I’ve been working on this setup for a few days now, but have hit a wall with my setup. I’m sure its NAT, but I can’t find where.
2 problems:
All outbound calling works, 2-way sound, from site where FreePBX box resides with any of my IP phones, but when I try calling from my OpenVPN off site location, I only get 1 way audio.
No inbound calls get through, they all stall apparently, as I get Verizon or whomever’s this number is not connected prompt. I’m using SIPStation for my trunk, so the setup should have been good to go. The DID are all mapped to someplace in my phone system.
The setup:
2 sites, both with latest build of Pfsense routers, connected via OpenVPN UDP or TCP tunnel. Network is Comcast Business, via 50/10 so bandwidth shouldn’t be an issue.
FreePBX is setup on a Hyper-V VM and is performing as expected.
Pfsense has NAT opened for RTP and SIP ports, on both routers, and FreePBX is configured to be NAT aware and has both sites IP subnets. Pfsense outbound NAT is configured to static ports; on both routers as well.
Pfsense at offsite location has siproxy package installed and configured as well.
1 - Don’t use the SIP proxy unless you know how to configure it. The Proxy would have to register with SIP Station then the FreePBX to the proxy. Some proxies can be transparent but Asterisk still has to know it’s the next SIP hop.
2 - VPN tunnels should not need NAT unless the address ranges overlap at the two offices and that is a disaster waiting to happen.
3 - Only your trunks need NAT, both VPN and local phones are local from a layer 2/3 perspective to Asterisk/FreePBX
Sorry, for the confusion. SIP Proxy is not enabled, in fact it caused more problems then fixed when I tried it (per a guide I found on Pfsense).
Agreed on the tunnels and the NAT. I fixed this and we’re good to go now, think I needed the static port mapping on both outbounds for both routers, because the issue went away when I enabled it.
Basically the lone, and biggest issue is none of the inbound calls are coming in. They hit a wall somewhere that I can’t find. According to the SIP Station module everything is ready/registered, and the firewall test is good. But when I call the numbers from SIP, the calls don’t ring to anything other than a Verizon message “number does not exist”. In FreePBX, the trunks are setup by the module, and the DID numbers show, and are in turn mapped to IVR and announcements, I’ve also tested with just killing the all to unlimited hold music, no connection. I reached out to SIP Station, but I just get a reply “Your registered on your end, must be your firewall” and then pointed to a generic troubleshooting guide.
Routers are all Pfsense, I have them configured with 5060, 10001-10100 open and mapped. I have Outbound configured, with Static true. I’ve changed advanced settings on the NAT to conservative. I don’t doubt the NAT is blocking something, but what and where is what I just can’t find for some reason.
I’ve identified the problem, but not quite sure how to address it finally. Internals are good to go and working, but the FreePBX server is still not receiving any of the inbound invites. I’ve managed to clean up the Pfsense nat to where no port forwarding is on (i’ve tried with 5060 fordwarded and not forwarded both) and all my call are going out. No proxy on. NAT outbounds are configured with static port. I ran tcpdumps per the FreePBX Troubleshooting guide, and then scanned the raw file as well as using Wireshark, nowhere is there an invite from when I call in. Any thoughts where I could look?
Skyking, thanks.
I ran a tcpdump on the pbx box as well as a packet sniff on the pfsense box, turned them on and called in. Pfsense sees the packets come across, but then nothing is routing to the PBX box as far as I can tell (using wireshark) as there was no invites on the PBX side.
I keep tinkering with the NAT settings to fine tune and such, open, closed, etc. but I haven’t found the right combo or something.
Here are the nat rules; currently disabled, but were enabled this morning. Sipstation trunks aren’t registering since Friday and I’ve been busy on other projects. I did order a dedicated machine for this build to transition to from the HyperV image which could help. Starting to think the HyperV is hindering this project.
Found the cause. Firewall was good to go, but at some point the FreePBX box was bound to the external IP and not left 0.0.0.0 So it wasn’t listening on the correct network IP. Thanks for the help.
