FreePBX and cg-NAT

Those who have cg-NAT home or office Internet, how do you get to work not knowing upstream public IP?

I’m not sure what you are asking.

If you just have endpoints (IP phones, softphones, etc.) behind CGNAT, registering to Asterisk on a public IP, you should have no trouble, since Asterisk handles the NAT traversal. If your registration is unstable, try setting a short expiry, e.g. 120 seconds, and/or using the device’s keepalive function.

If you want to run a PBX behind CGNAT, I normally would not recommend it and suggest setting up your system in the cloud. Even if you solve the basic issues, behind CGNAT you won’t be able to have any external extensions, and remote administration would require an external device and service.

However, you may have a good reason for an on-site PBX. For example, you have POTS lines and/or a cellular gateway, and want to be able to make emergency calls during an internet outage. If all your trunking resources are local, CGNAT is not a problem, since the internet connection is just for software updates, etc.

If you need an on-site PBX but also want SIP trunks, get a trunking provider that does NAT traversal at their end. For US or Canada, consider Callcentric, or Anveo.

If I haven’t covered your situation, please describe in detail, including what country the system is in, who is the ISP, and what kind(s) of trunks you will have.

Thank you for responding…the above is my situation. What about having a private cloud on- site? My research seems to be leading me that way with the help of a off-site VPS.
Trying the dual-stack creates a force attack against a strong IPv6 mental resistance and my brain would lose in the short term as it takes time to be comfortable enough to implement IPv6 with IPv4.

My implementation of of FreePBX had met with a war with the cable ISP because I pointed out their greed, dishonesty, and had to take that carrier to court and after the cable doesn’t want to deal with me. So, until I move, the only choice for the Internet is T-Mobile 5G home Internet.

Unfortunately, there are credible posts about T-Mo home internet being more restrictive for VoIP than T-Mo mobile service.

Before setting up a PBX, I suggest testing the endpoints you wish to use, connecting directly to a trunking provider that handles NAT traversal. Several offer sufficient functionality with an unfunded account (or with free-trial credit) to test for two-way audio without making a payment.

If the tests succeed, hosting the PBX on a VPS is all you need. I recommend Vultr or similar rather than (for example) AWS or GCP, because you can simply install the FreePBX Distro .iso file and run it.

If they fail, one option is connecting to the cloud PBX via VPN, either per-device or with a site-to-site VPN client on your end. Or, running the PBX on-site, connecting to a VPN server in the cloud to handle trunking and external extensions.

The only way we have ever done this with cgnat providers is via a VPN.

If you are using T-Mobile 5G Home Internet then you are not dealing with CGNAT, you are dealing with 464XLAT.

IPv6 isn’t so bad but to use it with FreePBX requires light hacking so it is probably not worth it for you if you’re starting from zero knowledge on IPv6.

I have a TMo 5G setup and run Wireguard over it for VPN and that works great.

Yes, but I’m pretty sure that’s also true when using T-Mo on a cell phone. On the latter platform, Groundwire, Zoiper and GS Wave all work fine. So it seems likely that the home router has either a bug or an intentional restriction related to VoIP.

Here is what said: “The SIP request would come from a public IP address and port assigned to your modem from the ISP side. There’s no issue when using cg-NAT with our service as most of our residential internet users are behind a cg-NAT.”

So, there is conflicting info…I shall make some changes to my T-Mobile account (this is not about the home iInternet service) before I actually test. Thanks for the responses.

Your big problem is that any SIP device that can take incoming calls is a server and the sort of consumer grade connection you are using is only designed to cope with information consumers, where the consumer always sets up activities, and these are short duration (e.g request a web page and get the corresponding page back).

In that situation, you need to put FreePBX on the real internet, or at least in an environment where NAT is minimal, and translations are stable. That means you really need to put FreePBX in the cloud. Even then you may have problems with phone registration addresses being unstable (or as I think is happening with someone on the Asterisk forum, problems handling one way media streams - their one way stream is video, which prevent Asterisk learning the true media address).

WebRTC has a lot of features designed to cope with such environments, but is reportedly a moving target and requires a wide range of technical knowledge to debug, when things go wrong. However, WebRTC to a PBX in the cloud may be the only relatively stable solution.

You’re not making it easy for community support this way!

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.