Routing iax-protocol (udp port 4569) not working

karls

Hi,
I have problems with a pfsense-box routing iax-traffic (UDP port 4569). Our company has a central office and eight branch-offices. At the branch-offices we use pfsense as firewall and VPN endpoints (openVPN). At seven offices this works fine, but at one I have an issue.

Branch:

Telephone network 192.168.74.0/24

Asterisk-server 192.168.74.4

central-office:

Telephone network 192.168.24.0/24

Asterisk-server 192.168.24.4

My pfsense at the branch-office:

em1 192.168.74.1

ovpnc1 192.168.251.70

em4 93.83.xxx.yyy      Internet

The network looks like

Asterisk-server branch

192.168.74.4

|

|

192.168.74.1

pfsense branch  - - - Internet

192.168.251.70 ovpnc1

|

|

192.168.251.71

router at central

192.168.24.1

|

|

192.168.24.4

Asterisk-server central

I need a iax-connection between the two Asterisk-servers. Iax uses UDP port 4569. ICMP- connections between the servers work. I can get time from server 192.168.24.4, using NTP (UDP port 123). I can traceroute from one server to the other using traceroute -U -p 4569 192.168…...

But I dont get a iax-connection.

Every 20s the servers try to connect. I can see packets from the central-office at the VPN-Interface at the branch, but they dont get routed. Packets from the branch-server reach interface em1, but are not routed to ovpnc1, but to em4 (masqueraded to address 93.83.xxx.yyy)!

My routing table:
    Destination        Gateway            Flags    Refs      Use  Netif Expire
    default            93.83.252.93      UGS        0  2273458    em4
    10.10.3.0/24      192.168.251.71    UGS        0        0 ovpnc1
    93.83.252.92/30    link#5            U          0    85179    em4
    93.83.252.94      link#5            UHS        0        0    lo0
    127.0.0.1          link#7            UH          0      552    lo0
    192.168.0.0/16    192.168.251.71    UGS        1  166089 ovpnc1
    192.168.24.0/24    192.168.251.71    UGS        0    2556 ovpnc1
    192.168.70.0/24    link#6            U          0 154097906    em5
    192.168.70.1      link#6            UHS        0        0    lo0
    192.168.71.0/24    link#1            U          0 512824632    em0
    192.168.71.1      link#1            UHS        0        0    lo0
    192.168.72.0/24    link#3            U          0        0    em2
    192.168.72.1      link#3            UHS        0        0    lo0
    192.168.74.0/24    link#2            U          0    20264    em1
    192.168.74.1      link#2            UHS        0        0    lo0
    192.168.251.70    link#11            UHS        0        4    lo0
    192.168.251.71    link#11            UH          0        3 ovpnc1

My firewall-rules
see attachments

I have a rule to allow TCP and UDP-traffic from any port any to the Asterisk-server at central-office with dport 4569 on the telephony-interface em1.

On the VPN-Interface ovpnc1 I have a rule all udp-traffic from Asterisk at central to Asterisk at branch on any port.

All other traffic through the tunnel works fine.

So, the pfsense-box at the branch does not route iax-traffic correctly :-((

I have no idea and would be very glad to get some help.

Regards, Karl