Cant access voip in some countrys

General Help
1

hi all,

lets say theres a country that cant access your voip server, would it make a difference if i enable SIP TCP aswell as SIP UDP under chan_sip?

ive changed the port, instead of 5160 its 51160 and that works as i can connect to my voip server on my mobile on mobile data

edit - ive tried different ports but the other person still cant access my voip server, even if he tries t change transport type from UDP to TCP

i have seen you can install a vpn server on here

https://wiki.freepbx.org/display/PHON/VPN+Setup

would this work?

thanks,
rob

2

Sounds like the ISP might be blocking common ports for SIP? You’d likely have more success changing it to listen on a random higher port.

3

but isnt 51160 pretty high port and random, do i need to change both SIP UDP ie chan sip and aswell the rtp port ranges?

4

Maybe I misread, but your comment about changing the port makes it seem like it worked when you changed the port? Can you even ping the server?

5

it works when i change the chan sip port as on my mobile via mobile data NOT wifi i can connect to my freepbx fine

i also made it use tcp aswell and i can register via that aswell

just when my friend tries in egypt he cant register to my freepbx at all

6

Can your friend in Egypt ping the server

7

its behind my firewall, so its NATED, he can resolve my public ip when he pings

do you think thats the problem, its behind my firewall

8

This doesn’t necessarily mean he can ping you. Does he get responses from the ping?

It’s not likely a NAT issue if you are able to access it from other external networks and only he is having problems.

9

no response to ping as on my firewall ive disabled ping from WAN, actually opnsense is by default like this

10

So enable it and try again.

11

but it was already like this ie disabled from pinging from outside, sorry when i said i disabled it i havnt as it was by default off in the first place

12

I’m trying to ascertain whether or not Egypt network can even reach your network. Easiest way to do that is ICMP.

13

ok, i have enabled icmp on the wan address on my opnsense firewall

went on his home pc and i could ping my dns address and could get pings back

14

Run sngrep on the PBX and report what, if anything, appears when the extension in Egypt attempts to register. If nothing, check on the WAN interface of your OPNsense. If still nothing, describe the device and network setup at the remote end.

15

Thanks guys, I will get the person in Egypt to get me access to a pc so I can do some tests on it and get back to you

16

Egypt uses DPI and will block your SIP traffic no matter the port. It might work for a small time, then gets blocked. They can request a special exception from the Ministry of Communications, but VoIP is illegal in Egypt with the exception of in office. Your best bet is to get a VPN that works in Egypt, there are a couple. I have an employee in Cairo and its a bitch getting VoIP to work there, but can be done.

17

Could you please provide some details? I assume that you tried the obvious (OpenVPN client built into most IP phones with OpenVPN server included with FreePBX Distro) and it did not work, even with nonstandard ports. What issue did that have? Which VPN protocol did you end up using?

By saying “get” rather than “install”, do you mean that a commercial VPN service is required? If so, do you know why that works when the same server installed on the PBX (or at the PBX site) doesn’t? Is the commercial service somehow whitelisted, e.g. because they kick back a percentage to the ISP?

18

We used a VPN on the front side router before the phones. It’s a bit early in Egypt right now, I’ll ask tomorrow and get back to you as to which we’re using. I know you can google Egypt VPN VoIP and probably find one that works though. Yes - we tried OpenVPN and they know and block it.

19

FYI - what are you getting for bandwidth there? I think we paid a bit to even get an upgraded 5/1 package and I think that was like the max we could get.

20

Thanks for the update. A search showed solutions using SSTP on port 443. I assume that it will work with a local server and a commercial service is not required. Unfortunately, this or any similar solution involving tunneling RTP over anything TCP based will have voice quality issues if the network has significant packet loss. Do you have choppy voice or other significant impairments?