Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    grandstream pbx connection to gamma sip trunk issues

    NAT
    1
    1
    107
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yani last edited by yani

      We are attempting to replace an ipfire system with pfsense, The existing system has a grandstream pbx connecting to a gamma trung without any issues. when we replace the ipfire with pfsense the then we can't get the sip trunk to work properly - the first indication is that incoming calls only have one way audio - that is fairly common and the standard answer is to follow the documentation here https://docs.netgate.com/pfsense/en/latest/nat/configuring-nat-for-a-voip-pbx.html
      but that doesnt make any difference - after doing a compare of packets on the lan and natted packets on the wan interfaces for both systems we found that the ip packet was being natted on both systems but that the sip headers were being changed in the ipfire but not in the pfsense.

      So for both systems we are being presented with this on the LAN interface:

      Internet Protocol Version 4, Src: 10.46.1.10, Dst: 88.215.55.107
      User Datagram Protocol, Src Port: 5060, Dst Port: 5060
      Source Port: 5060
      Destination Port: 5060
      Length: 1148
      Checksum: 0x3559 [unverified]
      [Checksum Status: Unverified]
      [Stream index: 7]
      [Timestamps]
      Session Initiation Protocol (INVITE)
      Request-Line: INVITE sip:111111610077@88.215.55.107 SIP/2.0
      Method: INVITE
      Request-URI: sip:111111610077@88.215.55.107
      [Resent Packet: False]
      Message Header
      Via: SIP/2.0/UDP 10.46.1.10:5060;rport;branch=z9hG4bKPje7d0a0b9-132f-4c41-b1b4-aa0626734811
      Transport: UDP
      Sent-by Address: 10.46.1.10
      Sent-by port: 5060
      RPort: rport
      Branch: z9hG4bKPje7d0a0b9-132f-4c41-b1b4-aa0626734811
      From: "01614528000" sip:01614528000@111.192.9.102;tag=729edee0-9dad-4700-abba-3a43aafe4fcd
      SIP Display info: "01614528000"
      SIP from address: sip:01614528000@111.192.9.102
      SIP from address User Part: 01614528000
      SIP from address Host Part: 111.192.9.102
      SIP from tag: 729edee0-9dad-4700-abba-3a43aafe4fcd
      To: sip:111111610077@88.215.55.107
      SIP to address: sip:111111610077@88.215.55.107
      SIP to address User Part: 111111610077
      SIP to address Host Part: 88.215.55.107
      Contact: sip:f339e7a7-bb91-4d14-86d7-a9e52e14e642@10.46.1.10:5060
      Contact URI: sip:f339e7a7-bb91-4d14-86d7-a9e52e14e642@10.46.1.10:5060
      Call-ID: b8a26b32-b5fc-455b-9d45-fe6e67ed4130
      [Generated Call-ID: b8a26b32-b5fc-455b-9d45-fe6e67ed4130]
      CSeq: 3546 INVITE
      Allow: OPTIONS, INFO, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER
      Supported: 100rel, timer, replaces, norefersub
      Session-Expires: 1800
      Min-SE: 90
      X-UCM-AudioRecord: *3
      X-Grandstream-Transport: trunk
      Max-Forwards: 70
      User-Agent: Grandstream UCM6510V1.4B 1.0.13.14
      Content-Type: application/sdp
      User Datagram Protocol, Src Port: 5060, Dst Port: 5060
      Source Port: 5060
      Destination Port: 5060
      Length: 1159
      Checksum: 0x5bad [unverified]
      [Checksum Status: Unverified]
      [Stream index: 8]
      [Timestamps]
      Session Initiation Protocol (INVITE)
      Request-Line: INVITE sip:111111610077@88.215.55.107 SIP/2.0
      Method: INVITE
      Request-URI: sip:111111610077@88.215.55.107
      [Resent Packet: False]
      Message Header
      Via: SIP/2.0/UDP 1cd ..111.192.9.102:5060;rport;branch=z9hG4bKPj035fb2b4-28dc-4fc2-ad7c-74c5e6cd3ab1
      Transport: UDP
      Sent-by Address: 111.192.9.102
      Sent-by port: 5060
      RPort: rport
      Branch: z9hG4bKPj035fb2b4-28dc-4fc2-ad7c-74c5e6cd3ab1
      From: "01614528000" sip:01614528000@111.192.9.102;tag=1eb2fdcb-757b-47d1-a549-843ebbbfd6e4
      SIP Display info: "01614528000"
      SIP from address: sip:01614528000@111.192.9.102
      SIP from address User Part: 01614528000
      SIP from address Host Part: 111.192.9.102
      SIP from tag: 1eb2fdcb-757b-47d1-a549-843ebbbfd6e4
      To: sip:111111610077@88.215.55.107
      SIP to address: sip:111111610077@88.215.55.107
      SIP to address User Part: 111111610077
      SIP to address Host Part: 88.215.55.107
      Contact: sip:bf532a64-7f58-4571-aae8-6327078d1b85@111.192.9.102:5060
      Contact URI: sip:bf532a64-7f58-4571-aae8-6327078d1b85@111.192.9.102:5060
      Call-ID: 145a3d93-e9e8-4b62-a7c9-e36f58c8b66b
      [Generated Call-ID: 145a3d93-e9e8-4b62-a7c9-e36f58c8b66b]
      CSeq: 30189 INVITE
      Allow: OPTIONS, INFO, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER
      Supported: 100rel, timer, replaces, norefersub
      Session-Expires: 1800
      Min-SE: 90
      X-UCM-AudioRecord: *3
      X-Grandstream-Transport: trunk
      Max-Forwards: 70
      User-Agent: Grandstream UCM6510V1.4B 1.0.13.14
      Content-Type: application/sdp
      Content-Length: 362
      Message Body
      Session Description Protocol
      Session Description Protocol Version (v): 0
      Owner/Creator, Session Id (o): - 940375837 940375837 IN IP4 111.192.9.102
      Session Name (s): Asterisk
      Connection Information (c): IN IP4 111.192.9.102

      The wan interface for the request on the ipfire looks like this
      This works
      User Datagram Protocol, Src Port: 5060, Dst Port: 5060
      Source Port: 5060
      Destination Port: 5060
      Length: 1159
      Checksum: 0x5bad [unverified]
      [Checksum Status: Unverified]
      [Stream index: 8]
      [Timestamps]
      Session Initiation Protocol (INVITE)
      Request-Line: INVITE sip:111111610077@88.215.55.107 SIP/2.0
      Method: INVITE
      Request-URI: sip:111111610077@88.215.55.107
      [Resent Packet: False]
      Message Header
      Via: SIP/2.0/UDP 1cd ..111.192.9.102:5060;rport;branch=z9hG4bKPj035fb2b4-28dc-4fc2-ad7c-74c5e6cd3ab1
      Transport: UDP
      Sent-by Address: 111.192.9.102
      Sent-by port: 5060
      RPort: rport
      Branch: z9hG4bKPj035fb2b4-28dc-4fc2-ad7c-74c5e6cd3ab1
      From: "01614528000" sip:01614528000@111.192.9.102;tag=1eb2fdcb-757b-47d1-a549-843ebbbfd6e4
      SIP Display info: "01614528000"
      SIP from address: sip:01614528000@111.192.9.102
      SIP from address User Part: 01614528000
      SIP from address Host Part: 111.192.9.102
      SIP from tag: 1eb2fdcb-757b-47d1-a549-843ebbbfd6e4
      To: sip:111111610077@88.215.55.107
      SIP to address: sip:111111610077@88.215.55.107
      SIP to address User Part: 111111610077
      SIP to address Host Part: 88.215.55.107
      Contact: sip:bf532a64-7f58-4571-aae8-6327078d1b85@111.192.9.102:5060
      Contact URI: sip:bf532a64-7f58-4571-aae8-6327078d1b85@111.192.9.102:5060
      Call-ID: 145a3d93-e9e8-4b62-a7c9-e36f58c8b66b
      [Generated Call-ID: 145a3d93-e9e8-4b62-a7c9-e36f58c8b66b]
      CSeq: 30189 INVITE
      Allow: OPTIONS, INFO, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER
      Supported: 100rel, timer, replaces, norefersub
      Session-Expires: 1800
      Min-SE: 90
      X-UCM-AudioRecord: *3
      X-Grandstream-Transport: trunk
      Max-Forwards: 70
      User-Agent: Grandstream UCM6510V1.4B 1.0.13.14
      Content-Type: application/sdp
      Content-Length: 362
      Message Body
      Session Description Protocol
      Session Description Protocol Version (v): 0
      Owner/Creator, Session Id (o): - 940375837 940375837 IN IP4 111.192.9.102
      Session Name (s): Asterisk
      Connection Information (c): IN IP4 111.192.9.102

      but on the pfsense we see the following
      User Datagram Protocol, Src Port: 5060, Dst Port: 5060
      Source Port: 5060
      Destination Port: 5060
      Length: 1149
      Checksum: 0x2e99 [unverified]
      [Checksum Status: Unverified]
      [Stream index: 1]
      [Timestamps]
      Session Initiation Protocol (INVITE)
      Request-Line: INVITE sip:111111610077@88.215.55.107 SIP/2.0
      Method: INVITE
      Request-URI: sip:111111610077@88.215.55.107
      [Resent Packet: False]
      Message Header
      Via: SIP/2.0/UDP 10.46.1.10:5060;rport;branch=z9hG4bKPjfdc76498-d373-4acf-8e96-1f1087ab655a
      Transport: UDP
      Sent-by Address: 10.46.1.10
      Sent-by port: 5060
      RPort: rport
      Branch: z9hG4bKPjfdc76498-d373-4acf-8e96-1f1087ab655a
      From: "01614528000" sip:01614528000@111.192.9.102;tag=d67ca97c-7e0c-48cd-bb1f-e59cf2bb4820
      SIP Display info: "01614528000"
      SIP from address: sip:01614528000@111.192.9.102
      SIP from tag: d67ca97c-7e0c-48cd-bb1f-e59cf2bb4820
      To: sip:111111610077@88.215.55.107
      SIP to address: sip:111111610077@88.215.55.107
      Contact: sip:5babcd42-9d1a-421e-98ee-f04f5978ffbd@10.46.1.10:5060
      Contact URI: sip:5babcd42-9d1a-421e-98ee-f04f5978ffbd@10.46.1.10:5060
      Call-ID: 4635f80b-7e63-42a7-aabe-89bce54c3937
      [Generated Call-ID: 4635f80b-7e63-42a7-aabe-89bce54c3937]
      CSeq: 16454 INVITE
      Allow: OPTIONS, INFO, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER
      Supported: 100rel, timer, replaces, norefersub
      Session-Expires: 1800
      Min-SE: 90
      X-UCM-AudioRecord: *3
      X-Grandstream-Transport: trunk
      Max-Forwards: 70
      User-Agent: Grandstream UCM6510V1.4B 1.0.13.14
      Content-Type: application/sdp
      Content-Length: 358
      Message Body
      Session Description Protocol
      Session Description Protocol Version (v): 0
      Owner/Creator, Session Id (o): - 1274414544 1274414544 IN IP4 10.46.1.10
      Session Name (s): Asterisk
      Connection Information (c): IN IP4 10.46.1.10
      Time Description, active time (t): 0 0
      Media Description, name and address (m): audio 19716 RT

      So the addresses in red above have not been natted whereas on the ipfire they are - how do i configure pfsense to achieve this ? what am i missing !

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy