Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Asterisk SIP - CARP IP with 1 to 1 NAT presenting internal 10.0.0.x IP to carrie

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      FuriouS
      last edited by

      I have been on this for a while without success. I did searches and found no help for someone in a similar configuration.

      We have a multi WAN setup with two blocks of IPs.
      Each pfsense firewall has an IP in each block to allow CARP of both blocks between them
      pfsense-a handles one block of ips, pfsense-b handles the other. ( I dind't set this, it just seemed to split it up for me)

      When only have 1 way audio and no DTFM when calling out to our SIP provider. I have called the SIP provider and they claim the IP they receive is 10.0.0.x, which they can't route back to us. How is it possible that the internal IP of my asterisk server is routed out the WAN to the SIP carrier as the proper return path?

      Any help offered is appreciated. I don't want to run siproxd, direct 1 to 1 nat to the asterisk server is preferred.

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        They probably mean that your PBX is sending the 10.x.x.x IP in its VIA headers in the SIP packets. The firewall doesn't touch those, they're set by your PBX. Setup your NAT settings + local net definitions in your PBX and it will probably work.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • F Offline
          FuriouS
          last edited by

          I have reconfigured the Asterisk server to include both "externip" and "fromdomain" values, this did not make a difference.

          I think the issue is with pfsense and how it's handling the 1:1 NAT. In the states table I see the following.

          SIPProviderIPAddress:5060 <- InternalIPAddress:5060
          InternalIPAddress:5060 -> CARPIPAddress:5060 -> SIPProviderIPAddress:5060

          I suspect that the CARP not being seen in the state for both directions of traffic is the issue here. Is there a way to force all traffic using the CARP IP to use that IP in both directions and have it shows in the states?

          The other item that may be an issue is the Single:Multple and Multple:Single under the "state" column. If I can sort out how pfsense is delivering a class C IP to the SIP provider and get it to send the CARP IP I want to use I believe this SIP / Asterisk setup will work without siproxyd.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.