Interesting occasional VoIP failure issue.



  • Hello!

    I'm using a firewall appliance I purchased through Netgate, claimed to be the first ever pfSense certified device! (FW-7541)

    Typically, the pfSense appliances we install run smooth and well. It's my personal favorite for selling to customers.

    Anyway, with this device I'm encountering a strange issue. Calls work fine both ways 99% of the time, but 1% of the time pfSense is somehow eating some packets.

    Once in a while, for a few minutes at a time, we get packet captures like this:
    us > carrier INVITE XXXXXXXXXX
    carrier > us Trying
    us > carrier INVITE XXXXXXXXXX
    carrier > us Ringing
    us > carrier INVITE XXXXXXXXXX
    carrier > us Ringing
    us > carrier INVITE XXXXXXXXXX
    carrier > us Ringing
    us > carrier INVITE XXXXXXXXXX
    carrier > us Ringing
    us > carrier INVITE XXXXXXXXXX
    carrier > us Session Progress
    carrier > us Session Progress
    carrier > us Session Progress
    carrier > us 500 Internal Server Error
    carrier > us 500 Internal Server Error
    carrier > us 500 Internal Server Error
    carrier > us 500 Internal Server Error
    carrier > us 500 Internal Server Error
    carrier > us 500 Internal Server Error
    carrier > us 504 Server Time-out
    carrier > us 504 Server Time-out
    carrier > us 504 Server Time-out
    carrier > us 504 Server Time-out
    carrier > us 504 Server Time-out
    carrier > us 504 Server Time-out

    If I run a capture on the PBX, it never receives the responses from our carrier. Hence the multiple invites to the same number going out.

    What would cause pfSense to eat the packets only some of the time, and seemingly fix itself and break again later on?

    I've already been through the VoIP FAQs, and those problems either didn't apply (fixes for 1-way audio, etc), or they didn't help (changing to conservative, for example).

    I should also note this only seems to be happened on OUTBOUND calls. Inbound seems to be fine, leading me to believe it's a NAT issue of some sort. I do already have port forwarding of all 5060 traffic into the PBX, so it seems ANYTHING coming in on that port should reach the phone system, regardless of stream/session/etc.

    Any help with this one would be greatly appreciated.



  • Have you checked your state table to see if it's filling up too quickly?


Locked