FluentCloud Webphone - No audio in either direction
-
I'm trying to debug an issue with FluentCloud Webphone where you can connect to their server and make a call, but you get no audio at all in either direction.
We use Fluentstream for our VOIP phones and everything works like a charm. Now we're trying to use the Webphone. Firewall logs show no blocks of any kind. A capture in Wireshark shows what looks like a complete conversation between the two ends. Just no audio. Do it from home and everything works fine. I've tried setting Firewall Optimization to Conservative. I've tried setting DNF compatibility. I've tried creating a static outbound NAT rule. Nothing seems to work. I've run out of ideas and things to try.
Any suggestions would be appreciated.
-
What does a packet capture show when you test from home?
Separate RTP audio streams?
It's unusual to see no audio in either direction. Usually if there's some NAT issue the internal phone still sends even if the server cannot open a connection to it.
Steve
-
I don't have a pfSense instance form home to test with. Wireshark doesn't detect any RTP streams, it's all just basic UDP. I have to leave now but I'll be back later tonight.
-
@KOM said in FluentCloud Webphone - No audio in either direction:
Wireshark doesn't detect any RTP streams, it's all just basic UDP.
RTP is UDP ports over a range of ports (1024 to 65535).
-
Wireshark recognizes RTP and shows it in the protocol list, but my trace has nothing other than TCP handshakes and UDP from source to me. Now that I look at it closer, all the UDP traffic is from the source. I'm not replying back with anything. All I'm sending out are the odd STUN & DTLS packets. This might be a Window 10 firewall issue, but I don't know if Wireshark sees the packets before or after they're dropped by the local firewall. This might explain why I'm seeing traffic in, which is then dropped, and no replies from me. But users outside, with firewalls on and AV and everything have no problem, so local firewall can't be it. Very strange.
-
Using port forwarding for any VOIP stuff?
-
No, none required. The phones reach out to the head-end and get their manifests, then do a keep-alive all day long so there is never any unsolicited traffic trying to come in from WAN. Our VoIP phones have worked well from day one. It's this damned WebPhone Chrome app I can't get working. I jut tried it again with Windows firewall totally disabled for all three zones it handles. No difference. When you make a call, you get a blip sound that sounds like the beginning of the normal dial tone before it gets cut off.
-
What are you testing behind at home when it does work? Something with any kind of SIP ALG?
Are you able to test behind a different pfSense install?
-
I don't know. The folks who have it working from home are using a random mix of gear, all Windows 10 clients, with unknown A/V and firewalls.
I just tried it again with another capture, and it's the same deal: lots of two-way comms via TCP, but UDP is from source to me with no return UDP traffic from me to source. My return traffic is mainly STUN and DTLS packets. I made sure that WebRTC is enabled, which it is with Chrome and can't be easily disabled.
I could try a different pfSense install but I'm not confident that would change anything.
-
OK, I stand corrected. A fresh instance works perfectly. Now I guess I have to decide between trying to figure out what's different between the two versus replacing our existing instance with the new one with a restored config.
-
Ah, good test!
If it's not showing as blocked traffic it could be Snort/Suricata or pfBlocker.
Steve
-
I don't run either of those. My packages:
bandwidthd
darkstat
Filer
Lightsquid
Open-VM-Tools
openvpn-client-export
squid
squidguard
Status_Totals_Traffic
zabbix-agent4I don't believe that any of those would cause my problem. I'm not even going through the proxy (perks of being the sysadmin!).
-
Mmm, only Squid might so something but can't if you're not going through it as you say.
-
Like a trip to the Moon on gossamer wings, it was just one of those things....
-
I ended up removing some of my less-needed packages before I took my last backup. What I had left was:
Lightsquid
Open-VM-Tools
openvpn-client-export
squid
squidguard
zabbix-agent4I then spun up a new instance of pfSense and restored my config. It came up and installed my packages. Everything looked good. I tried the WebPhone app. Same problem as before. No audio at all either way. So I trashed that one and spun up a new one and just got the basics working and called it a day. WebPhone works. The old pfSense was an original 2.1.x install that's been upgraded many times so I was looking for an excuse to rebuild it anyway. I know what I'll be doing next week.
-
Urgh. I hate when that sort of solution works!
At least it does work though.
Steve