Issues resetting states
-
@jkalber said in Issues resetting states:
Does the GUI never refresh/load saying something like "states reset successfully" or something of that nature?
Not in my experience.
Monitor your live FW logs for all traffic for a selected phone's IP to see if you're blocking it somehow. Sounds like it may be switching to another range after call pickup. Not a VOIP expert. Hated VOIP when I had to maintain it.
-
@provels Yeah - it can be a real pain in the butt to support and manage sometimes.
-
So Vitelity believes I have an issue with the firewall and how it is handling port forwarding. Are there any experts here that might be able to help me out? I have all of our firewalls configured the same for RTP port forwarding, not sure if there is anywhere else that I can check to resolve this issue?
From Vitelity: I believe I have identified the issue. I have uploaded a SIP ladder for your review. As I was capturing the call I could hear the called party answered and say hello a couple times and the calling party said they couldn't hear anything. I believe the issue is with your RTP ports. Your invite specifies that you want us to send RTP to 216.74.234.162 port 34502 in the SDP, but when you're sending us audio, you're sending it from port 12002. When we send you audio, we send it to 34502 as you requested. I confirmed this same behavior on multiple calls. My best guess is that it's an issue with how your firewall is handling the port forwarding.
-
@jkalber
I remember we had issues with one-way audio, but too many years ago now. I'd probably make a couple LAN rules to monitor ALL traffic to/from a test phone's IP and also your phone server's IP, then monitor the FW logs dynamically and filter the logs for the related IPs and test, test, test. If that doesn't find it, move to the WAN. Sorry, best I can offer. -
@jkalber said in Issues resetting states:
but when you're sending us audio, you're sending it from port 12002
That sounds like the NAT is changing the ports. You can give the phone a fixed IP and tell pfSense not to do that:
Navigate to “Firewall” > “NAT” > “Outbound”.
Set the type from automatic to “Hybrid” and press “Save”.
Now create a new “Mapping Rule” to set:
“Source” for the phone LAN IP, e.g. 192.168.3.155.
“Port or Range” - enable “Static Port”.Move the rule to the first position in your “Mappings" table.
It probably depends on the phone and phone system? We host 3CX for clients and though only one has a phone using STUN we haven't had to do that for the phone. But it's necessary if the 3CX server is behind NAT.
-
@steveits Thanks for the recommendation Steve! So I already have the NAT mode set to Hybrid Outbound NAT just like every other site that I support. I haven't had to create any type of mapping rule to specify a phones static IP, thoughts?
Below is a screenshot of my current settings for NAT Outbound
-
@jkalber That's saying all devices on your network using UDP get a translated port. If you check Static Port what happens? You might need to clear states for the phone or reboot the phone, if it doesn't work right away.
-
@steveits Are you referring to the check box that says Static Port right next to Port or Range which I currently have blank?
-
@steveits HOLY CRAP THAT WAS IT. Dude can you shoot me your venmo or zelle? I owe you a six pack at the very least.
-
@jkalber You're welcome. Just help someone else someday. :)