk'
    == Spawn extension (from-internal, 229025930487, 7) exited non-zero on 'SIP/311-00000007'
    == Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/311-00000007' in macro 'hangupcall'
    == Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/311-00000007'
    == Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/311-00000007'
    localhost*CLI></markster@digium.com>
    


  • Follow this guide:
    https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to
    read this as well:
    https://doc.pfsense.org/index.php/VoIP_Configuration
    don't use siproxd

    If the problem persists - check your sip debug first.


  • Netgate

    If you are saving .180 and it is being changed to .0 you are probably setting a /24 netmask. Not a /32 as described there to limit static port to just connections made by the PBX, not the whole subnet.

    ![Screen Shot 2018-02-01 at 3.13.07 PM.png](/public/imported_attachments/1/Screen Shot 2018-02-01 at 3.13.07 PM.png)
    ![Screen Shot 2018-02-01 at 3.13.07 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-02-01 at 3.13.07 PM.png_thumb)



  • Hi,

    Thank you for the /32 - that seems to have solved it.

    Two questions:

    1.  The flowroute instructions show the Nat Address as a *, mine says Wan Address (does that matter)?
    2.  Just to confirm the outbound mapping rule, has a grayed out X  & the text is grayed out - beyond applying changes is there anything I need to do to make it work?  It seems not to be working but I dont see where to 'enable' the rule, just disable the rule in the settings?

    Thanks,
    Rich



  • Netgate

    A grayed out rule is disabled and thus not actually present in the active rule set. Edit and enable it. But if it is working you likely do not need it. ;)

    I would recommend WAN Address over * (any) as a port forward destination. There is no reason not to be specific there.



  • @Derelict:

    A grayed out rule is disabled and thus not actually present in the active rule set. Edit and enable it. But if it is working you likely do not need it. ;)

    I would recommend WAN Address over * (any) as a port forward destination. There is no reason not to be specific there.

    Thank you for replying.  I admit - I am really confused.

    In the attached - would you say this is enabled or disabled?  It looks disabled but when I edit the rule, then check it as disabled, save - it has no change.  When I edit the rule, uncheck it, then save, it still looks the same.

    Is there something i am missing to enable the rule?

    Thanks,
    Rich



  • Netgate

    Disabled.



  • Your outbound NAT mode has to be set at hybrid or manual, if it's on auto your rules will always be disabled.