Voip.ms Configuration question
-
Good day,
I'm struggling to make my setup to work and I've been reading a lot but I think I'm not qualified enough at this point to troubleshoot my issue... (My ata is not registering with voip.ms).I've setup pfsense with 1wan (pppoe-dhcp) / 1lan (10.32.50.1) interfaces.
I have a sip ata configured at 10.32.50.6. (It used to work before I replace my home router with my pfsense appliance.
I have not create any particular firewall rule except the one created by default.
I read [https://www.netgate.com/docs/pfsense/nat/configuring-nat-for-voip-phones.html](link url).I set my firewall optimization to conservative but I don't understand how to "Disable source port rewriting" from the instructions tutorial. Also, if I figure how to "Disable source port rewriting" will that prevent my other sip clients to work (I use GroundWire on IOS and it seams to work even if it take a little bit longer to register than before).
My Ata is a cisco spa-112.
Any help would be very appreciated.
<?xml version="1.0"?> <pfsense> <version>18.8</version> <lastchange></lastchange> <system> <optimization>normal</optimization> <hostname>gateway1</hostname> <domain>maison.lan</domain> <dnsserver>8.8.8.8</dnsserver> <dnsserver>8.8.4.4</dnsserver> <dnsallowoverride>on</dnsallowoverride> <group> <name>all</name> <description><![CDATA[All Users]]></description> <scope>system</scope> <gid>1998</gid> </group> <group> <name>admins</name> <description><![CDATA[System Administrators]]></description> <scope>system</scope> <gid>1999</gid> <member>0</member> <member>2000</member> <priv>page-all</priv> </group> <user> <name>admin</name> <descr><![CDATA[System Administrator]]></descr> <scope>system</scope> <groupname>admins</groupname> <bcrypt-hash>xxx</bcrypt-hash> <uid>0</uid> <priv>user-shell-access</priv> </user> <user> <scope>user</scope> <bcrypt-hash>xxx</bcrypt-hash> <descr></descr> <name>zzz</name> <expires></expires> <dashboardcolumns>2</dashboardcolumns> <authorizedkeys></authorizedkeys> <ipsecpsk></ipsecpsk> <webguicss>pfSense.css</webguicss> <uid>2000</uid> <cert>xxx</cert> </user> <nextuid>2001</nextuid> <nextgid>2000</nextgid> <timeservers>0.pfsense.pool.ntp.org</timeservers> <webgui> <protocol>http</protocol> <loginautocomplete></loginautocomplete> <ssl-certref>xxx</ssl-certref> <althostnames></althostnames> <dashboardcolumns>2</dashboardcolumns> </webgui> <disablenatreflection>yes</disablenatreflection> <disablesegmentationoffloading></disablesegmentationoffloading> <disablelargereceiveoffloading></disablelargereceiveoffloading> <ipv6allow></ipv6allow> <maximumtableentries>400000</maximumtableentries> <powerd_ac_mode>hadp</powerd_ac_mode> <powerd_battery_mode>hadp</powerd_battery_mode> <powerd_normal_mode>hadp</powerd_normal_mode> <bogons> <interval>monthly</interval> </bogons> <already_run_config_upgrade></already_run_config_upgrade> <timezone>Etc/GMT-5</timezone> </system> <interfaces> <wan> <enable></enable> <if>pppoe0</if> <mtu>1492</mtu> <ipaddr>pppoe</ipaddr> <ipaddrv6>dhcp6</ipaddrv6> <gateway></gateway> <media></media> <mediaopt></mediaopt> <dhcp6-duid></dhcp6-duid> <dhcp6-ia-pd-len>0</dhcp6-ia-pd-len> </wan> <lan> <enable></enable> <if>vmx0</if> <descr><![CDATA[LAN]]></descr> <ipaddr>10.32.50.1</ipaddr> <subnet>24</subnet> <spoofmac></spoofmac> </lan> </interfaces> <staticroutes></staticroutes> <dhcpd> <lan> <range> <from>10.32.50.100</from> <to>10.32.50.200</to> </range> <enable></enable> <failover_peerip></failover_peerip> <dhcpleaseinlocaltime></dhcpleaseinlocaltime> <defaultleasetime></defaultleasetime> <maxleasetime></maxleasetime> <netmask></netmask> <dnsserver>10.32.50.1</dnsserver> <dnsserver>1.1.1.1</dnsserver> <dnsserver>1.0.0.1</dnsserver> <gateway></gateway> <domain>maison.lan</domain> <domainsearchlist></domainsearchlist> <ignorebootp></ignorebootp> <nonak></nonak> <ddnsdomain></ddnsdomain> <ddnsdomainprimary></ddnsdomainprimary> <ddnsdomainkeyname></ddnsdomainkeyname> <ddnsdomainkeyalgorithm>hmac-md5</ddnsdomainkeyalgorithm> <ddnsdomainkey></ddnsdomainkey> <mac_allow></mac_allow> <mac_deny></mac_deny> <ddnsclientupdates>allow</ddnsclientupdates> <tftp></tftp> <ldap></ldap> <nextserver></nextserver> <filename></filename> <filename32></filename32> <filename64></filename64> <rootpath></rootpath> <numberoptions></numberoptions> </lan> </dhcpd> <dhcpdv6> <lan> <range> <from>::1000</from> <to>::2000</to> </range> <ramode>assist</ramode> <rapriority>medium</rapriority> </lan> </dhcpdv6> <snmpd> <syslocation></syslocation> <syscontact></syscontact> <rocommunity>public</rocommunity> </snmpd> <diag> <ipv6nat> <ipaddr></ipaddr> </ipv6nat> </diag> <syslog> <filterdescriptions>1</filterdescriptions> </syslog> <nat> <outbound> <mode>automatic</mode> </outbound> </nat> <filter> <rule> <id></id> <tracker>1542335161</tracker> <type>pass</type> <interface>wan</interface> <ipprotocol>inet</ipprotocol> <tag></tag> <tagged></tagged> <max></max> <max-src-nodes></max-src-nodes> <max-src-conn></max-src-conn> <max-src-states></max-src-states> <statetimeout></statetimeout> <statetype><![CDATA[keep state]]></statetype> <os></os> <protocol>udp</protocol> <source> <any></any> </source> <destination> <network>wanip</network> <port>1194</port> </destination> <descr><![CDATA[OpenVPN wizard]]></descr> <created> <time>1542335161</time> <username>OpenVPN Wizard</username> </created> <updated> <time>1542336265</time> <username>admin@10.32.50.157 (Local Database)</username> </updated> </rule> <rule> <id></id> <tracker>1542331592</tracker> <type>block</type> <interface>lan</interface> <ipprotocol>inet</ipprotocol> <tag></tag> <tagged></tagged> <max></max> <max-src-nodes></max-src-nodes> <max-src-conn></max-src-conn> <max-src-states></max-src-states> <statetimeout></statetimeout> <statetype><![CDATA[keep state]]></statetype> <os></os> <protocol>tcp/udp</protocol> <source> <address>Serveurs</address> </source> <destination> <any></any> </destination> <descr></descr> <created> <time>1542331592</time> <username>admin@10.32.50.157 (Local Database)</username> </created> <updated> <time>1542333685</time> <username>admin@10.32.50.157 (Local Database)</username> </updated> </rule> <rule> <id></id> <tracker>1542331575</tracker> <type>block</type> <interface>lan</interface> <ipprotocol>inet</ipprotocol> <tag></tag> <tagged></tagged> <max></max> <max-src-nodes></max-src-nodes> <max-src-conn></max-src-conn> <max-src-states></max-src-states> <statetimeout></statetimeout> <statetype><![CDATA[keep state]]></statetype> <os></os> <protocol>tcp/udp</protocol> <source> <address>Cameras</address> </source> <destination> <any></any> </destination> <descr></descr> <created> <time>1542331575</time> <username>admin@10.32.50.157 (Local Database)</username> </created> <updated> <time>1542333697</time> <username>admin@10.32.50.157 (Local Database)</username> </updated> </rule> <rule> <id></id> <tracker>1542331535</tracker> <type>block</type> <interface>lan</interface> <ipprotocol>inet</ipprotocol> <tag></tag> <tagged></tagged> <max></max> <max-src-nodes></max-src-nodes> <max-src-conn></max-src-conn> <max-src-states></max-src-states> <statetimeout></statetimeout> <statetype><![CDATA[keep state]]></statetype> <os></os> <protocol>tcp/udp</protocol> <source> <address>IoT</address> </source> <destination> <any></any> </destination> <descr></descr> <created> <time>1542331535</time> <username>admin@10.32.50.157 (Local Database)</username> </created> <updated> <time>1542333705</time> <username>admin@10.32.50.157 (Local Database)</username> </updated> </rule> <rule> <type>pass</type> <ipprotocol>inet</ipprotocol> <descr><![CDATA[Default allow LAN to any rule]]></descr> <interface>lan</interface> <tracker>0100000101</tracker> <source> <network>lan</network> </source> <destination> <any></any> </destination> </rule> <rule> <type>pass</type> <ipprotocol>inet6</ipprotocol> <descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr> <interface>lan</interface> <tracker>0100000102</tracker> <source> <network>lan</network> </source> <destination> <any></any> </destination> </rule> <rule> <descr><![CDATA[OpenVPN wizard]]></descr> <source> <any></any> </source> <destination> <any></any> </destination> <interface>openvpn</interface> <type>pass</type> <enabled>on</enabled> <tracker>1542335162</tracker> <created> <time>1542335161</time> <username>OpenVPN Wizard</username> </created> </rule> <separator> <lan></lan> </separator> </filter> <shaper></shaper> <ipsec></ipsec> <aliases> <alias> <name>zzz</name> <type>host</type> <address>zzz</address> <descr><![CDATA[IP Cameras]]></descr> <detail><![CDATA[zzz]></detail> </alias> <alias> <name>IoT</name> <type>host</type> <address>zzz</address> <descr></descr> <detail><![CDATA[zzz]]></detail> </alias> <alias> <name>Serveurs</name> <type>host</type> <address>zzz</address> <descr></descr> <detail><![CDATA[zzz]]></detail> </alias> </aliases> <proxyarp></proxyarp> <cron> <item> <minute>1,31</minute> <hour>0-5</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 adjkerntz -a</command> </item> <item> <minute>1</minute> <hour>3</hour> <mday>1</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command> </item> <item> <minute>*/60</minute> <hour>*</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshguard</command> </item> <item> <minute>*/60</minute> <hour>*</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout</command> </item> <item> <minute>1</minute> <hour>1</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command> </item> <item> <minute>*/60</minute> <hour>*</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command> </item> <item> <minute>30</minute> <hour>12</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /etc/rc.update_urltables</command> </item> <item> <minute>1</minute> <hour>0</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 /etc/rc.update_pkg_metadata</command> </item> </cron> <wol></wol> <rrd> <enable></enable> <category>left=system-processor&right=&resolution=300&timePeriod=-1d&startDate=&endDate=&startTime=0&endTime=0&graphtype=line&invert=true&refresh-interval=0</category> </rrd> <load_balancer> <monitor_type> <name>ICMP</name> <type>icmp</type> <descr><![CDATA[ICMP]]></descr> <options></options> </monitor_type> <monitor_type> <name>TCP</name> <type>tcp</type> <descr><![CDATA[Generic TCP]]></descr> <options></options> </monitor_type> <monitor_type> <name>HTTP</name> <type>http</type> <descr><![CDATA[Generic HTTP]]></descr> <options> <path>/</path> <host></host> <code>200</code> </options> </monitor_type> <monitor_type> <name>HTTPS</name> <type>https</type> <descr><![CDATA[Generic HTTPS]]></descr> <options> <path>/</path> <host></host> <code>200</code> </options> </monitor_type> <monitor_type> <name>SMTP</name> <type>send</type> <descr><![CDATA[Generic SMTP]]></descr> <options> <send></send> <expect>220 *</expect> </options> </monitor_type> </load_balancer> <widgets> <sequence>system_information:col1:open:0,interfaces:col2:open:0</sequence> <period>10</period> </widgets> <openvpn> <openvpn-server> <vpnid>1</vpnid> <mode>server_tls_user</mode> <authmode>Local Database</authmode> <protocol>UDP4</protocol> <dev_mode>tun</dev_mode> <interface>wan</interface> <ipaddr></ipaddr> <local_port>1195</local_port> <description></description> <custom_options></custom_options> <tls>zzz</tls> <tls_type>auth</tls_type> <caref>zzz</caref> <crlref></crlref> <certref>zzz</certref> <dh_length>2048</dh_length> <ecdh_curve>none</ecdh_curve> <cert_depth>1</cert_depth> <strictusercn></strictusercn> <crypto>AES-128-CBC</crypto> <digest>SHA256</digest> <engine>none</engine> <tunnel_network>10.8.0.0/24</tunnel_network> <tunnel_networkv6></tunnel_networkv6> <remote_network></remote_network> <remote_networkv6></remote_networkv6> <gwredir></gwredir> <gwredir6></gwredir6> <local_network>10.32.50.0/24</local_network> <local_networkv6></local_networkv6> <maxclients>4</maxclients> <compression></compression> <compression_push></compression_push> <passtos></passtos> <client2client></client2client> <dynamic_ip>yes</dynamic_ip> <topology>subnet</topology> <serverbridge_dhcp></serverbridge_dhcp> <serverbridge_interface>none</serverbridge_interface> <serverbridge_routegateway></serverbridge_routegateway> <serverbridge_dhcp_start></serverbridge_dhcp_start> <serverbridge_dhcp_end></serverbridge_dhcp_end> <dns_domain>maison.lan</dns_domain> <dns_server1>10.32.50.1</dns_server1> <dns_server2>1.1.1.1</dns_server2> <dns_server3>1.0.0.1</dns_server3> <dns_server4></dns_server4> <sndrcvbuf></sndrcvbuf> <ntp_server1>10.32.50.1</ntp_server1> <ntp_server2></ntp_server2> <netbios_enable>yes</netbios_enable> <netbios_ntype>0</netbios_ntype> <netbios_scope></netbios_scope> <create_gw>both</create_gw> <verbosity_level>1</verbosity_level> <nbdd_server1></nbdd_server1> <ncp-ciphers>AES-128-GCM</ncp-ciphers> <ncp_enable>enabled</ncp_enable> </openvpn-server> </openvpn> <dnshaper></dnshaper> <unbound> <enable></enable> <dnssec></dnssec> <active_interface></active_interface> <outgoing_interface></outgoing_interface> <custom_options></custom_options> <hideidentity></hideidentity> <hideversion></hideversion> <dnssecstripped></dnssecstripped> </unbound> <revision> <time>1542336444</time> <description><![CDATA[admin@10.32.50.157 (Local Database): Widget configuration has been changed.]]></description> <username>admin@10.32.50.157 (Local Database)</username> </revision> <cert> <refid>zzz</refid> <descr><![CDATA[webConfigurator default (zzz)]]></descr> <type>server</type> <crt>zzz</crt> <prv>zzz</prv> </cert> <cert> <refid>zzz</refid> <descr><![CDATA[CN1]]></descr> <type>server</type> <caref>zzz</caref> <crt>zzz</crt> <prv>zzz</prv> </cert> <cert> <refid>zzz</refid> <descr><![CDATA[zzz]]></descr> <type>user</type> <caref>5bee2ab9547ae</caref> <crt>zzz</crt> <prv>zzz</prv> </cert> <ppps> <ppp> <ptpid>0</ptpid> <type>pppoe</type> <if>pppoe0</if> <ports>vmx1</ports> <username>zzz</username> <password>zzz</password> </ppp> </ppps> <installedpackages> <package> <name>Open-VM-Tools</name> <descr><![CDATA[VMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine.]]></descr> <website>http://open-vm-tools.sourceforge.net/</website> <version>10.1.0,1</version> <pkginfolink>https://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> <configurationfile>open-vm-tools.xml</configurationfile> <include_file>/usr/local/pkg/open-vm-tools.inc</include_file> </package> <package> <name>iperf</name> <website>http://www.freshports.org/benchmarks/iperf/</website> <descr><![CDATA[Iperf is a tool for testing network throughput, loss, and jitter.]]></descr> <version>2.0.5.5_3</version> <pkginfolink>https://doc.pfsense.org/index.php/Iperf_package</pkginfolink> <configurationfile>iperf.xml</configurationfile> <tabs> <tab> <text><![CDATA[Client]]></text> <url>/pkg_edit.php?xml=iperf.xml</url> <active></active> </tab> <tab> <text><![CDATA[Server]]></text> <url>/pkg_edit.php?xml=iperfserver.xml</url> </tab> </tabs> </package> <package> <name>OpenVPN Client Export Utility</name> <internal_name>openvpn-client-export</internal_name> <descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr> <version>1.4.18</version> <configurationfile>openvpn-client-export.xml</configurationfile> <tabs> <tab> <name>Client Export</name> <tabgroup>OpenVPN</tabgroup> <url>/vpn_openvpn_export.php</url> </tab> <tab> <name>Shared Key Export</name> <tabgroup>OpenVPN</tabgroup> <url>/vpn_openvpn_export_shared.php</url> </tab> </tabs> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> </package> <service> <name>vmware-guestd</name> <rcfile>vmware-guestd.sh</rcfile> <custom_php_service_status_command>mwexec("/usr/local/etc/rc.d/vmware-guestd status") == 0;</custom_php_service_status_command> <description><![CDATA[VMware Guest Daemon]]></description> </service> <service> <name>vmware-kmod</name> <rcfile>vmware-kmod.sh</rcfile> <custom_php_service_status_command>mwexec("/usr/local/etc/rc.d/vmware-kmod status") == 0;</custom_php_service_status_command> <description><![CDATA[VMware Kernel Modules]]></description> </service> <service> <name>iperf</name> <executable>iperf</executable> <description><![CDATA[iperf Network Performance Testing Daemon/Client]]></description> <stopcmd>mwexec("/usr/bin/killall iperf");</stopcmd> </service> <menu> <name>iperf Client</name> <tooltiptext>Run iperf in client mode.</tooltiptext> <section>Diagnostics</section> <url>/pkg_edit.php?xml=iperf.xml</url> </menu> <menu> <name>iperf Server</name> <tooltiptext>Run iperf in server mode.</tooltiptext> <section>Diagnostics</section> <url>/pkg_edit.php?xml=iperfserver.xml</url> </menu> <vpn_openvpn_export> <serverconfig> <item> <pass></pass> <proxypass></proxypass> <server>1</server> <useaddr>other</useaddr> <useaddr_hostname>zzz</useaddr_hostname> <verifyservercn>auto</verifyservercn> <blockoutsidedns></blockoutsidedns> <legacy></legacy> <randomlocalport></randomlocalport> <usepkcs11></usepkcs11> <pkcs11providers></pkcs11providers> <usetoken></usetoken> <usepass></usepass> <useproxy></useproxy> <useproxytype>http</useproxytype> <proxyaddr></proxyaddr> <proxyport></proxyport> <useproxypass>none</useproxypass> <proxyuser></proxyuser> <advancedoptions></advancedoptions> </item> </serverconfig> <defaultsettings> <pass></pass> <proxypass></proxypass> <server>1</server> <useaddr>other</useaddr> <useaddr_hostname></useaddr_hostname> <verifyservercn>auto</verifyservercn> <blockoutsidedns></blockoutsidedns> <legacy></legacy> <randomlocalport></randomlocalport> <usepkcs11></usepkcs11> <pkcs11providers></pkcs11providers> <usetoken></usetoken> <usepass></usepass> <useproxy></useproxy> <useproxytype>http</useproxytype> <proxyaddr></proxyaddr> <proxyport></proxyport> <useproxypass>none</useproxypass> <proxyuser></proxyuser> <advancedoptions></advancedoptions> </defaultsettings> </vpn_openvpn_export> </installedpackages> <gateways></gateways> <ovpnserver> <step1> <type>local</type> </step1> <step6> <authcertca>zzz</authcertca> <uselist>on</uselist> <certca><![CDATA[Certificate1]]></certca> <keylength>2048</keylength> <lifetime>3650</lifetime> <country>CA</country> <state><![CDATA[QC]]></state> <city><![CDATA[GAT]]></city> <organization><![CDATA[maison.lan]]></organization> </step6> <step9> <certname><![CDATA[CN1]]></certname> <keylength>2048</keylength> <lifetime>3650</lifetime> <country>CA</country> <state><![CDATA[QC]]></state> <city><![CDATA[GAT]]></city> <organization><![CDATA[maison.lan]]></organization> <uselist>on</uselist> </step9> <step10> <interface>wan</interface> <protocol>UDP4</protocol> <localport>1194</localport> <tlsauth>on</tlsauth> <gentlskey>on</gentlskey> <dhkey>2048</dhkey> <crypto>AES-128-CBC</crypto> <digest>SHA256</digest> <engine>none</engine> <tunnelnet>10.8.0.0/24</tunnelnet> <localnet>10.32.50.0/24</localnet> <concurrentcon>4</concurrentcon> <dynip>on</dynip> <topology>subnet</topology> <defaultdomain>maison.lan</defaultdomain> <dns1>10.32.50.1</dns1> <dns2>1.1.1.1</dns2> <dns3>1.0.0.1</dns3> <ntp1>10.32.50.1</ntp1> <nbtenable>on</nbtenable> <nbttype>0</nbttype> </step10> <step11> <ovpnrule>on</ovpnrule> <ovpnallow>on</ovpnallow> </step11> </ovpnserver> <ca> <refid>5bee2ab9547ae</refid> <descr><![CDATA[Certificate1]]></descr> <crt>zzz</crt> <prv>zzz</prv> <serial>2</serial> </ca> <dyndnses> <dyndns> <type>zzz</type> <username>zzz</username> <password>zzz</password> <host>zzz</host> <domainname></domainname> <mx></mx> <enable></enable> <interface>wan</interface> <zoneid></zoneid> <ttl></ttl> <updateurl></updateurl> <resultmatch></resultmatch> <requestif>wan</requestif> <descr></descr> <id>0</id> </dyndns> </dyndnses> </pfsense>
-
Can't anyone help me ?
I tried pretty much everything I could imagine..
I've tried also with siproxd without success either.
As soon as I remove my pfsense appliance and return to my previous router voip is working.
I can see that sip is working (registration is ok in the Ata and it show inbound and outbound sip traffic) but for rtp, only outbound and 0 inbound traffic....