Hello,
I’m writing this because it took me a lot of work to find this solution.
I had my reasons but for a special reason I had to remove my DD-WRT based router which has handling my NAT/Firewall/Gateway at my place and it was amazing for handling the VoIP.
After removing it I found that Linksys “Business Class” routers dropped my RDP over any kind of VPN (a valid bug they refuse to fix) and that the SMC Baracade line of routers blocked SIP and RTP traffic by default).
So eventually I put up a mini-tower running pfsense and of course ran into a number of problems with getting FreePBX to work with it. So here is what you need to do to reproduce my success with pfsense and FreePBX.
First off here were the key trunk settings:
qualify=yes
insecure=invite,port
nat=no
canreinvite=no
Then make sure you have the module ‘Asterisk SIP Settings’ installed and configure these ones this way:
NAT=yes
IP Configuration= (not public IP, pick one of the other 2 depending on if your FreePBX has a DHCP or static IP)
External IP= I used the WAN IP my ISP assigned me.
Local Network= (Click the ‘auto configure’ button.)
Reinvite Behavior= No
Make sure to configure your RTP ports if you have any special needs. You can do this by editing the following file:
/etc/asterisk/rtp.conf
Now the rest is an issue with pfsense.
First off make sure to NOT create any NAT or Rules entries for your SIP or RTP traffic. That is a mistake.
Second do not install the package ‘siproxd’ as this won’t help pfsense blocking you.
Go to ‘Firewall:NAT:Outbound’ and change to “Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))” and click ‘Save’.
You will now have a rule you have to edit. So click to edit that rule and check off the ‘static port’ check box and save the rule.
Now under ‘System:Advanced’ find ‘Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.’ and check that one also and save.
Now one last step. Click ‘Status:System’ and then click ‘Show States’.
Now click ‘Reset States’ at the top and click the ‘Reset’ button.
Your browser should now look like it’s hung on processing the page. Just click on the ‘States’ tab at the top again and you should see the list is very short.
Now WAIT… wait again… wait some more… wait about 5 minutes for every connection in your network to renew. Anything you had open will be cut off for a few seconds.
Now if you check and your FreePBX trunk is registered again/still then try calling it.
For the record my symptoms were that I could call out just fine but if anyone tried to call me I could not hear them at all and after exactly 30 seconds the call would be cut. The Asterisk Log just showed that it found no RTP traffic and the people in the IRC chat had no clue why it was cutting off.