SIP cannot pass through WAN
-
Hello,
The title cannot explain the situation, so here it is:
I have a multiWAN pfsense in the company's hq. I have installed some VoIP phones in a remote site. For the remote site I have a permit rule for WAN1 that permits their WAN IP to access one ERP server in our LAN.Is this firewall rule blocking any attempt to access anything else from their WAN to our WAN1? (their VoIP phones cannot access our VoIP server from WAN1 -which has the permit rule for ERP- only from WAN2.
Best regards
Kostas
-
Use Siproxd package. Lan is inbound interface WAN is outbound. All should work well then. Don't forget to add the UDP ports for RTP.
-
Thank you. But I have a multi-WAN environment. Is it going to work?
Best
Kostas
-
Are you saying your VoIP server is using your WAN2 for its IP trunk registrations to your service provider? Are you using an Asterisk based PBX? if so I may be wrong but your PBX will only work via one external NAT address so if your box is using WAN2 for its SIP trunks your phones should also register via the same WAN2.
Can you create an Open VPN between the two sites?
-
you can use firewall rules to route by destination. Works like a charm :)
-
Are you saying your VoIP server is using your WAN2 for its IP trunk registrations to your service provider? Are you using an Asterisk based PBX? if so I may be wrong but your PBX will only work via one external NAT address so if your box is using WAN2 for its SIP trunks your phones should also register via the same WAN2.
The PBX is Asterisk based, yes. VoIP server is connected directly to the ISP router for service provider trunking. SIP phones from outside can register fine via WAN2 but not via WAN1 (Virtual IP).
Can you create an Open VPN between the two sites?
Not yet, unfortunately.
@pkwong:you can use firewall rules to route by destination. Works like a charm :)
Can you please point me how to?
Best regards
Kostas
-
I still don't think you will get asterisk working with two wan's using SIP why don't you add a second asterisk box at the remote site and create an IAX2 trunk between the two PBX's or add another pfSense box and open VPN tunnel.
-
The issue is that is not working ONLY with the specific WAN, which is using virtual IPs, so I think it is a VIP issue.
Best
Kostas
-
It has nothing to do with virtual IPs. Asterisk has to be configured with the external IP (externip) and that can only be configured to one specific external IP. It won't work when the traffic is sent in/out via any other public IP (there are some exceptions but that's generally true for most uses).
-
@cmb:
It has nothing to do with virtual IPs. Asterisk has to be configured with the external IP (externip) and that can only be configured to one specific external IP. It won't work when the traffic is sent in/out via any other public IP (there are some exceptions but that's generally true for most uses).
True. But why it is working fine via WAN2 and not via the VIP of WAN1.
Best regards
Kostas
-
You can always modify the routing tables directly to force sip traffic out the proper gateway.
It seems that your rule order may not be correct.
Place the rule for sip (and set the proper gateway at the top) of the list for LAN outbound. This way, all requests will come back in through the proper gateway. Also, check your dynamic dns settings.
That could be causing the problem.
-
True. But why it is working fine via WAN2 and not via the VIP of WAN1.
What external ip did you configured on asterisk sip nat settings?
On 2.0.1 you have also the option to use static port on outbound nat. This config reduces rtp issues.
-
Thank you. I will post screenshots of my rules later and a diagram of my problem.
Best regards
Kostas
