Confirm that the VM is using bridged networking. Are 10.0.1.x and 10.0.2.x on the same subnet (you have 10.0.0.0/22 or larger)? If not, please explain. Confirm that in Asterisk SIP Settings, Local Networks covers both 10.0.1.x and 10.0.2.x.
Those are /24 subnets and firewall rules allow them to talk. Both subnets are listed in the ‘local networks’ section of the sip settings.
In your router/firewall, confirm that you are forwarding the RTP port range (default is UDP 10000-20000) to 10.0.2.3. Also, confirm that any SIP ALG is disabled and that the firewall is not rewriting the source port numbers. This may be called ‘consistent NAT’, ‘disable source port rewriting’ or similar. If the firewall does not have a public IP address on its WAN interface, please explain (ISP’s modem is a gateway, ISP does CGNAT, etc.)
I am forwarding 10000-10100 - I have updated the settings in FreePBX to limit the port range. I have not seen an instance where there was a call outside of the set range.
I am using Pfsense for a firewall and it does not appear to have SIP ALG. I have not seen evidence from my captures that it is rewriting the source port.
I don’t understand the States picture – none of the ports mentioned match those in the Wireshark capture.
That screen shot was not at the same time as the packet capture - I was trying to determine if I had a NAT issue so I turned on firewall state logging.
If the above doesn’t help, play the RTP stream sent to 207.223.67.136 and confirm that sound is present. Also that the codec (presumably ulaw) and destination address/port matches what was requested in the SDP of the incoming INVITE. And, check that the source port matches what was specified in the SDP of the 200 OK that Asterisk sent.
If you still have trouble, capture traffic on the firewall WAN interface to check that audio is being passed and port numbers have been properly preserved.
I captured at both the interface where the FreePBX server lives and the WAN interface (different calls because I can only sniff one interface at a time). I have confirmed the audio is present at all highlighted points.
note: 34.226.36.34 is a flowroute IP.
If still no luck, how are you routing the call? If other than directly to an extension, try turning off Progress Inband in the trunk, and setting Signal Ringing and Pause Before Answer in the Inbound Route.
If all else fails, with pjsip logger enabled, make a failing call, paste the Asterisk log for the call at [omitted link] and post the link here. If you are too new to post links, just post the last eight hex characters of the URL. Post router/firewall make/model and describe any VoIP-related settings.
Call is getting routed through inbound route directly to the extension.
The pastebin appears to be down at the moment.