VOIP Issues

Bert 0

Hello,

I'm brand new to pfSense so please excuse my ignorance.

I have a couple of VOIP phones in my office that have been connected to a cloud PBX (1-Voip) and have been working fine. I replaced my old firewall this morning with a NetGate SG-1100 and my phones can no longer connect to the cloud PBX. With the old firewall, I didn't have to configure anything for the phones to work and I have another phone connected to the same 1-Voip account at another location that continues to operate properly so it appears that it is a configuration issue on the pfSense box. Is there anything in particular I need to setup on my firewall for my VOIP phones to work?

Thanks

Bert

stephenw10

You shouldn't normally have to do anything to allow VoIP phones to connect to an external PBX.
However some VoIP systems have requirements that might need special settings. The most likely of which is a static outbound source port. pfSense randomises the source port of connections by default and some older services cannot handle that.

See: https://docs.netgate.com/pfsense/en/latest/recipes/nat-voip-phones.html#disable-source-port-rewriting

Steve

Bert 0

@stephenw10 Thanks for the reply and link, Steve. I will check it out when I get back in to my office tomorrow morning.

Bert

bingo600

@bert-0
If you later on after registering ok , experience "Cant receive an inbound call" , after some time.
You might want to have a look at either "SIP Register timeout" and/or (NAT) keepalive or STUN.

I have had situations where the firewall state to the PBX timed out, and inbound calls were rejected by the firewall.

My usual test for that is (After phone has been idle for 30 min):
Make inbound call --> It fails.
Make outbound call (establish new states) , then right after make inbound call , inbound now working.
This indicate a state timeout issue.

You should set your register frequency or keepalive lower than the firewall state timeout.

/Bingo

Bert 0

Found the culprit...

It occurred to me last night that the phones stopped working some time after I had added some packages to the pfSense box. Through a bit of trial-and-error, I found that the Snort package was causing the phones to fail. Remove Snort, phones work fine. Reinstall Snort to confirm and phones fail. Removed Snot again and all is well.

I guess I will have to spend a bit of time with Snort before it is a useful package for me.

Thanks for the replies.

Bert

stephenw10

Yeah, you should run Snort in non-blocking mode for a while and make sure it's not alerting on anything you need before letting it start blocking.

See: https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html#setting-up-snort-package-for-the-first-time

Steve

Bert 0

@stephenw10 Thanks, Steve. I reinstalled Snort and turned off blocking. So far, everything appears to be working fine.

Bert