Issue with ClearSIP



  • Hello all. We have a pfsense 2.4.1 device installed and internet access is functional. We have 3 Panasonic SIP phones behind the firewall using ClearSIP as the provider. We have followed the steps in the support site, setting ports to static, changing connections to conservative, installing siproxy. But we are unable to get the phones to connect.

    If anyone could make some suggestions or perhaps may have used ClearSIP, any help would be greatly appreciated.

    Thank you.



  • I generally tell people to put everything back to default (no port forwards/ no static ports..)

    Instead make inbound firewall rules from the SIP server to the phones behind the firewall.  You will also want firewall rules that allow the RTP streams from whichever server(s) provide those streams inbound..

    Also- if your phones are going out for a provisioning files then make sure you have /system_advanced_firewall.php  TFTP proxy set for your phone interface.
    I can provide some screenshots of some of my sites here if you need..



  • Screenshots would be GREAT! I really appreciate it.



  • Does anyone else have any input on this issue? I appreciate it.



  • But we are unable to get the phones to connect

    No single word about possible pfSense misbehavior.



  • @chpalmer:

    I generally tell people to put everything back to default (no port forwards/ no static ports..)

    Instead make inbound firewall rules from the SIP server to the phones behind the firewall.  You will also want firewall rules that allow the RTP streams from whichever server(s) provide those streams inbound..

    Also- if your phones are going out for a provisioning files then make sure you have /system_advanced_firewall.php  TFTP proxy set for your phone interface.
    I can provide some screenshots of some of my sites here if you need..

    Would you happen to have those screenshots available? I appreciate it.



  • So, generally speaking, if a VoIP provider follows standards, then pfsense should just work out of the box without a lot of configurations?

    I found several sites online that suggest lots of different configs but it seems most shouldn't be necessary now?

    I appreciate all the suggestions and help on this.



  • Remove all the rules you added specifically for your phone(s), remove Siproxd then speak to your SIP provider.
    pfSense is out of discussion yet.



  • @chpalmer:

    I generally tell people to put everything back to default (no port forwards/ no static ports..)

    Instead make inbound firewall rules from the SIP server to the phones behind the firewall.  You will also want firewall rules that allow the RTP streams from whichever server(s) provide those streams inbound..

    Also- if your phones are going out for a provisioning files then make sure you have /system_advanced_firewall.php  TFTP proxy set for your phone interface.
    I can provide some screenshots of some of my sites here if you need..

    I doun't understand how I can have inbound rules to more than one phone. For example if the port is 5060, I can only forward that to one IP address right? I know I'm missing what you're saying here. Can you explain a bit further. I appreciate it.