Portforward and Firewall Not Working With Elastix SIP Trunking



  • Hello people, It's my first time here.

    I'm having issues with my Elastix PBX installation behind my pfSense 2.1.5 (upgraded from 2.1.4).

    I have a SIP Trunking service from a website named "sip.us". I've already configured my first extension for testing, and it's connecting to the PBX, but with only have one-way audio. Can't hear incoming audio.

    The SIP Trunking service has a module for easy trunk configuration and it has a FIREWALL CHECK tool that I can use.

    I used the firewall checking tool that came with the module, and it is reporting that it can't go through port 10000. I've already portforwarded the necessary ports (SIP and RTP port range) but still does not work.

    I've tried to use it my dd-wrt router and it worked, but that's just for troubleshooting. I'd like to use pfSense in my production.

    Any hint on how to fix the issue?

    UPDATE:

    Inbound and Outbound Calls now works.

    I've setup an Outbound NAT with static port checked, under the Firewall > NAT > Outbound

    I don't know why setup the Outbound NAT to make incoming calls working with my SIP trunk.

    Another Problem:

    My port forward settings does not work if my external public IP does not match with my WAN IP detected by pfSense. I'm on a dynamic IP subscription.

    I've tested this many times and easily reproduced on my side.

    This one does not work:

    This one works:



  • UPDATE:

    Just to update my own post, the issue have been resolved. I've change the Destination address to "any". I've been using the server's IP address all along.



  • I've always been able to get a SIP trunk to work.  Also get sip phone to work as long as the phone was behind pfsense with the asterisk server.

    Never had any luck at all to get a SIP phone that was outside the network to work well with asterisk behind pfsense.



  • Got another problem.

    The one I resolved was on a VirtualBox.

    Now, I've setup another instance of Elastix on a physical machine. I've turned off the Elastix VM and switched on the Physical Machine. I used the same port-forwarding config with the physical machine, because I used the same IP address as with the VM.

    Problem is, it wont make an outbound or inbound call.



  • Set your sip ports to "static".

    For me, that was 5060 and 5061 at a minimum.

    Probably the entire range you might use for sip should be static port.

    Thats done in manual outbound NAT.

    Its possible you have other issues, but that one for sure was required for me.



  • I'm not really sure what you mean by "static ports".

    My problem now is the inbound call. Outbound is now working, I didn't setup additional settings, just the portforward of 5060 and 10000-20000.

    Inbound call is working with my dd-wrt, but not with pfsense 2.1.4.



  • https://doc.pfsense.org/index.php/VoIP_Configuration

    https://doc.pfsense.org/index.php/Static_Port

    2nd link is more useful

    backup config before you set up manual outbound nat

    I'd select the entire range used for voip, 10000-20000 +5060 an 5061.



  • Thanks for the links.

    I've been a pfSense users for a couple of years now, and I don't really asks question in forum nor ready the documents. I was used of jumping right in and tinker with the settings.

    But this time, I can' really make this to work. Gonna make some readings from the links you posted. Will make an update if I got some progress.

    Thanks!



  • I was also using a DDWRT router before and it also worked fine.  Then switched to pfsense and had same issue.

    Manual outbound NAT and Static port fixed it for me.  Hope for you also.



  • UPDATE:

    I haven't implemented the OUTBOUND NAT yet, but outgoing calls within my network and out to internet is working.

    Problem now is the incoming calls. Already tested my SIP trunk settings and I know it's working because I've tried it with DD-WRT.

    But when I change to pfSense, that's where the problem happens, no more inbound calls. Though portforwards are already set.



  • UPDATE:

    Incoming/Inbound Calling finally works!

    I don't know exactly what's the connection of setting up the Outbound NAT to make the Inbound call works. But it's now working. I've setup a manual outbound NAT with static port, cleared the state and it worked.

    BUT

    One more problem is…

    My port forwarding settings does not work when my ISP issued me an IP address that does not match my external public IP address.

    It does not work if pfSense detects my WAN IP address that it does not match my external public IP address. If the WAN IP address shown in my pfSense dashboard does not match my public IP address, port forwarding does not work.

    I don't know really what is happening, I'm not a networking expert.



  • Under what circumstances would you have a public IP issued to you that doesn't match whats on your dashboard?

    I think its less a problem of port forward not working and more a problem of SIP not working when it doesn't know its NAT state / public IP.

    If your external IPs are changing very very rapidly, you need to make asterisks recheck its IP often I guess.

    Asterisks is set up in sip settings as having dynamic IP right?

    http://www.smartvox.co.uk/astfaq_configbehindnat.htm

    look at externrefresh carefully….

    Using freepbx as example, near very bottom there is a place where you can enter "Other SIP Setings"

    Never needed to, but I suppose you could enter externrefresh = 60      (or whatever value makes you happy)

    Results may vary.  I've never had to do this.



  • About my WAN IP. Take a look at it below.

    This one does not work:

    This one works:



  • Yes - But you are now having a pure asterisk problem and not a pfsense problem.

    When it does that, type in "whats my ip" in a web browser to find which of those is correct, pfsense or asterisk.

    Then let me know.