grandstream pbx connection to gamma sip trunk issues



  • We are attempting to replace an ipfire system with pfsense, The existing system has a grandstream pbx connecting to a gamma trung without any issues. when we replace the ipfire with pfsense the then we can't get the sip trunk to work properly - the first indication is that incoming calls only have one way audio - that is fairly common and the standard answer is to follow the documentation here https://docs.netgate.com/pfsense/en/latest/nat/configuring-nat-for-a-voip-pbx.html
    but that doesnt make any difference - after doing a compare of packets on the lan and natted packets on the wan interfaces for both systems we found that the ip packet was being natted on both systems but that the sip headers were being changed in the ipfire but not in the pfsense.

    So for both systems we are being presented with this on the LAN interface:

    Internet Protocol Version 4, Src: 10.46.1.10, Dst: 88.215.55.107
    User Datagram Protocol, Src Port: 5060, Dst Port: 5060
    Source Port: 5060
    Destination Port: 5060
    Length: 1148
    Checksum: 0x3559 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 7]
    [Timestamps]
    Session Initiation Protocol (INVITE)
    Request-Line: INVITE sip:111111610077@88.215.55.107 SIP/2.0
    Method: INVITE
    Request-URI: sip:111111610077@88.215.55.107
    [Resent Packet: False]
    Message Header
    Via: SIP/2.0/UDP 10.46.1.10:5060;rport;branch=z9hG4bKPje7d0a0b9-132f-4c41-b1b4-aa0626734811
    Transport: UDP
    Sent-by Address: 10.46.1.10
    Sent-by port: 5060
    RPort: rport
    Branch: z9hG4bKPje7d0a0b9-132f-4c41-b1b4-aa0626734811
    From: "01614528000" sip:01614528000@111.192.9.102;tag=729edee0-9dad-4700-abba-3a43aafe4fcd
    SIP Display info: "01614528000"
    SIP from address: sip:01614528000@111.192.9.102
    SIP from address User Part: 01614528000
    SIP from address Host Part: 111.192.9.102
    SIP from tag: 729edee0-9dad-4700-abba-3a43aafe4fcd
    To: sip:111111610077@88.215.55.107
    SIP to address: sip:111111610077@88.215.55.107
    SIP to address User Part: 111111610077
    SIP to address Host Part: 88.215.55.107
    Contact: sip:f339e7a7-bb91-4d14-86d7-a9e52e14e642@10.46.1.10:5060
    Contact URI: sip:f339e7a7-bb91-4d14-86d7-a9e52e14e642@10.46.1.10:5060
    Call-ID: b8a26b32-b5fc-455b-9d45-fe6e67ed4130
    [Generated Call-ID: b8a26b32-b5fc-455b-9d45-fe6e67ed4130]
    CSeq: 3546 INVITE
    Allow: OPTIONS, INFO, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER
    Supported: 100rel, timer, replaces, norefersub
    Session-Expires: 1800
    Min-SE: 90
    X-UCM-AudioRecord: *3
    X-Grandstream-Transport: trunk
    Max-Forwards: 70
    User-Agent: Grandstream UCM6510V1.4B 1.0.13.14
    Content-Type: application/sdp
    User Datagram Protocol, Src Port: 5060, Dst Port: 5060
    Source Port: 5060
    Destination Port: 5060
    Length: 1159
    Checksum: 0x5bad [unverified]
    [Checksum Status: Unverified]
    [Stream index: 8]
    [Timestamps]
    Session Initiation Protocol (INVITE)
    Request-Line: INVITE sip:111111610077@88.215.55.107 SIP/2.0
    Method: INVITE
    Request-URI: sip:111111610077@88.215.55.107
    [Resent Packet: False]
    Message Header
    Via: SIP/2.0/UDP 1cd ..111.192.9.102:5060;rport;branch=z9hG4bKPj035fb2b4-28dc-4fc2-ad7c-74c5e6cd3ab1
    Transport: UDP
    Sent-by Address: 111.192.9.102
    Sent-by port: 5060
    RPort: rport
    Branch: z9hG4bKPj035fb2b4-28dc-4fc2-ad7c-74c5e6cd3ab1
    From: "01614528000" sip:01614528000@111.192.9.102;tag=1eb2fdcb-757b-47d1-a549-843ebbbfd6e4
    SIP Display info: "01614528000"
    SIP from address: sip:01614528000@111.192.9.102
    SIP from address User Part: 01614528000
    SIP from address Host Part: 111.192.9.102
    SIP from tag: 1eb2fdcb-757b-47d1-a549-843ebbbfd6e4
    To: sip:111111610077@88.215.55.107
    SIP to address: sip:111111610077@88.215.55.107
    SIP to address User Part: 111111610077
    SIP to address Host Part: 88.215.55.107
    Contact: sip:bf532a64-7f58-4571-aae8-6327078d1b85@111.192.9.102:5060
    Contact URI: sip:bf532a64-7f58-4571-aae8-6327078d1b85@111.192.9.102:5060
    Call-ID: 145a3d93-e9e8-4b62-a7c9-e36f58c8b66b
    [Generated Call-ID: 145a3d93-e9e8-4b62-a7c9-e36f58c8b66b]
    CSeq: 30189 INVITE
    Allow: OPTIONS, INFO, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER
    Supported: 100rel, timer, replaces, norefersub
    Session-Expires: 1800
    Min-SE: 90
    X-UCM-AudioRecord: *3
    X-Grandstream-Transport: trunk
    Max-Forwards: 70
    User-Agent: Grandstream UCM6510V1.4B 1.0.13.14
    Content-Type: application/sdp
    Content-Length: 362
    Message Body
    Session Description Protocol
    Session Description Protocol Version (v): 0
    Owner/Creator, Session Id (o): - 940375837 940375837 IN IP4 111.192.9.102
    Session Name (s): Asterisk
    Connection Information (c): IN IP4 111.192.9.102

    The wan interface for the request on the ipfire looks like this
    This works
    User Datagram Protocol, Src Port: 5060, Dst Port: 5060
    Source Port: 5060
    Destination Port: 5060
    Length: 1159
    Checksum: 0x5bad [unverified]
    [Checksum Status: Unverified]
    [Stream index: 8]
    [Timestamps]
    Session Initiation Protocol (INVITE)
    Request-Line: INVITE sip:111111610077@88.215.55.107 SIP/2.0
    Method: INVITE
    Request-URI: sip:111111610077@88.215.55.107
    [Resent Packet: False]
    Message Header
    Via: SIP/2.0/UDP 1cd ..111.192.9.102:5060;rport;branch=z9hG4bKPj035fb2b4-28dc-4fc2-ad7c-74c5e6cd3ab1
    Transport: UDP
    Sent-by Address: 111.192.9.102
    Sent-by port: 5060
    RPort: rport
    Branch: z9hG4bKPj035fb2b4-28dc-4fc2-ad7c-74c5e6cd3ab1
    From: "01614528000" sip:01614528000@111.192.9.102;tag=1eb2fdcb-757b-47d1-a549-843ebbbfd6e4
    SIP Display info: "01614528000"
    SIP from address: sip:01614528000@111.192.9.102
    SIP from address User Part: 01614528000
    SIP from address Host Part: 111.192.9.102
    SIP from tag: 1eb2fdcb-757b-47d1-a549-843ebbbfd6e4
    To: sip:111111610077@88.215.55.107
    SIP to address: sip:111111610077@88.215.55.107
    SIP to address User Part: 111111610077
    SIP to address Host Part: 88.215.55.107
    Contact: sip:bf532a64-7f58-4571-aae8-6327078d1b85@111.192.9.102:5060
    Contact URI: sip:bf532a64-7f58-4571-aae8-6327078d1b85@111.192.9.102:5060
    Call-ID: 145a3d93-e9e8-4b62-a7c9-e36f58c8b66b
    [Generated Call-ID: 145a3d93-e9e8-4b62-a7c9-e36f58c8b66b]
    CSeq: 30189 INVITE
    Allow: OPTIONS, INFO, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER
    Supported: 100rel, timer, replaces, norefersub
    Session-Expires: 1800
    Min-SE: 90
    X-UCM-AudioRecord: *3
    X-Grandstream-Transport: trunk
    Max-Forwards: 70
    User-Agent: Grandstream UCM6510V1.4B 1.0.13.14
    Content-Type: application/sdp
    Content-Length: 362
    Message Body
    Session Description Protocol
    Session Description Protocol Version (v): 0
    Owner/Creator, Session Id (o): - 940375837 940375837 IN IP4 111.192.9.102
    Session Name (s): Asterisk
    Connection Information (c): IN IP4 111.192.9.102

    but on the pfsense we see the following
    User Datagram Protocol, Src Port: 5060, Dst Port: 5060
    Source Port: 5060
    Destination Port: 5060
    Length: 1149
    Checksum: 0x2e99 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 1]
    [Timestamps]
    Session Initiation Protocol (INVITE)
    Request-Line: INVITE sip:111111610077@88.215.55.107 SIP/2.0
    Method: INVITE
    Request-URI: sip:111111610077@88.215.55.107
    [Resent Packet: False]
    Message Header
    Via: SIP/2.0/UDP 10.46.1.10:5060;rport;branch=z9hG4bKPjfdc76498-d373-4acf-8e96-1f1087ab655a
    Transport: UDP
    Sent-by Address: 10.46.1.10
    Sent-by port: 5060
    RPort: rport
    Branch: z9hG4bKPjfdc76498-d373-4acf-8e96-1f1087ab655a
    From: "01614528000" sip:01614528000@111.192.9.102;tag=d67ca97c-7e0c-48cd-bb1f-e59cf2bb4820
    SIP Display info: "01614528000"
    SIP from address: sip:01614528000@111.192.9.102
    SIP from tag: d67ca97c-7e0c-48cd-bb1f-e59cf2bb4820
    To: sip:111111610077@88.215.55.107
    SIP to address: sip:111111610077@88.215.55.107
    Contact: sip:5babcd42-9d1a-421e-98ee-f04f5978ffbd@10.46.1.10:5060
    Contact URI: sip:5babcd42-9d1a-421e-98ee-f04f5978ffbd@10.46.1.10:5060
    Call-ID: 4635f80b-7e63-42a7-aabe-89bce54c3937
    [Generated Call-ID: 4635f80b-7e63-42a7-aabe-89bce54c3937]
    CSeq: 16454 INVITE
    Allow: OPTIONS, INFO, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER
    Supported: 100rel, timer, replaces, norefersub
    Session-Expires: 1800
    Min-SE: 90
    X-UCM-AudioRecord: *3
    X-Grandstream-Transport: trunk
    Max-Forwards: 70
    User-Agent: Grandstream UCM6510V1.4B 1.0.13.14
    Content-Type: application/sdp
    Content-Length: 358
    Message Body
    Session Description Protocol
    Session Description Protocol Version (v): 0
    Owner/Creator, Session Id (o): - 1274414544 1274414544 IN IP4 10.46.1.10
    Session Name (s): Asterisk
    Connection Information (c): IN IP4 10.46.1.10
    Time Description, active time (t): 0 0
    Media Description, name and address (m): audio 19716 RT

    So the addresses in red above have not been natted whereas on the ipfire they are - how do i configure pfsense to achieve this ? what am i missing !


Log in to reply