pfsense and asterisk - state table

  • Hi All,

    So first off, sorry to post another pbx question on here. I know there are a lot but for this case it seems to be older instances

    So i've just started playing around with a pbx, i'm using a sip trunk provider to route my calls and i have pfsense all working with remote and local extensions, no call drops or anything else, so far so good
    But i've noticed that every so often the sip trunk fails to re-register itself and i get errors like this

    [2018-08-18 07:49:31] NOTICE[2591] chan_sip.c: -- Registration for '*****@st.*****' timed out, trying again (Attempt #5577)

    Now this can start after a day, after a week or longer, it almost seems random. For anyone interested, below is my trunk settings


    I know my trunk provider requests a keep alive or re-register at least once per 60 seconds or they close the connection so as you can see above, i have a 30 second keep alive and the qualify allows 15 seconds for a reply for the provider so this works fine
    When the above errors start i can see it is trying to re-register but fails. When i go into my state table in pfsense and search for 5060 i can see active state open from my pbx to the trunk provider and from them to me.

    The second i kill these states the pbx is able to connect back up with no issues at all so it looks like i may be losing internet for longer than the 60 seconds at random times causing the trunk provider to shut off the connection but the state is staying alive in pfsense preventing a re-connection
    Up until now i've kind of just waited to see how it goes but i'm now missing calls as the phones are offline due to the trunk disconnection. So i'm wondering if anyone can help me figure out a way around this? My IP never changes so the states don't reset on a new ip, and my Firewall Optimization Options are still set to normal, i'm also not using siproxd

    To get this all working i simply added the port forward to the pbx and added an outbound nat rule for udp traffic

    Does anyone have any thoughts on a work around and/or fix?


    Ok so tonight proves the case. I lost internet for roughly an hour - the entire time the pbx was trying to reconnect back to the trunk provider.

    The states stayed due to this for the entire period and when i got internet again the pbx was unable to register. Deleting the states fixed the issue again

    So it certainly does seem like a states issue but i'm unsure how to overcome this?

  • Ok so some more playing around and i've found its down to the following state not expiring

    WAN	udp	***.***.***.***:5160 (***.***.***.***:5160) ->	MULTIPLE:MULTIPLE

    Now in the pbx i have altered the connection retry time up to 70 seconds, this allowed the single:single state to the trunk provider to expire in pfsense but not the multiple:multiple

    Now i'm sure this state is meant to timeout after 60 seconds of inactivity but it doesn't seem to. Perhaps this may help someone know whats going on? As a trial i'm going to bump up the retry time to 120 seconds to see if perhaps for some off reason its still polling a little too soon although its unlikely


    For anyone interested, i've change the protocol on the trunk to TCP which apparently makes the registration process run via tcp so the calls connect via udp but thats all. From the looks of things if i start a call and end it, within a minute the udp states disappears and the tcp stays strong. Not just to wait for another internet outage to see if it works i guess

    Edit 2
    Ok so switching the trunk to tcp seems to have fixed the issue. Whilst it does still create udp connections for calls, these states do terminate correctly in pfsense. It looks like the pbx server was still sending at least a few requests down the udp even when it shouldn't have been

Log in to reply