Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VoIP SIP phone line keeps stopping behind pfsense

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Syrio Forel
      last edited by

      I have connected a pfSense firewall to the Internet and an Optus Sagemcom F@ST 3864AC Router to LAN of the pfSense firewall. I have forwarded ports SIP 5060 and RTP 40000 to 60000 to the Optus Sagemcom with static DHCP lease.

      The phone line keeps going to sleep. I try to make a call it fails then try again and it wakes up and works then a few minutes later goes back to sleep. Also Incoming calls stop working when it goes to sleep.

      I also don't get a ping response from the Sagemcom Router WAN.

      I tried following these guides and now outgoing calls work but still not working for incoming calls.

      https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to

      https://doc.pfsense.org/index.php/VoIP_Configuration

      Thanks.

      1 Reply Last reply Reply Quote 0
      • M
        michael_samer
        last edited by

        Hello Syrio
        I have STUN, SIP and RTP forwarded in my personal VOIP at home with sipgate and it works like a charm since 6 month. FW is a SG2220 and a AVM Fritz!Box 7290.
        Maybe your one is using a proxy or tunneling as well? Afair I was told that RTP do not need to be forwarded because your VOIP system is doing the outcall so no extra forwarding needed; I did it anyway and even have a incoming IP limit on the rule.
        Cheers
        Michael

        P.S.: Why not switch on individual log for the fw rules (and the block rule….) and watch what happens there.

        1 Reply Last reply Reply Quote 0
        • chpalmerC
          chpalmer
          last edited by

          Remember that VOIP was never originally intended to be behind NAT. Not until it began being used in residential type environments.  NAT was an afterthought and was band-aided  to the SIP standard later..

          That said many different methods are used by providers today. Vonage was sued for patent infringement and still pays to this day. Other VOIP providers have that worry as well so they don't all do things alike. This can make configuring an experiment at times for the user.

          But-  You should never have to port forward anything to your ATA.  NAT information is already in the SIP header. When we set up VOIP for ourselves and customers we simply build firewall rules on the WAN to allow the SIP server and RTP streams access to the ATA devices.  Rarely have we ever done static port but it doesn't hurt.

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • S
            Syrio Forel
            last edited by

            Gargoyle worked fine with this. It is just pfSense doing something and I am finding it a confusing layout and very difficult to find information on what is happening.

            Maybe it is something pfSense does with NAT that is different to other routers I suspect. I really need this to work but don't know how to even see what is going on between the VoIP SIP router and pfSense.

            1 Reply Last reply Reply Quote 0
            • chpalmerC
              chpalmer
              last edited by

              Pfsense is a stateful firewall and will block what it sees as unsolicited traffic.  I have many installs all over the place with VOIPO ATA's behind them working just fine.

              Like I mentioned..  Build firewall rules on your WAN to your ATA from your SIP server(s).

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              1 Reply Last reply Reply Quote 0
              • MikeV7896M
                MikeV7896
                last edited by

                I'll second chpalmer. I have WAN firewall rules for the SIP and RTP ports my two phones (one Panasonic, one Polycom) use when the connection is originating from my VoIP provider's IP address ranges, and I've never had any issues.

                I'm fortunate that my provider has a support article detailing the address ranges they use, so I was able to set them up. I'm also fortunate that the two phones don't have overlapping default RTP port ranges… though I could probably adjust them anyway. I did have to change the SIP port for one of them though. :)

                The S in IOT stands for Security

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.