I’m using Zopier to connect to my FreePBX, but when I use the external IP it doesn’t work. I can use WireGuard to connect to the server and use the local IP but I’m not able to use the External IP. I have allowed the ports,
I also ran Nmap to see if these ports were open and Nmap shows ‘open’. The error I’m getting is a request timeout error (code:408). The command ‘asterisk -rvvv’ doesn’t update when I try to connect using an external IP.
Allowed and port forwarded are two different things. Make sure you are actually port forwarding these ports to the internal IP of the phone system.
Then you also need to allow connections to SIP/RTP in the FreePBX firewall (or enable Responsive Firewall).
These ports are also port forwarded as I am able to access the web interface of FreePBX from the external IP. Also, FreePBX firewall is not installed on my installation. Should I install it?
I would not recommend connecting asterisk to the internet in such as way.
Use of an SBC is highly recommended.
Hmm, you should install the firewall module for additional protection but it wouldn’t be the cause of your problem here if it wasn’t installed.
If port forwarding is setup and is working for the Web GUI then the other protocols should be NATing as well if you have the same settings set.
Are you using the external IP on the Zoiper app while connecting to a wireless network that’s on the same LAN as the PBX? Maybe the firewall is unable to do loopback NAT.
Try jumping off wifi if you are on and seeing if that work.
The server that FreePBX is installed on is in the cloud. I am using the external IP but it doesn’t work. When I turn on WireGuard to connect to the local network and use ZoiPer (still using the external IP) it does work.
if in AWS make sure you have proper ules in Security group.
normally you want by the way tcp/5061
It’s not on AWS but there is a list for the ports.
I also have added a rule on the Ubuntu Machine in the IP Tables. (which is how I always do it)
This is so weird, no idea why WireGuard would allow it to connect on the external IP of the FreePBX. Does the hosting provider assign the external IP directly to the virtual machine?
Yep the hosting provider does…
so you have few places to looks,
- asterisk / freepbx must know the local and external address.
- Asterisk must be listening on the interface or IP.
- any local firewall must allow the traffic,.
- any cloud firewall has to allow the traffic.
Ah ok, then I am very certain it’s not a problem or configuration issue on your virtual machine. The hosting provider for some reason isn’t passing this specific traffic through their filtering even with the rules you listed above.
WireGuard is simply bypassing all the filtering in front of your virtual machine.
I really doubt it because on nmap the port is showing up as opened
Yea are 100% correct, yet I can’t for the love of god figure out why it would work while connected to WireGuard (with the same external IP) and not when you are off.
I feel like in this case WireGuard is bypassing something upstream, I just have no idea what it could be or why NMAP shows the results that it does while your client is unable to connect.
In asterisk cli run
pjsip set logger on and see if SIP packets are hitting your system under the various different conditions.
check the transports settings freepbx under asterisk sip settings, then the sip settings tab.
you can also do a pjsip show transports if it either should be 0.0.0.0-udp or your externalIP-udp.
But as stated before An SBC is your friend in security.
So #2 is setup.
You can do a pjsip set logger on
so that should print out packet data on the console.
I still think something isn’t passing the port 5060 traffic if you don’t see any attempts to register.