Incoming VOIP only working for a few minutes
-
did you setup a static port for port 5060 ?
if you don't then pfsense will send it tru on random ports for higher securityWhich menu is that under? I don't see it under the firewall rules or port fowarding.
Thanks,
Robert -
enable advanced outbound nat at firewall>nat, outbound. It will create the needed NAT rule for LAN->WAN for you automatically. Then create a rule ABOVE of this default rule for source <ip-phone ip="">, destination any and check the static port option (you basically can copy the default rule and change the source IP and check the static port option). After that go to diagnostics>states, reset states and reset the states to make the phone establish the connections using the static port option.</ip-phone>
-
enable advanced outbound nat at firewall>nat, outbound. It will create the needed NAT rule for LAN->WAN for you automatically. Then create a rule ABOVE of this default rule for source <ip-phone ip="">, destination any and check the static port option (you basically can copy the default rule and change the source IP and check the static port option). After that go to diagnostics>states, reset states and reset the states to make the phone establish the connections using the static port option.</ip-phone>
I can't set a source IP, only network
-
a /32 network is a single IP ;)
-
Would this affect how it handls VPN traffic using 5060 as well.
-
VPN traffic is not natted so this is no problem when using VPNs anyway.
-
Hi roberttran
did the StaticPort setting solve you issue about incomming calls after a few minutes? how often does your VoIP Box register?
i'm exactely reachable from outside for 60 seconds…thats when the UDP session times out. the Phonebox still doesn't know about that and sends the next register not before the next 120 seconds....2/3 of the time offline :P
cheers
-
maldex: you need to create a rule allowing your VoIP and increase the state timeout on that rule. Static port for SIP is a good thing as well, if you upgrade to 1.2b1 it'll automatically create the static port rules for SIP.
-
na, doesn't work. the State-tiemout works only for TCP, not UDP. and i can't upgrade yet because my pfsense is embedded …
-
You can upgrade either by reflashing or by feeding the full update file to the webgui after renaming it to inlcude "embedded" in the filename. We have a confirmation that this worked on a WRAP on IRC yesterday. Give it a try but be prepared for a reflash (just for the case something goes wrong).
-
i'll come back on upgrading when i got the time for it…..
cheers
-
Upgrading on embeddeds using the full updates works now. I have tested it myself now and we fixed one remaining problem with the serial console not doing autologin on bootup complete. Looks like FreeBSD 6.2 handles the WRAP bios much better than the older FreeBSD versions.
-
hi again
took a bit longer.
I Upgraded now to 1.2Beta1-Embedded.
since i got guite a lot of other configuration (VPN, etc) i took the old configuration and heven't done a new one. but the NAT problem persists. after around 60seconds, the NATed UDP connection is not visible anymore, nor is the phone ringing on a incomming call.
Setting to Optimations to Conservative didnt solved it neither.
how can this SIP rule be generated?
cheers
ps, i was lazy..i took another CF :)
-
I had the same issue while trying to receive incoming calls from my sip provider to my asterisk server which is nat'ed behind a pfsense box.
What resolved my issue was setting up my asterisk server to refresh it's connection to my sip provider every 10 sec in sip_nat.conf. "externrefresh=10" thus avoiding the expiration of the udp session which occurs every 30 to 60 seconds.
I think the same thing can be done with an ATA or VoIP telephone, by setting "Nat keep alive = yes" and "Use DNS SRV = yes"
Hope i was helpful.