FIXED: more than one IP Phone (SIP) behind pfSense - not working



  • I have two SIP Polycom VoIP phones with LAN IP sitting behind pfSense. Only the phone that connects to the network first works. The second phone connected to the network just gets the IP address but does not work.

    These two phones connect to a Asterisk server sitting at a hosting site, so I am guessing it is nothing to do with NAT.

    The same two phones, when connected behind other firewall routers is working fine - like Netgear, Linksys etc.,

    This is really slowing down the process of testing these VoIP phones - need to connect at least 3 more.

    Any help in narrowing down the problem is highly appreciated.

    Thanks,
    DK

    ************************ SOLUTION / FIX *********************

    After reading related topics on this and other forums, I found that all that is required is to choose: Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)). This let multiple phones work with no issues, no configuration required on the phones regarding NAT.

    This I tested on a fresh install of pfSense also. No SIProxd package installed.

    1. Select the Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)) under Firewall -> NAT -> Outbound (this creates an entry as shown in the attached image)
    2. Create an alias with all phone IPs - PhoneIPs
    3. Create a rule for this alias - PhoneIPs on LAN interface to allow selective ports (or all) to the SIP Servers.**

    Everything works great.

    Thanks to those who responded here and offline.

    DK



  • You are using siproxd on pfSense?


  • Banned

    I use port forwarding for that….

    Setup your SIP phone for control port 5060, and your WAN IP address. Then you just port forward to the SIP phones and they will connect without problems...

    Then give the phones an internal IP address on the LAN and forward traffic from WAN -> IP...

    I have 28 CISCO 7940 SIP converted phones running here in at the office.




  • wallabybob & Supermule thanks for the reply.

    wallabybob: I setup siproxd and it killed even the one phone that was working too, so I had to uninstall. May be I was not clear on the settings of siproxd. If you have more details, please share and I will try.

    Supermule: Can you please be bit more detailed?
    Setup your SIP phone for control port 5060, and your WAN IP address.
    Done. I have updated both the phones with the control (signaling) port and WAN IP address.

    Then you just port forward to the SIP phones and they will connect without problems…
    Can you explain this a bit more?

    Then give the phones an internal IP address on the LAN and forward traffic from WAN -> IP…
    1. Phones have internal IPs assigned
    2. Do I need to port forward from WAN to each phone IP?

    Thanks again,
    DK


  • Banned

    Portforward from WAN -> Phone IP on LAN.

    And yes….You need portforward for each phone!



  • I have 7 Polycom IP650's at one location behind a pfSense box.  We're not using Asterisk (using OnSip/Junction Networks) but I had the same problem.  I tried siproxd and couldn't get it to work.  After reading every post here concerning SIP (at least 3 times) I finally started with a fresh install and enabled Advanced Outbound NAT, made a rule for the VoIP VLAN out (separate interface from LAN), and rebooted.  Every phone came up and has been working great since.  I've never used Asterisk (been wanting to check it out in my "spare" time), but OnSip runs everything by RFC standards, no extra bells and whistles unless it's a standard.  I would "assume" that Asterisk works the same way.

    Of course, the great thing about standards is there are so many to choose from . . .  ;)


Log in to reply