Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SIP trouble

    Scheduled Pinned Locked Moved NAT
    11 Posts 5 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fraglord
      last edited by

      hello guys,
      unfortunately having lot of trouble here to get my phones (Snom 320 and various softphones) in my LAN behind pfsense working. They register without problem on sip server (public IP / WAN side). Incoming calls don't get through at all and outbound calls can be established but no audio at all. How to solve this problem?

      pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        I have never had any issues with SIP phones behind pfsense.  Only sip servers. 
        Do you have strange firewall rules or several layers of NAT?

        1 Reply Last reply Reply Quote 0
        • F
          fraglord
          last edited by

          No not at all. My setup looks like this:  cablemodem –> pfSense --> LAN
          The IP phones register on the SIP server (public IP) without problem but then calling is not possible. Maybe need to set some firewall / nat rules? But I have no clue which.

          pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            Well - Is it possible that there is some less than amazing NAT at the server side?

            The only other thing I can advise is to go to firewall > NAT > outbound NAT and put a rule there at the top to make SIP static port on port 5060 and 5061.

            You can use "hybrid outbound NAT" so that its mostly automatic except the rule you add.

            (BTW - I'm running strictly manual outbound NAT.  I tried hybrid outbound NAT but saw that it was adding alot of entries for my HEIPV6 interface that I didn't want, need or like)

            1 Reply Last reply Reply Quote 0
            • F
              fraglord
              last edited by

              I have set up a rule according to it:
              Inteface: WAN
              Source: any / 5060
              Destination: any / 5060
              Translation: Interface address + static-port

              still no luck

              pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

              1 Reply Last reply Reply Quote 0
              • K
                kejianshi
                last edited by

                Their SIP service may be the issue.  Try it with a different free sip service and see if you have same issue.  I have tons of phones running behind pfsense.

                1 Reply Last reply Reply Quote 0
                • O
                  Ofloo
                  last edited by

                  Do you get a routeable IPv4 from your cable modem?

                  1 Reply Last reply Reply Quote 0
                  • chpalmerC
                    chpalmer
                    last edited by

                    Try and make a call and watch your firewall logs.  You may be getting RTP from a different server than your SIP registration and in that case it is usually blocked by the firewall.

                    Building firewall rules to allow RTP may be needed.  (I don't believe you want static port with multiple VOIP clients all using 5060-5061.)

                    With multiple VOIP instances on your LAN Id recommend the SIProxd package.  Then you build the firewall rules to point at your WAN address.

                    And as ofloo asked, you really do want your WAN to have your public IP address if you use SIProxd.

                    Triggering snowflakes one by one..
                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                    1 Reply Last reply Reply Quote 0
                    • F
                      fraglord
                      last edited by

                      Well let me give you some late preface about what I am trying to do. My cablemodem ist actually this router that hosts many services. It is provisioned by my ISP with a configuration (that I cannot change) to act as a cable modem / eRouter with a software pbx (registrar) and base station for cordless phones (that's how I do my calls atm). My phone numbers are already registered in it. NAT, firewall etc. is disabled on this device so it basically acts as a cable modem with a fixed public IP and requires me to run my own router behind it with a static IP on it's WAN side which is a pfsense box. Here is some info about it: http://www.unitymediabusiness.de/produkte-internet-telefon-hardware.html#tab-3
                      All phones on my LAN suposed to use the "cablemodem" as registrar. I managed to extract some info from it's configuration file that might help:

                      voip_forwardrules = "udp 0.0.0.0:5060 0.0.0.0:5060",
                                                  "tcp 0.0.0.0:5060 0.0.0.0:5060",
                                                  "udp 0.0.0.0:7078+32 0.0.0.0:7078";
                              tr069_forwardrules = "tcp 0.0.0.0:8089 0.0.0.0:8089";
                              voip_ip6_forwardrules = "udp 5060,7078-7110", "tcp 5060";
                              tr069_ip6_forwardrules = "tcp 8089";

                      This cannot be changed tho.
                      I have set up siproxd according to this document and used the ports mentioned above (SIP 5060, RTP 7078-7110). The phones show up in siproxd correctly under "registered devices". They are registered on "my provider's device" also without error. But still trouble with calling: outbound calls get through but not audio. Inbound calls not get through at all. Unfortunately I am not that skilled to do the firewall troubleshooting :(

                      siproxd.jpg
                      siproxd.jpg_thumb

                      pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        SMH

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • O
                          Ofloo
                          last edited by

                          ssh into your pfsense and run

                          tcpdump -nN -i <wan></wan>
                          

                          See if the traffic arrives, .. then check the firewall logs, .. If that's all ok check if it leaves the lan with tcpdump

                          tcpdump -nN -i <lan></lan>
                          

                          then check the pbx or sip client, ..

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.