Not sure what happened*

Well my FreePBX was up and running fine with my old Asus router and port forwarding. LIfe changes took me away from installation for about 2.5 months, switch out asus for PFsense.

Calls don’t work incoming or outgoing (sound). Nothing has changed except updates/patching. I even tried to revert to a snapshot when was working still no sound. I am open for any assistance.

PBX Firmware:

12.7.6-1904-1.sng7

PBX Service Pack:

1.0.0.0

Running asterisk -rvv I am gettting some ast-yyerror* and such. I checked PFsense and it isn’t blocking anything from my SIP provider.

I need a troubleshooting guide as I am new to FreePbx and want to utilize and not just pay SIP provider monthly.

What ports do you have forwarded.
Is 10K-20K UDP open wide to the world and forwarded?
What is your UDP timeout
Is SIP ALG turned off?

https://support.onsip.com/hc/en-us/articles/204029430-PFSense-Firewall-Settings-for-VoIP?mobile_site=true

@partgenius yes I have 10K-20K open to specific ip of my SIP provider not world.

Ports are there and single device behind the firewall. I did adjust the timeout to conservative still no audio either way. Thanks guys for the assistance!

Does your provider proxy media. Or do they do direct audio to their ULC. Most providers dont proxy media and require you to open 10K-20K to the world.

Try it with those wide open for 5 minutes and see if it works.

At the Asterisk command prompt, type
pjsip set logger on
or
sip set debug on
and make a test call.
Confirm that the SDP in the INVITE has your correct public IP and that the SDP in the provider’s response has an address passed by your firewall.

I don’t see that option from the command line my friend. I would like to know as well after the firewall change my SIP provider said it would be a minimum of $300 for a block of hours to troubleshoot. And I am thinking it has to be something simple. I am almost tempted to buy another router (Asus) and just do the port forwarding to test.

I have no idea I did this as POC to see if I liked it and to administer and now it has become something of an issue trying to get to work. I read somewhere that I could just NAT my Freepbx on the system itself and it would work. Honestly I am almost tempted to start from scratch…

I do want to thank everyone for their assistance I work in the technical field and only had to deal with Mitel boxes so I didn’t really need to handle most of it our vendor did. But Freepbx caught my interest. Again thanks I know I will get it figured out eventually.

I ran an asterisk -rvv I can hear a dial tone when picking up my headset (Sangoma s505) but after it dials out no sound. I leave everything connected then the make call after a bit of time it just drops.

please see attached

There’s some good documentation on the pfSense website:

https://docs.netgate.com/pfsense/en/latest/nat/configuring-nat-for-a-voip-pbx.html
https://docs.netgate.com/pfsense/en/latest/nat/configuring-nat-for-voip-phones.html

I had FreePBX working for many years with pfSense. I suspect your issue is actually how you have configured your pfSense NAT or firewall rules rather than FreePBX. The pfSense forums may be a better place to get help.

  • Try connecting a phone to the WAN (before) of pfsense and see if the phone work.
  • If you are using Chan-SIP extension make sure NAT Mode is set to Yes
  • Do you have pfBlockerNG? if so see if it is blocking the phone / FreePBX. Try to disable it and see if things work

Thanks sorry for late reply will look more into that. My experience has been on F5 and Checkpoint firewalls I just like PFsense :slight_smile: I will definitely look again.

@gsiemon looking into those videos and docs now thanks so much. Hope this resolves it (fingers crossed).

So I watched the youtube video and I had all those setting already on my pfsense from the PfSense troubleshooting guide. ;(

When I dial in I get no audio and the following: Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5

Seriously have you just tried opening 10K to 20K and to the world and forwarding them for like 5 minutes? Or who is your provider…someone will be familiar with whether or not they proxy audio. But you get no audio and you don’t have your audio ports open. So…just open them to the world for like 5 minutes and see if it works.

Lack of RTP activity. That would be ports 10K-20K. Almost all reputable providers just do signaling they don’t send the audio. The audio comes directly from Level3, or who ever they are sending the call to.

I will likely open to world to test. Been a crazy week but ready to get this resolved will try it out. And report back. Well editing this because I just did a test and opened to the world for source and source ports for RTP and it is working now… Now to work backwards and secure it.

Only thing I changed in role was the Source and Source ports everything else was the same*

So after troubleshooting I opened a ticket with my sip provider. First thing I found was the ip addresses for RTP weren’t in my alias list nor given to me by my provider. Secondly some of the request were out of the 10K -20K range. I asked my provider to put my account on hold until I could figure out last week as they suggested I paid for support. But having the time to look into this I hope that I get credited or something for this… Thanks all for the suggestions.