Allow Voip from WAN side

chpalmer

From their page..

Avoid using NAT where possible.

Why? see my first post.

Grandstream phones and ATAs tend to default to using 5004 as the RTP port, so you need to allow ports 5004-5005 through the firewall.

I use 5004-5059 here but it is overkill..

Do you manually configure your phone or is it provided by them?

chpalmer

https://support.aa.net.uk/VoIP_NAT

I might suggest another provider with less phobias with NAT.

Have you tried static port?

shu48

@chpalmer The big media providers here are awful. I've deliberately gone with a proper old fashioned ISP. They don't even offer customer service as part of the contract. It's all a bit bit tongue in cheek but the reality is that their customer service is absolutely the best, so long as it's their fault or BT's. BT are dreadful. They are legally responsible for all the lines and exchanges that the newer corporations don't find profitable enough. Chasing them up is like herding cats. I like that AASIP won't fob me off, will hold BT to account, and fight my corner politically. They are very much against any kind of invasion of privacy etc etc. Their control pages let me see if there is a problem and let me tinker with line settings etc if need be. It was being with them that meant I was able to keep my ADSL running when my neighbours complained theirs wasn't working at all. The deal is that I don't ring them up to complain about my WiFi signal, and they don't fob me off if there's an actual problem. The problem I have is it was all working fine on the ASUS with no port forwarding or anything.

The Gigaset came from the ISP shop. I looked around and the price was the same as buying from the cheapest alternative, and as you might have gathered, I'm something of a fan. The Grandstream I bought elsewhere. I can access the setup for both. They're running stock firmware. I've checked and the Gigaset is set to: SIP = 5060-5076 RTP = 5004 - 5020
The Grandstream is set to: SIP = 5060 RTP = 5004.

Getting my free copy of Media Ring Talk on a magazine in the late 90's (and Buddy Phone), I didn't imagine it would replace my copper landline. The call quality is actually far superior these days.

shu48

@chpalmer No I'm not using ipv6. My ISP would like me to as they made the move several years ago. The truth is that I haven't been able to get my head around it. This dyslexic can cope with numbers but nothing too complicated.

shu48

Sorry about all the messages, different time zone. Ive' changed my SIP rile to 5060-5076 and my RTP rule to 5004-5020. While I was at it, I changed UDP to UDP/TCP. After that I get an engaged tone when I ring it. I then took the alias with all the IPs out. After restarting, it allowed me to ring it. When it let me ring it a second time, I once again thought I'd done it. After waiting 5 minutes though, it was back to just giving me an engaged tone again. Although an engaged tone is a slight improvement on nothing. Temporarily, I may set both accounts up on the Gigaset. I do need it to be a seperate phone but it would mean I'm able to answer calls until I get to the bottom of this. Once it's working, both phones will ring and then I can delete the account from the Gigaset.

shu48

Everything worked perfectly on the Gigaset. The Grandstream has many more settings. I was determined to compare and find a different setting. Obviously, I can't compare a setting on the Grandstream to nothing on the Gigaset. I needn't have worried. There it was, plain as day, staring right at me. Keep alive = off. Then it worked. I disabled the firewall rules and it still works. It works with NAT keep alive on and SIP keep alive off, but I've left both on. What's strange is that I hadn't changed any settings. Pfsense must be doing a better job because everything was obviously working fine with the Asus, even without keep alive on. It would seem that either I made a hash of creating my rules or my ISP requires keep alive to be on regardless.

A huge thank you for all your help.

Next challenge will be either putting voip on a vlan or different physical interface. Either option is possible. My switch supports vlans and I have a spare ethernet port on my pfsense. It would be physically neater to have everything on my Ubiquity switch. But I can see why it might be better to put my old 100mbps dumb switch on the spare ethernet port. This is probably a question for another day and a different catagory.

JKnott

@shu48 said in Allow Voip from WAN side:

@chpalmer No I'm not using ipv6. My ISP would like me to as they made the move several years ago. The truth is that I haven't been able to get my head around it. This dyslexic can cope with numbers but nothing too complicated.

There's not much different to worry about. Just use host names, as you would with IPv4.

chpalmer

Im curious if the SIProxd package would not benefit you.. I use it at one location.. (here) and did so due to my provider being new to the market over ten years ago and me needing to get things done.

It makes it look to the provider like your ATA's or devices are on a public address without NAT.

I can work you through it and it is fairly easy if you have access to your client config. Still doable without.

chpalmer

For SIProxd.

Install the package and configure it.

Reconfigure all your WAN rules to point at "WAN Address."

Go to your device settings and point anything that resembles "gateway" (outside of LAN settings.. That should already be the case..) to your pfsense box lan address.

Look at SIProxd for client connections. If they dont connect you need to massage things. Ill be monitoring either way.

shu48

What would be the benefit of siproxd? Would it mean no need for keep alive? Is keep alive a problem?

chpalmer

@chpalmer said in Allow Voip from WAN side:

It makes it look to the provider like your ATA's or devices are on a public address without NAT.