Exception Port Forward RDR for VoIP provider
-
Hi folks,
my VoIP provider changed its DNS servers so my (SIP) phones couldn't connect anymore.
I'm using DNS Resolver and redirect all DNS requests to pfSense. So the phones couldn't connect to the new DNS servers. (Why did it worked earlier...?)At first it was try and error to find the problem. At the moment I've the following solution doing its job. What do you mean - is this a proper solution?
Thanks for your support!
Thomas
-
@thomasb said in Exception Port Forward RDR for VoIP provider:
my VoIP provider changed its DNS servers so my (SIP) phones couldn't connect anymore
Hi,
I am a bit confused about....
I don't really understand what the VOIP provider's DNS servers have to do with you?!
For example, we don't even use the DOMAIN name of our service provider (VOIP) when connecting (sip.ephone.hu) we give for the VOIP device a direct IP address for SIP registration. (nslookup sip.ephone.hu)
so no DNS resolution is needed - which the pfSense resolver would otherwise do very well - and not the VOIP provider's DNS server do that anyway
it is possible that, because the VOIP devices are different from manufacturer to manufacturer - and use different and different routes to log on to the manufacturer's servers, check the FW, etc.
hmmmm, .... there might be a problem here if they changed the DNS resolution method in a FW update, just like the damn IoT devices don't like it when you force DNS (redirect DNS on pfSense)
you can observe in a pfTop when a VOIP device boots up and makes outbound connections on multiple 80/443 ports to an intermediate network with the manufacturer, developer, whoever
so I think this is more of a VOIP device problem rather than a VOIP provider problem
BTW:
(I suppose, we are talking about a handheld hardware base phone and not a software base VOIP, like ZOIPER, etc.) ??? -
@daddygo
Yes, I'm also confused.But I can answer your questions so far:
- pfSense configuration not changed
- hardware based phone not changed
- VoIP provider changed DNS servers
I've also configured the DNS server IP's in the phone as well as in the DHCP server for this client.
In the log entries I've seen that the phone's DNS requests are redirected to 127.0.0.1 before I set a separate Port Forward rule. I think the redirect is in some way the problem because a connection to the VoIP DNS server can not be established.
-
@thomasb said in Exception Port Forward RDR for VoIP provider:
because a connection to the VoIP DNS server can not be established.
@ThomasB "Yes, I'm also confused."
I'm just confused by your description, with VOIP I think I'm in the picture (maybe, hahahha)
Please show us where in your device settings you need to specify the DNS servers of your VOIP provider SIP reg., (upload PRTSC here)
As I wrote, there is no need to specify DNS settings by default for VOIP provider (if you use IP address instead of DOMAIN), unless the VOIP device requires it for its own communication.
What happened may have been caused by a recent automatically running VOIP device FW upgrade that happened in the background and changed the DNS requirement of the device, which now refuses to connect without it.
Please also specify the type of device.
-
@daddygo said in Exception Port Forward RDR for VoIP provider:
PRTSC
Hardware: Yealink W60B
In the past there was no DNS IP set in the configuration so I think this is needless.
Also this should be needless (as it was in the past):
I could imagine that you are confused about my description because I don't understand the problem by myself.
I can rule out that there was an update of the Yealink. I update manually if it is necessary.
So the only change was made by our VoIP provider.
The support staff wrote that I have to use their DNS servers. That's the only available information. I didn't use their DNS servers since a few years. -
@thomasb said in Exception Port Forward RDR for VoIP provider:
The support staff wrote that I have to use their DNS servers. That's the only available information. I didn't use their DNS servers since a few years.
It's a strange statement on their part, because DNA is the same all over the world, I hope.
(DNS is a good data collection tool, hihihihi)Network tab on Yealink:
Just as I thought, these are the general "network" settings for the VOIP device, they don't need to point to the VOIP provider's DNS server, these will work fine with pfSense DNS resolver.
(especially because you give it static mapping, where if no DNS server is specified it will use the default)although it's a Chinese miracle, why wouldn't it work with general DNS settings ?-!, a surprisingly good configurable device - I briefly read the admin guide
where you should look for the source of the problem is in the SIP account settings and/or (but I don't think so) pfSense NAT + port forward
here is a good guide for this:
https://www.3cx.com/docs/pfsense-firewall/- you have received a SIP server access from your service provider - something like this: sip.voipproviderdomain.something (com / us / eu)
try replacing the SIP server config with an IP address (nslookup) to rule out DNS resolution problems, and in pfTop you can see the connections made by host 192.168.100.14 (SIP(TLS), RTP, HTTP, HTTPS) this will tell you what the problem might be
I show you now, what you should see on a well registered VOIP when a call / conversation is in progress (SIP OK on 5060 - 31561 / RTP OK 31006)
BTW:
does your provider use STUN or outbound proxy stuff
-
@daddygo said in Exception Port Forward RDR for VoIP provider:
Thanks a lot for your support!I will try it later. Another approach would be to use a soft phone and give it a try. Nevertheless if this should work, I still do not understand where the problem comes from.
SIP connection is established at port 5060 but calls are not possible.
I have no information (found) regarding STUN server. -
@thomasb said in Exception Port Forward RDR for VoIP provider:
Another approach would be to use a soft phone and give it a try.
It would have been my next proposal.
It's a good little VOIP tester software, we use a lot:
https://www.microsip.org/ -
Update:
MicroSIP says "Wrong password". That's crazy because it's the same as in the hardware phone.
I suspect that there is still a technical problem.
14:32:54.992 sip_resolve.c ...DNS resolver not available, target 'sip.amplusvoice.de:0' type=UDP will be resolved with getaddrinfo()
I'll try it with my mobile.