VOIP and NAT questions

  • Hi All,

    Hoping someone can shed some light here. I have the following VOIP flow:  [SIP Client]–-[Asterisk]–-[pfSense LAN]–-[pfSense WAN]–-[VOIP Provider].

    I have my asterisk SIP settings defined with my static public IP. Outbound calls work absolutely fine but I had problems with inbound. Initially I had port forwaded UDP port 5060 to Asterisk LAN IP address as well as UDP port 10000-20000 for the RTP. I could see in the WAN packet capture the inbound SIP INVITE as well as the firewall logs saying the message went to Asterisk LAN IP. However, in the LAN packet capture I could never see the packet leaving the interface.

    I now have this working with pfS 2.0.1 after enabling Manual Outbound NAT with Static Port. I have deleted the port forward. I would like to know the following three things:

    1. Why was the inbound SIP packet not leaving the LAN interface?
    2. Why is my scenario now working even without port forwarding SIP or RTP?
    3. What if I want to register a remote device from the internet?

  • I don't have the answers to your questions, sorry.

    But I have a very similar problem and my setup is almost identical, I can get SIP and RTP working without issue on one VoIP carrier but another carrier I don't get any inbound RTP, they can be seen in the pcap from the WAN interface but they never exit the LAN interface.  Checking the SIP packets and the ports used for RTP that are defined they fit within the NAT'ed and allows range of ports, there is no message of dropped packets in the firewall logs.

    It seems like the inbound RTP packets just get lost in the kernel or something like that, I though it might have been just my hardware or setup, but I tried it on a fresh install on server hardware at work and had the same issue.  I did an install of OpenBSD with a similar ruleset and the problem didn't exist anymore, so it doesn't seem to be a hardware issue but something specific to pfSense or the FreeBSD kernel.

    I have tried manual outbound NAT, changing many tuning parameters but nothing seems to work.

    I'm not sure how I can troubleshoot this issue further but there ceratinly seems to be something wrong with pfSense in this regard.

Log in to reply