Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Incoming VOIP only working for a few minutes

    Scheduled Pinned Locked Moved NAT
    16 Posts 7 Posters 8.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      roberttran
      last edited by

      I recently got VoIP service from voipyourlife.com. I set up port forwarding and firewall rules to allow UDP traffic for ports 5060, 3478 5004, and 16382-16484. When I start up the VoIP box, it will register and I am able to make outgoing and incoming calls fine. Then after a few minutes, I can't get any more incoming calls (outside calling in). Outgoing calls work perfectly fine, but no incoming calls after a few minutes. If I reset the VoIP box or re-apply firewall rules, it will work again for a few minutes. I called tech support up and they are not seeing the VoIP box talking to them on port 5060. Instead it's talking to them at random ports in the 50000 range each time it registers.

      What's going on? I'm really confused.

      1 Reply Last reply Reply Quote 0
      • J
        jeroen234
        last edited by

        did you setup a static port for port 5060 ?
        if you don't then pfsense will send it tru on random ports for higher security

        1 Reply Last reply Reply Quote 0
        • R
          roberttran
          last edited by

          @jeroen234:

          did you setup a static port for port 5060 ?
          if you don't then pfsense will send it tru on random ports for higher security

          Which menu is that under? I don't see it under the firewall rules or port fowarding.

          Thanks,
          Robert

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            enable advanced outbound nat at firewall>nat, outbound. It will create the needed NAT rule for LAN->WAN for you automatically. Then create a rule ABOVE of this default rule for source <ip-phone ip="">, destination any and check the static port option (you basically can copy the default rule and change the source IP and check the static port option). After that go to diagnostics>states, reset states and reset the states to make the phone establish the connections using the static port option.</ip-phone>

            1 Reply Last reply Reply Quote 0
            • R
              roberttran
              last edited by

              @hoba:

              enable advanced outbound nat at firewall>nat, outbound. It will create the needed NAT rule for LAN->WAN for you automatically. Then create a rule ABOVE of this default rule for source <ip-phone ip="">, destination any and check the static port option (you basically can copy the default rule and change the source IP and check the static port option). After that go to diagnostics>states, reset states and reset the states to make the phone establish the connections using the static port option.</ip-phone>

              I can't set a source IP, only network

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                a /32 network is a single IP  ;)

                1 Reply Last reply Reply Quote 0
                • J
                  Jonb
                  last edited by

                  Would this affect how it handls VPN traffic using 5060 as well.

                  Hosted desktops and servers with support without complication.
                  www.blueskysystems.co.uk

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    VPN traffic is not natted so this is no problem when using VPNs anyway.

                    1 Reply Last reply Reply Quote 0
                    • M
                      maldex
                      last edited by

                      Hi roberttran

                      did the StaticPort setting solve you issue about incomming calls after a few minutes? how often does your VoIP Box register?

                      i'm exactely reachable from outside for 60 seconds…thats when the UDP session times out. the Phonebox still  doesn't know about that and sends the next register not before the next 120 seconds....2/3 of the time offline :P

                      cheers

                      1 Reply Last reply Reply Quote 0
                      • C
                        cmb
                        last edited by

                        maldex: you need to create a rule allowing your VoIP and increase the state timeout on that rule. Static port for SIP is a good thing as well, if you upgrade to 1.2b1 it'll automatically create the static port rules for SIP.

                        1 Reply Last reply Reply Quote 0
                        • M
                          maldex
                          last edited by

                          na, doesn't work. the State-tiemout works only for TCP, not UDP. and i can't upgrade yet because my pfsense is embedded …

                          1 Reply Last reply Reply Quote 0
                          • H
                            hoba
                            last edited by

                            You can upgrade either by reflashing or by feeding the full update file to the webgui after renaming it to inlcude "embedded" in the filename. We have a confirmation that this worked on a WRAP on IRC yesterday. Give it a try but be prepared for a reflash (just for the case something goes wrong).

                            1 Reply Last reply Reply Quote 0
                            • M
                              maldex
                              last edited by

                              i'll come back on upgrading when i got the time for it…..

                              cheers

                              1 Reply Last reply Reply Quote 0
                              • H
                                hoba
                                last edited by

                                Upgrading on embeddeds using the full updates works now. I have tested it myself now and we fixed one remaining problem with the serial console not doing autologin on bootup complete. Looks like FreeBSD 6.2 handles the WRAP bios much better than the older FreeBSD versions.

                                1 Reply Last reply Reply Quote 0
                                • M
                                  maldex
                                  last edited by

                                  hi again

                                  took a bit longer.

                                  I Upgraded now to 1.2Beta1-Embedded.

                                  since i got guite a lot of other configuration (VPN, etc) i took the old configuration and heven't done a new one. but the NAT problem persists. after around 60seconds, the NATed UDP connection is not visible anymore, nor is the phone ringing on a incomming call.

                                  Setting to Optimations to Conservative didnt solved it neither.

                                  how can this SIP rule be generated?

                                  cheers

                                  ps, i was lazy..i took another CF :)

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    mihpel
                                    last edited by

                                    I had the same issue while trying to receive incoming calls from my sip provider to my asterisk server which is nat'ed behind a pfsense box.

                                    What resolved my issue was setting up my asterisk server to refresh it's connection to my sip provider every 10 sec in sip_nat.conf. "externrefresh=10" thus avoiding the expiration of the udp session which occurs every 30 to 60 seconds.

                                    I think the same thing can be done with an ATA or VoIP telephone, by setting "Nat keep alive = yes" and "Use DNS SRV = yes"

                                    Hope i was helpful.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.