Asterisk and PFSENSE

  • Hi,

    I have recently moved to PFSENSE and was having some problems with sound on the Asterisk box.

    I can also see lots of people having the same problem, therefore I would like to publish how i made it work to help people in the future having the same problems.

    here we go:

    set up the port forwarding as normal from the traffic coming into your network from the internet.

    example  wan  > 5060  > (your asterisk box ip)
                  wan  > (RTP ports)  > (your asterisk box ip)

    then the problem after you set this up is, you only get one way audio.

    so on you lan rules set up a rule alowing all traffic out from you asterisk box

    example  lan  >  (your asterisk box ip)  >  all

    this is the problem many people are having, Asterisk will use random ports to go out onto the net and if the rules on the LAN only allow  port 5060 and the RTP ports, you can only get one way audio even tough the rules are correct.

    I hope this can help someone.



    PS: to Chris and Paul, congratulations for the book really amazing information, thanks

  • I'm not sure I am understanding your last statement.  By default, any LAN host can go anywhere on the internet, so the rule referring to asterisk doing so is pointless.  What causes one-way audio (and how to fix it) is that pfsense rewrites the source port number for NAT'ed connections, including the RTP ports, which end up not matching what is sent in the INVITE to the remote server.  The way to deal with that is to enable AON, and in the resulting rule, set static ports to YES (there are several posts in the forums here talking about this.)  Also, you want to have 'externhost=xxx' where 'xxx' is an external name set by dyndns or some similar service, so asterisk can detect whether to put the WAN IP in the INVITE headers (you also want to set localnet to your LAN subnet).

  • you need to forward ports 10000-20000, and check your sip_nat.conf file there some info you need to add there.

    check the forums

    They are both based on asterisk.

Log in to reply