freePBX not able to register remote extensions over WAN


I am running a local FreePBX server in proxmox without any trunks.
Using dynamic public IP with DDNS.
No Trunk is setup.

I am able to register extensions with soft phone apps like GS wave lite over lan (local network) and make calls internally but the same is not possible over internet (ie phone having LTE connection when tries to reach PBX server there is no activity in asterisk console).Also GS wave does not show any debug info…only a message that “unable to connect”.
i am able to ping SIP domain server (my public IP) on the phone over LTE.
Also if i am in local network over wifi i am able to register extension using domain name.
So my best guess is that there is some firewall issue either in pfsense or in freepbx.

Please suggest any modifications to pfsense and/or freePBX to enable this.
Have attached my firewall/NAT/PBX settings.

SIP ports forwards; SIP ports - 5060, 5160, 10000:20000

What, if anything, appears in sngrep when the remote device attempts to register?
(sngrep is ahead of the FreePBX firewall for incoming packets and after the firewall for outgoing.)

If nothing, the requests are not being passed by pfSense. Does it have a public IP address on the WAN interface? If not, why (connected to ISP gateway, ISP does NAT)? If yes, capture traffic on WAN side to see whether the requests are arriving there.

Hello @Stewart1
Thanks for the reply…
the domain is pointing to my public IP…
I am already hosting multiple websites using the same domain thru HAProxy and pfsense.
i will get the sngrep output from freepbx console and post it.

There is no output on sngrep
Also i checked sytem log of pfsense - firewall logs - there is not block traffic entry for the domain IP Address in both inbound and outbound

I think it has to do something with HAproxy

Run tcpdump on the WAN interface and see whether REGISTER requests are reaching it Diagnostics — Packet Capturing — Packet Capture GUI | pfSense Documentation .

If yes, something is wrong or inconsistent with the port forwarding setup. For example, if the mobile app is configured for SIP over TLS, the default port (TCP 5061) is not one you have forwarded.

If no, use the capture/logging features of the app to see to what address and port requests are being sent. If that’s correct, perhaps the mobile carrier is blocking or otherwise mishandling the traffic. You might try the app on a phone with a different carrier, or try registering to another service that uses the same port.

Its working now…
i guess there was some port forwarding issue…
i cleared all the port mappings
did TCP/UDP NAT fowarding for ports 5060,5160,10000-20000
and magically…
sngrep started showing output

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.