• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Exception Port Forward RDR for VoIP provider

Scheduled Pinned Locked Moved NAT
9 Posts 2 Posters 804 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    ThomasB
    last edited by Sep 2, 2021, 6:19 PM

    Hi folks,

    my VoIP provider changed its DNS servers so my (SIP) phones couldn't connect anymore.
    I'm using DNS Resolver and redirect all DNS requests to pfSense. So the phones couldn't connect to the new DNS servers. (Why did it worked earlier...?)

    At first it was try and error to find the problem. At the moment I've the following solution doing its job. What do you mean - is this a proper solution?
    DNS Redirect.png

    Thanks for your support!

    Thomas

    D 1 Reply Last reply Sep 2, 2021, 7:16 PM Reply Quote 0
    • D
      DaddyGo @ThomasB
      last edited by Sep 2, 2021, 7:16 PM

      @thomasb said in Exception Port Forward RDR for VoIP provider:

      my VoIP provider changed its DNS servers so my (SIP) phones couldn't connect anymore

      Hi,

      I am a bit confused about....😉

      I don't really understand what the VOIP provider's DNS servers have to do with you?!

      For example, we don't even use the DOMAIN name of our service provider (VOIP) when connecting (sip.ephone.hu) we give for the VOIP device a direct IP address for SIP registration. (nslookup sip.ephone.hu)

      b202b5c8-39fc-4227-8b28-b759a19821c1-image.png

      so no DNS resolution is needed - which the pfSense resolver would otherwise do very well - and not the VOIP provider's DNS server do that anyway

      it is possible that, because the VOIP devices are different from manufacturer to manufacturer - and use different and different routes to log on to the manufacturer's servers, check the FW, etc.

      hmmmm, .... there might be a problem here if they changed the DNS resolution method in a FW update, just like the damn IoT devices don't like it when you force DNS (redirect DNS on pfSense)

      you can observe in a pfTop when a VOIP device boots up and makes outbound connections on multiple 80/443 ports to an intermediate network with the manufacturer, developer, whoever

      so I think this is more of a VOIP device problem rather than a VOIP provider problem

      BTW:
      (I suppose, we are talking about a handheld hardware base phone and not a software base VOIP, like ZOIPER, etc.) ???

      Cats bury it so they can't see it!
      (You know what I mean if you have a cat)

      T 1 Reply Last reply Sep 3, 2021, 6:20 AM Reply Quote 0
      • T
        ThomasB @DaddyGo
        last edited by Sep 3, 2021, 6:20 AM

        @daddygo
        Yes, I'm also confused.

        But I can answer your questions so far:

        • pfSense configuration not changed
        • hardware based phone not changed
        • VoIP provider changed DNS servers

        I've also configured the DNS server IP's in the phone as well as in the DHCP server for this client.

        In the log entries I've seen that the phone's DNS requests are redirected to 127.0.0.1 before I set a separate Port Forward rule. I think the redirect is in some way the problem because a connection to the VoIP DNS server can not be established.

        D 1 Reply Last reply Sep 3, 2021, 9:26 AM Reply Quote 0
        • D
          DaddyGo @ThomasB
          last edited by DaddyGo Sep 3, 2021, 9:38 AM Sep 3, 2021, 9:26 AM

          @thomasb said in Exception Port Forward RDR for VoIP provider:

          because a connection to the VoIP DNS server can not be established.

          @ThomasB "Yes, I'm also confused."

          I'm just confused by your description, with VOIP I think I'm in the picture 😉 (maybe, hahahha)

          Please show us where in your device settings you need to specify the DNS servers of your VOIP provider SIP reg., (upload PRTSC here)

          As I wrote, there is no need to specify DNS settings by default for VOIP provider (if you use IP address instead of DOMAIN), unless the VOIP device requires it for its own communication.

          What happened may have been caused by a recent automatically running VOIP device FW upgrade that happened in the background and changed the DNS requirement of the device, which now refuses to connect without it.

          Please also specify the type of device.

          Cats bury it so they can't see it!
          (You know what I mean if you have a cat)

          T 1 Reply Last reply Sep 3, 2021, 10:22 AM Reply Quote 0
          • T
            ThomasB @DaddyGo
            last edited by Sep 3, 2021, 10:22 AM

            @daddygo said in Exception Port Forward RDR for VoIP provider:

            PRTSC

            b57ecf16-71eb-450a-88fc-84a0f2b7aad5-grafik.png

            Hardware: Yealink W60B

            In the past there was no DNS IP set in the configuration so I think this is needless.
            Also this should be needless (as it was in the past):
            74573bcf-54b4-48a3-a8e1-18dcec37f333-grafik.png

            I could imagine that you are confused about my description because I don't understand the problem by myself.

            I can rule out that there was an update of the Yealink. I update manually if it is necessary.
            So the only change was made by our VoIP provider.
            The support staff wrote that I have to use their DNS servers. That's the only available information. I didn't use their DNS servers since a few years.

            D 1 Reply Last reply Sep 3, 2021, 12:34 PM Reply Quote 0
            • D
              DaddyGo @ThomasB
              last edited by Sep 3, 2021, 12:34 PM

              @thomasb said in Exception Port Forward RDR for VoIP provider:

              The support staff wrote that I have to use their DNS servers. That's the only available information. I didn't use their DNS servers since a few years.

              It's a strange statement on their part, because DNA is the same all over the world, I hope.
              (DNS is a good data collection tool, hihihihi)

              Network tab on Yealink:

              Just as I thought, these are the general "network" settings for the VOIP device, they don't need to point to the VOIP provider's DNS server, these will work fine with pfSense DNS resolver.
              (especially because you give it static mapping, where if no DNS server is specified it will use the default)

              although it's a Chinese miracle, why wouldn't it work with general DNS settings ?-!, a surprisingly good configurable device - I briefly read the admin guide

              where you should look for the source of the problem is in the SIP account settings and/or (but I don't think so) pfSense NAT + port forward
              here is a good guide for this:
              https://www.3cx.com/docs/pfsense-firewall/

              1. you have received a SIP server access from your service provider - something like this: sip.voipproviderdomain.something (com / us / eu)

              try replacing the SIP server config with an IP address (nslookup) to rule out DNS resolution problems, and in pfTop you can see the connections made by host 192.168.100.14 (SIP(TLS), RTP, HTTP, HTTPS) this will tell you what the problem might be

              I show you now, what you should see on a well registered VOIP when a call / conversation is in progress (SIP OK on 5060 - 31561 / RTP OK 31006)

              43311671-0cb0-4b52-be16-16feec39fdfe-image.png

              BTW:

              does your provider use STUN or outbound proxy stuff

              Cats bury it so they can't see it!
              (You know what I mean if you have a cat)

              T 1 Reply Last reply Sep 3, 2021, 12:54 PM Reply Quote 0
              • T
                ThomasB @DaddyGo
                last edited by Sep 3, 2021, 12:54 PM

                @daddygo said in Exception Port Forward RDR for VoIP provider:
                Thanks a lot for your support!

                I will try it later. Another approach would be to use a soft phone and give it a try. Nevertheless if this should work, I still do not understand where the problem comes from.

                SIP connection is established at port 5060 but calls are not possible.
                I have no information (found) regarding STUN server.

                D 1 Reply Last reply Sep 3, 2021, 1:45 PM Reply Quote 0
                • D
                  DaddyGo @ThomasB
                  last edited by Sep 3, 2021, 1:45 PM

                  @thomasb said in Exception Port Forward RDR for VoIP provider:

                  Another approach would be to use a soft phone and give it a try.

                  It would have been my next proposal.
                  It's a good little VOIP tester software, we use a lot:
                  https://www.microsip.org/

                  Cats bury it so they can't see it!
                  (You know what I mean if you have a cat)

                  1 Reply Last reply Reply Quote 1
                  • T
                    ThomasB
                    last edited by Sep 7, 2021, 12:36 PM

                    Update:

                    MicroSIP says "Wrong password". That's crazy because it's the same as in the hardware phone.

                    I suspect that there is still a technical problem.

                    14:32:54.992  sip_resolve.c  ...DNS resolver not available, target 'sip.amplusvoice.de:0' type=UDP will be resolved with getaddrinfo()

                    I'll try it with my mobile.

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received