IAX2 and PF Sense weirdness
Trying to get an Asterisk IAX2 trunk up and rnning between home and office. We have at the office a PFsense 2.0.2 RC3 box which has done everything we've asked of it for about a year now. At home I have a Linksys E3000.
Now, the PBX at the office, can route out, through the PFsense, through a port forward on the Linksys and then to the PBX at home. This bit works a treat. Simple port forward for UDP port 4569. I can call from the phones at the office to my PC and my partners PC.
The other way round its all a bit weird. The trunk never comes up from home to the office, showing as unreachable. I've created a temporary tunnel and verified that the exchanges can actually use the credentials they have and theres no problems there. I've done some deeper digging and discovered the following.
Office to home, the PBX at the shop queries the PBX here, that responds and all is well. UDP packets apear everywhere they should do and I can trace every step of the journey with TCP Dump.
Home to offie the packets are seen on the PBX at home, the linksys router, the WAN side of the PFsense and the firewall rule fires and shows up in the logs as having done so but thats it. Nothing ever makes it onto the lan.
The NAT rule looks like :
WAN TCP/UDP * * WAN address 4569 192.168.1.2 4569 IAX2
TCP/UDP * * 192.168.1.2 4569 * none NAT IAX2
Its not locked down at the moment, I'm aware of this.
The packets show as forwarded in the logs but I get nothing leaving the PFsense on packet capture on the LAN interface except sessions initiated by the office PBX, the 'poke' requests from the home PBX just 'go away' :(
Done some more digging today including writing my own port forward tester. The long and short is I can forward TCP till my hearts content, I cant however get an UDP packets forwarded through, nothing at all, not a sausage.
I have dozens of similar configurations and the trunks work perfectly.
At the beginning i had many problems with Asterisk and Pfsense (both SIP UDP and IAX UDP), but i have solved setting manual outbound nat (AON).
Then you configure a rule with source IP address of you PBX and static-port enabled.
For some reason unknown to me, also on some locations i had to change the Firewall Optimization Options (in System -> Advanced -> Firewall / NAT) from conservative to normal.
I totally forgot about this.
The providers system was busted. Junked them and went with another provider and it all went away. Not sure how it was busted, just was.