Voip no audio

rafamello

Re: Does pfsense have sip alg?

Hello, ... I have something similar here.

The phones connect all right, but there is no audio. If it is placed outside Pfsense it works perfectly.

The PABX is outside the company, in the cloud, is there any?

Stewart

VoIP without audio is a NAT issue. If they connect then SIP signaling is working, generally on port 5060 or 5061. If there is no audio then RTP is not working. Check to be sure that SIP ALG is turned off in your modem. That's generally the best place to start.

rafamello

No modem? But I have a direct DMZ for the sense that controls everything within a forum and what enters.

Stewart

Your provider would have a modem. Either a Cable or DSL modem. Or if Fiber maybe an ONU? What is the ISP equipment you are plugging into?

chpalmer

You are not double NAT'd are you? VOIP was not originally designed to be behind NAT when it first surfaced. NAT was hacked in later. Double NAT can be double trouble.

Create a firewall rule allowing your PBX server to your clients behind your pfsense box.

No port forward.. just the firewall rule.

rafamello

I have a modem that makes a dmz for pfsense.

chpalmer

What is the WAN address of your pfsense box? Public or private?

rafamello

@chpalmer said in Voip no audio:

You are not double NAT'd are you? VOIP was not originally designed to be behind NAT when it first surfaced. NAT was hacked in later. Double NAT can be double trouble.
Create a firewall rule allowing your PBX server to your clients behind your pfsense box.
No port forward.. just the firewall rule.

I have as rules both LAN and WAN for IP of IPBX that is in the Amazon.

I have no port forwarding as it is external.

Many articles say to configure outgoing NAT

chpalmer

But you seem to be avoiding the main questions.. Are you double NAT'd?

DaddyGo

@rafamello

@Stewart Stewart says it right

if you have registration, ergo you have SIP initialization,
so if there is no sound then the RTP ports will not pass...
most VOIP devices have configurable RTP ports, look for something that is not a bumper and pass it through the NAT (port forward)

@chpalmer "Are you double NAT'd?"

and his question is also very important

+++edit:
as shown here:

or
(since SIP has NAT Traversal, the RTP not)

https://voipstudio.com/blog/sip-nat-traversal/

Stewart

RTP faces 2 big problems: SIP ALG and NATting. SIP ALG was created to assist in allowing SIP to traverse networks properly by rewriting the ports in the headers. I've troubleshot countless VoIP problems and I've never, not once, seen SIP ALG do anything but break SIP. At this point it's almost like it becomes a selling point for ISPs. NATting is an issue in that the packets have internal and external IPs and ports listed in the info packets. If they get NATted more than once then those get jumbled. It's a terrible mess.

Ultimately you must figure out these 3 things:

1. Is your WAN a public IP or a private IP? If it's public then you're not being double NATted. If it's private then it is.
2. Does the modem have any firewalling in place? Regardless of the rest of the stuff, having the firewall on can interfere.
3. Is the modem performing SIP ALG? If so, it must be turned off.

The step after that will probably be a Wireshark trace. Start capturing on the WAN, place a test call, hang up, stop the capture. Then you can view the VOIP info in Wireshark and see what's happening. Who is your SIP provider?

@DaddyGo Is that a Grandstream inferface I see there? That looks an awful lot like the old GXW4108s I used to use.

rafamello

the company that "sold" the service configured ports 16000: 33000 for RTP.

About duplicating NAT, I didn't understand.

What I have is:


DaddyGo

@Stewart said in Voip no audio:

Is that a Grandstream inferface I see there? That looks an awful lot like the old GXW4108s I used to use.

ok you won
in some places in our radio studio we use these "beauties" Grandstream HT801 és 802, for older analog phones, as ATA
this is because the Cisco STA112 cannot operate from POE power

their GUI is evil, but otherwise I think they have been working without problems for 6 to 7 years...

Stewart

@DaddyGo I ran a ton of HT502s and never had a problem. The GXWs needed to be rebooted once or twice year but otherwise worked well. The Sipura/Linksys/Cisco SPA ATA models have been less reliable and cost a bit more. Towards the end of us using them they got a new GUI but I wasn't in them much after that so I'm not sure the difference. I don't think that the newer firmware had the yellow background with the orange headers, though, so that may help with the interface.

Stewart

@rafamello Can you re-upload? All I'm seeing is text showing ""

rafamello

@Stewart

1.Is your WAN a public IP or a private IP? If it's public then you're not being double NATted. If it's private then it is.

private
2.Does the modem have any firewalling in place? Regardless of the rest of the stuff, having the firewall on can interfere.

It is disabled
3.Is the modem performing SIP ALG? If so, it must be turned off.
It is disabled

DaddyGo

@Stewart "he GXWs needed to be rebooted once or twice year but otherwise worked well."

now a built-in feature in the GUI for configurable reboot ... juppppijuhe
every two weeks on Sunday at dawn restart and work really well

chpalmer

@rafamello said in Voip no audio:

private

Would it be possible for you to bridge your modem and get your public IP address on your WAN?

DaddyGo

@rafamello

SIP makes it easier... to find his way, especially if you have STUNT in the system
RTP is not and if you have dual NAT then it sucks

rafamello

@Stewart

DaddyGo

@rafamello

listen to the good advice from @chpalmer :
Would it be possible for you to bridge your modem and get your public IP address on your WAN?

++++edit:
VOIP, behind dual-NAT can take several hours for even a seriously trained IT guy too

rafamello

@chpalmer said in Voip no audio:

Would it be possible for you to bridge your modem and get your public IP address on your WAN?

I am seeing another environment that has this configuration for me to test.

rafamello

@DaddyGo it's difficult, you will end up losing the customer.

DaddyGo

@rafamello

do you write from Portugal or Brazil?

rafamello

@DaddyGo

Brasil

rafamello

@Stewart said in Voip no audio:

SIP ALG

now with the public IP on the WAN the IPBX support is claiming that the internal IP arrives, I believe that I would now have to do a nat out ... I already have the image in the will it be correct?

DaddyGo

@rafamello "Brasil"

this is a problem, because if you were corresponding from Portugal.....
then I know ISPs (MEO, NOS, Vodafone)here and I know how to create "modo -bridge"

-the easiest is if you can get a direct public IP on the WAN

• if you can't do that then the RTP ports must be forwarded through the ISP router and pfSense and it will work

unfortunately, it is so difficult to help that we do not know your tools / devices or the specific connection system

Stewart

@rafamello If their SIP packets have the private IP encapsulated then they won't be able to stream back to you. I'm not sure which it would be but it's either ALG or the double NAT. SIP doesn't really work with either.

When dealing with Cable operators in the USA (Spectrum and Comcast) there are 3 modes for the cable modems:

1. RIP with NAT = Use when you are not providing a separate router. You would never use this with pfSense or any other customer provided firewall/router.
2. RIP without NAT = Use when you have a static IP programmed in the router and the modem needs to be your Gateway.
3. Bridge = Use when you don't have a static and are providing your own router. This puts the Public IP directly on your firewall.