Asterisk Registration Timeout after upgrade to 2.1.3

shanejoel

I have manual oubound nat setup, everything was working before the upgrade. Now I cant get my sip trunk online and logs show the server timing out trying to connect. Looking at the sip provider, im not reaching by looking at their interface as well.

Looking at the pfsense states table, it looks like pfsense is re-writing ports again after I went through hell trying to simply get manual outbound working recently for the asterisk server. Ive restored from backup of a known good working pfsense config file, and there is no resolution with 2.1.3.

Anyone have any thoughts?

Thanks

shanejoel

Ive cleared the states table, saw the correct ports, but still not reaching the sip provider. Now its back to re-writing 5060 to odd numbered ports.

Great firewall, but Im probably going to have to roll back to the old release….

cmb

What version did you upgrade from? Though that's irrelevant if you're on manual outbound NAT. Automatic outbound NAT in relation to SIP changed to rewrite source ports between 1.2.3 and 2.0 release, as that's usually the desired behavior. There have never been any changes between releases affecting manual outbound NAT's behavior. None to automatic outbound NAT relevant to VoIP since 2.0 release.

Like many "after upgrade" issues, I think this is not because you upgraded, it's because you rebooted. In this case, that wiped your state table and applied your current outbound NAT config. It was correct at some point, the PBX established its registration then, and that state stayed active all the way until you rebooted. In the mean time, you changed your outbound NAT config in a way that broke the PBX, and didn't reset states (not that you should generally, just don't break your NAT config). Lost your states at reboot, PBX re-registers, has your current outbound NAT config applied potentially for the first time in many months or longer. I've seen VoIP states in circumstances like this that were active for months.

So don't bother downgrading, it definitely won't change anything.

Post your outbound NAT rules.

shanejoel

You're right, rolling back did nothing. I've had to throw my asus router at it, because I cant be down. I hate that, because pfsense is a much better firewall with amazing traffic shaping capability and much more. Any commercial router is a joke compared to pfsense. I upgraded from 2.1.2. Yes, I also dont understand why anything would change since it was on manual outbound nat.

However, the added capability seems to also add some complexity for sip in particular. I find with anything else in relation to pfsense, it just works.

I really want to offer pfsense to my customers in combination with freepbx. I have not yet been able to get the system working without intermittent inbound / outbound call problems. I should say that yes, Ive got it working, but test the number hours later and am met with dead air.

I dont have pfsense in front of me to currently look at , but manual outbound nat was for 5060 set as a static port (copied and edited per the auto generated rules for outbound nat). Is it required to port forward to the internal server as well? Firewall rules were (from any) to pass 5060, 1024, 4569 (fax) 10000-20000 RTP to 192.168.1.160. I note that RTP with pfsense starts at 5004 when choosing the drop down.

I appreciate your thoughts and help

Shane