Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PPPoE and VOIP Web base phone registration issue pfsense 2.7.2

    Firewalling
    pfsense 2.7.2 pppoe voip register
    1
    2
    79
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      IT Kyle
      last edited by

      I'll try my best to explain what i get as i don't have a lot of information to go off.

      This client uses a PPPoE username and password from their ISP that has an attached public static IP address assigned to it.

      I've got a client that went over to a new VOIP provider and had issues from the get go. First was a setting in the Advance settings in the firewall that i needed to disable DNS rebinding check and Browser HTTP_REFERER enforcement. Which sorted the issue for the account to connect to the installed client software and the initial startup check that uses port 65501, any settings I've changed that was recommended instead of disabling those settings didn't helped.

      The issue came afterward where i do not have a solution, after trying various of things, where it needs to register the client on the web interface agent phone to bring up the dialing option. I've setup siproxd, tried various rules, NAT settings and any other settings that i could find. No blocked IPs could be found from any of the IPS provided from the VOIP installer, PBX, VOIP host or any of their provisioning servers. If they do a traceroute to the PBX the hops stop at the firewall and going to the PBX ip/host shows pfsense log in GUI where it should route to the internal system?. I've asked them if they have settings on their side is setup NAT firewalls configured etc.
      After testing on a different site where they use a static public IP there was no issue. Install the ISP Microtik router and the VOIP system works without issue.

      What they have is a server/router the VOIP company setup which has static route setup but that is only for the internal physical phones. A cloud PBX and most agents use the online dialer with a few that has a phone.
      The ISP uses a PPPoE log in that has a static Public IP address. The ISP can not give just the Public IP address because they say its for the Layer 2 protection and how their system is setup..
      I've Upgraded/fresh install the firewall to 2.7.2 about a month ago and imported the settings.
      They Also have a multi WAN fail-over setup

      I'm thinking of doing a fresh install and setup instead of importing the settings, but i want more things that i can check when i do this as I need to arrange down time over a weekend when they aren't there as this is a call center.

      Is this just an inherent issue with PPPoE? as I remember having read something a few years back that PPPoE is not handled correctly? but for the life of me i can't find it now.

      I 1 Reply Last reply Reply Quote 0
      • I
        IT Kyle @IT Kyle
        last edited by

        Ok I don't know why but when testing it this weekend it was working. I did not change anything neither did I reinstall and fresh setup.

        Would this have to do with the static routing that was setup previously but the device it was pointing to was removed the same day it was setup till recently when the client went over to the new system and was installed again. I mean it makes sens that the pbx server was speaking to the firewall and the firewall was pointing to a device on the network that was not available.
        NAT is now disabled and siproxd is kinda setup.

        I'll arrange to test the DNS rebinding check to disable and the preferred work around and the same for Browser HTTP_REFERER enforcement and get back if it works now. Though the client registration check for the App was an issue even before static routing was setup.

        Please let me know if there is clarity needed.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post