AWS EC2 Hosted FreePBX Distro call issues

Hi all, I recently installed FreePBX Distro 10.13.66 on VirtualBox, and successfully imported it into AWS EC2 using Amazon’s import guide.

  • The first issue I found that wasn’t mentioned anywhere was that after starting the instance, the “lo” loopback adapter is always off. I had to make it re-enable it and make it activate on boot for the MySQL server to work again. After that I only needed to do a Zend reset and then the FreePBX Distro instance was up and running with no error notifications.

  • Next I made a SipStation account and made an extension to register to it. I got Zoiper Softphone on my Android and made a call to an external number. It makes and receives calls, but no audio on either end.

  • I made another extension with no trunk assigned. I used my Zoiper smartphone and then set up the Zoiper smartphone on my laptop. So, I used one Zoiper extension to call the other. In this case I only get one-way audio, and only the smartphone can call the PC, not the other way around, even though they’re on the same subnet.

  • I’ve tried completely turning the Sangoma firewall off for a few minutes, I’ve tried setting the instance to an EC2 Security Group with all inbound/outbound traffic on all ports allowed, neither of these changes the results I’m getting.

  • Our own network and laptops have no firewalls, just a Peplink router doing NAT with basic DDoS protection.

  • I created a “Peplink FusionHub” instance alongside the FreePBX instance, which is a software router which lets our physical Peplink router create a dual-ISP VPN into the Amazon subnet. So, I can access the FreePBX instance with both the Amazon public IP, and directly at it’s internal IP. I can register the softphones with both methods, but the no-audio and one-way audio behavior is the same.

Not looking forward to busting out Wireshark and going end-to-end on this thing to find the issue; does anyone have any quick insights first? Does anyone besides me on the forum actually run off Amazon EC2?

Thanks for the help!

Furthering my process of elimination, I just took two Android smartphones, both on T-Mobile data with the WiFi disabled, installed the Zoiper softphone, registered them successfully to the FreePBX EC2 public IP as extensions 1234 and 1235, and I can call each other with them, but no audio on either side. Both are showing that they’re sending packets and receiving no packets.

So, I guess that eliminates my entire office network and the SIPStation trunk as possible sources of the issue?

I also noticed I’ve been creating all the extensions as Chan_SIP (5061), so I made two more extensions as Chan_PJSIP (5060) and registered two Polycom IP 335 phones on my network to those extensions. Same thing, they can call each other but again no audio.

settings > Asterisk SIP Settings > NAT Settings.

click on Detect Network Settings.

next go to chn-pjsip tab and fill in the external IP and local network down below.

I finally got it working, but it wasn’t the NAT settings; I didn’t have to touch those. There were two other issues:

  • Since I was hosting off Amazon, the “fail2ban” was actually jailing both my on-premesis WAN IPs. I don’t know if it was a phone with the wrong password trying to get in, or just that I was running non-stop 1 second pings as I was troubleshooting, but when I stopped the fail2ban-client service the pings instantly started going through again.

  • This is the really weird one, I still couldn’t get the call audio to work when I had the Sangoma firewall completely off, but when I turned it on and set all my on-prem WAN IPs to “trusted”, then rebooted, that’s about when it all started working.

It’s pretty disturbing to me that I can’t pin down exactly what it was; for all I know the issue could reappear when I put it into production if I don’t figure out exactly what caused the no-audio. All I know for sure is that the issues were all entirely within the FreePBX firewall/zones/fail2ban/iptables, the Amazon network and my own network weren’t blocking anything.

I’ll read up more on the firewall documentation. Is the “Smart Firewall”, “fail2ban” and “iptables” the only three components within FreePBX Distro I should be looking at, or is there anything else I should check into?

can you share the steps how did you re-enable the loopback adaptor and activate it on boot?

Sangoma firewall does not block audio ports. i gave it a try in Amazon and i am having the same issue as you. My previous image is on version 10.13.66-6 and i do not have such issue with missing loopback config file.

nat settings does not help. i did fwconsole restart and it fix the audio issues. turn back firewall and it’s still working.

Sure thing, you log into the SSH terminal, then:

Create a new network adapter config file for loopback with this command:

“vi /etc/sysconfig/network-scripts/ifcfg-lo”

Then, enter this into the text file:


Then reboot the system and it’ll turn on each time.

1 Like

I just ran into a really strange new firewall issue. I still have FreePBX on Amazon EC2, and so far in the testing phase I’ve been relying on the FreePBX Firewall, but I just decided to clamp down more on the Amazon “Security Groups” (a firewall / ACL) as well.

I have extensions 1001, 1002, and 1003. Phone 1001 is registered to the public IP of the Amazon instance, while 1002 and 1003 are taking a VPN in to register with the internal IP of the instance.

When I’m allowing all incoming traffic to the FreePBX via Amazon Security Groups, all phones ring each other and sound fine.

Then I set ports 5060/5061 and 10000-20000 on Amazon to only be accepted when incoming from the VPN. Now when extension 1003 calls extension 1001, 1001 rings correctly and sounds fine, but when I call extension 1002, extension 1001 rings instead! I even doublechecked on 1003, and it says it’s dialing “[email protected][VPN IP]” but extension 1001 rings. As soon as I open Amazon to all traffic, the 1003 extension instantly resumes ringing the correct phones.

How would not having the right incoming ports open to the FreePBX Amazon instance affect it’s ability to tell which extension is which back on our premises side? This is both annoying and fascinating at the same time.