PfSense/Netgate/Starlink/Cisco ATA 191/Voip.ms Phone voip box intermittently loosing registration on voip.ms
-
I'm a pfsense noob but have had basic experience with consumer routers like ASUS, TPlink, Google Mesh, LinkSys, NetGear over the years.
I replaced our Starlink router with a Netgate box running PfSense. Seems intuitive enough. I'm running pretty much the default settings aside from some Static IP device assignments.
In Feb I ported my home phone to voip.ms and picked up a CISCO ATA 191 phone adapter box which works fine with our POTS phones.
Issue I have is after random amounts of time the CISCO box looses registration on voip.ms. Could be a day, a week or even a month before it happens. It just shows no registration on the viop.ms status panel and the phone have no dial tone. They do get battery but just silence. Rebooting the CISCO box restores the connection fine.. until the next time.
The voip.ms folks told me to follow the CISCO SPA 112 template (my ATA 191 is the newest functional equivalent) but to use UPD instead of TLS. They've told me to try change some ports but no change in symptoms.
After going around in circles with support I was given this warning about potential firewall issues
"We don't provide networking support so If you have a firewall like that you need to ensure that ports 5060, 5080 udp/tcp are open and also RTP Ports 100001-20000 udp/tcp for the audio. Also look and disable features like SIP Helper, SIP ALG and/or SPI firewall, which usually cause issues. Our service works fine in a normal internet connection, if your end has a special configuration, firewall or "something else" in the mix, then you need to make sure our service will work through it."
Turning this advice into actual PfSense settings is beyond my current comfort level. Can someone walk me through the actual settings to check in PFSense?
Much appreciated.
-
That is the default setting in pfSense.
There is no SIP ALG unless you install the siproxd package, which you shouldn't.
All ports are open outbound for any devices on the LAN.So unless you have added firewall rules to block traffic it should be allowed. However I would check the firewall log when it fails. I would also check Diag > States to see what states are open to/from the ATA191 IP and what changes after you reboot and it starts working again.
The only thing that pfSense does differently to many (most?) SOHO devices is to set a random source port on outbound connections. Some services, including VoIP, object to this (VoIP and NAT are mortal enemies!
) requiring a static source port rule to be set:
https://docs.netgate.com/pfsense/en/latest/recipes/nat-voip-phones.html#disable-source-port-rewritingSteve