One Way Audio, No audio, Multiple DIDs, Dropped Calls after 30s, Busy on Incoming, Inconsistent Results

FreePBX Configuration
, ,
1

Hello everyone! I’m brand spankin new to the PBX world, as far as configuration and deployment so please be gentle. I will provide what I can now to show you what I have been trying.

My Config: SIP provider is Flowroute. I have 2 DIDs, a long code and toll free DID. I’m running FreePBX on a HP Proliant 1u server that was donated to me. I’m running FPBX-15.0.16.42(16.6.2). My router is running pfSense 2.4.5-RC FreeBSD 11.3-STABLE. I know theres a love/hate relationship for pfsense. I have FreePBX and Sangoma S305 on their own VLAN (192.168.30.10 PBX and 192.168.30.12 phone). The VLAN has wide open rules to the rest of the networks. Main network is 192.168.1.0/24, which is where my PC is that I’m configuring from. I also have a laptop on the same vlan to help troubleshoot if my PC acts up. I have ports and protocols and nats (oh my) setup in pfsense. The SIP truck and phone are configured in chan_pjsip, default ports are set in Asterisk SIP settings (not changed like Crosstalk solutions changes them).

I used these links from netgate, freebpx and flowroute to help provide setup help:

I can post screenshots of my pfSense config, command outputs on the pbx and anything else that would help figure out whats going on. I know I missed something and if I think of it, I will update.

The issue I’m having is no 2 way audio on incoming calls to FreePBX using the long code DID, random calls being dropped at 30ish seconds regardless of inbound DID. The toll free DID has 2 way audio. Both DIDs are setup exactly the same under Inbound Routes in FreePBX. Nothing seems to work right after the server is restarted for a good 10 mins or so. After that, it starts to slowly come back and its random when I have no audio on the toll free DID and outgoing calls. I’m pretty much at a loss and have been fighting with this for 3 days. I’ve been reading post after post but I get confused on some of the commands and how to get the outputs from them. I’m not getting the same results as most of these other posts so this is my last ditch effort to get this working before I pack it in and move to something else. Any help is going to be appreciated. I will be sure to post successes and failures to things we try to help keep this a complete thread. Many threads seem to deadend and that gets frustrating.

I’ve also tried removing the toll free DID and using only the longcode DID with no change. I am not getting 2 way audio on the toll free number and outgoing calls, still no audio on the longcode DID.

I thought I had a bad install of freepbx or I screwed a setting up somewhere so I reinstalled it fresh and only configured the required stuff to make it work. This has had no change in behavior.

pfsense%20nat%20outbound
pfsense%20nat%20outbound1455×1467 180 KB
pfsense%20port%20forward
pfsense%20port%20forward1491×1594 206 KB
pfsense%20ports
pfsense%20ports1465×714 86.1 KB
pfsense%20rules
pfsense%20rules1453×1586 209 KB
freepbx%20inbound%20routes
freepbx%20inbound%20routes1759×472 57.4 KB
freepbx%20trunk%20general
freepbx%20trunk%20general1412×936 98.6 KB
freepbx%20trunk%20pjsip%20settings
freepbx%20trunk%20pjsip%20settings1201×926 92.4 KB

2

Basically, these four problems are all common and usually repairable relatively simply, once you know where to look. In fact, they can all be caused by an incorrect NAT setting.

My experience leads me to believe that there are a couple of places to look. The first is in your NAT settings. Any place where direct routing doesn’t work will need NAT set to Yes. This may include your connection to your TSP (the 30-second dropped calls) and may include your extensions (one-way audio).

In the spirit of stepwise refinement, I suggest you start with an Inbound Route with no DID and no CID. This is an “any/any” route and is useful for testing your system.

Next, check your SIP settings in the Advanced tab. Any networks that participate in this tech show (like your VLANs) need to be identified as “Local” LANs in that tab.

Finally, make sure your ITSP and your local network are represented correctly in the system’s Integrated Firewall.

3

I’ve tried it with both, one and no DID. No change in behavior.

These are setup exactly like Flowroute suggests per https://support.flowroute.com/895670-FreePBX-PJSIP-Trunk-Setup

flowroute%20truck%20settings
flowroute%20truck%20settings2030×1860 259 KB

Asterisk SIP settings:

asterisk%20sip%20chan_pjsip
asterisk%20sip%20chan_pjsip1474×1726 180 KB
asterisk%20sip%20chan_sip
asterisk%20sip%20chan_sip1287×1821 190 KB
asterisk%20sip%20general
asterisk%20sip%20general1693×1849 203 KB

FreePBX firewall is currently OFF and I have all the north american Flowroute IPs mapped in pfSense to the respective ports and protocols. I hope this is helpful.

freepbx%20firewall%20networks
freepbx%20firewall%20networks1537×1113 172 KB

4

Update: I factory reset my old ASUS RT-N65U router to do some testing. After a bit of config settings like LAN IP, DMZ, no firewall enabled (just to make it as wide open as possible), I was able to send and receive calls on both DIDs with 2 way audio. I made calls from both sides of the PBX as close together as I possibly could to make sure it worked. As I suspected, there are no issues with the PBX or the phone itself. I think I am going to redo my pfSense config from scratch, with a fresh install. Unfortunately, I cannot use the ASUS router since it has no vlan support and very limited DHCP configs. No, its not DD-WRT compatible or able to be firmware updated with DD-WRT.

As for the current pfSense config, I tried multiple configs outlined in this video:

Firewall Best Practices for VoIP on pfSense: https://www.youtube.com/watch?v=C0JgrzxXIBY

I tried both methods without success. I am going to try a fresh pfSense setup and reconfigure my network from scratch. I think maybe something is botched and I’m not seeing it. I will update this post once I complete this.

5

Look back through the forums for pfSense information. We’ve had many people start out with problems that have solved them after working with us. I’m sure you have not discovered a new problem.

6

In keeping up with good housekeeping. I wanted to post an update with my results.

I have completely re-setup my pfSense box on a new machine and reconfigured it from scratch. Side note, their backup/restore is not friendly. If anything is configured slightly different, it will botch everything.

Anyway, after a fresh install and new system, I was able to configure and get my PBX working. I’m not 100% certain on the setting I was missing or misconfigured. After following the Netgate video listed above, I was still having issues. I watched it multiple times and for some reason, I missed (I think) one important setting.

I started off by creating a virtual ip, or VIP. My public IP is dynamic. My understanding is this will keep my PBX online and allow pfSense to deal with the public IP changing.

PBX_VIP

VIP%20alias
VIP%20alias1448×923 102 KB

Then I created a few aliases, PBX ports, PBX Server, SIP Truck IP addresses (these will vary depending on your trunk provider) and a virtual IP (you must create the VIP first, then create the alias).

PBX_Ports Alias: These are the ports used by your truck and pbx.

pfsense%20working%20pbx_ports%20alias
pfsense%20working%20pbx_ports%20alias1456×784 87.3 KB

PBX Server Alias: This is the IP address of your PBX.

pfsense%20working%20pbx%20alias
pfsense%20working%20pbx%20alias1454×650 92.4 KB

SIP_Trunk Alias: These are the IP addresses used by your trunk provider.

pfsense%20working%20SIP_Trunk%20alias
pfsense%20working%20SIP_Trunk%20alias1451×1591 204 KB

Once all these are created, this will help making rules and port forwarding much easier.

Next, I created the port forwarding rule. Firewall, NAT, Port Forward. You can see how creating the aliases makes this process very clean and simple. This should automatically create the firewall rules, as long as “NAT reflection” is set to “Use system default”. If you’ve changed this behavior, then this may not work.

pfSense%20working%20port%20forward
pfSense%20working%20port%20forward1443×1645 218 KB

After clicking save, you should end up with a firewall rule:

pfsense%20working%20rules%20WAN
pfsense%20working%20rules%20WAN1452×620 71.5 KB

It will look like this. This rule allows communication with the SIP trunk and PBX only. If your PBX is on a VLAN like mine, then you will need to create a “Allow” rule so you can configure it from your PC. (which I have done).

pfSense%20working%20rules
pfSense%20working%20rules1444×1751 229 KB

Over to FreePBX, we can configure it to work with the settings on pfSense and communicate with our trunk.

Settings, Asterisk SIP Settings. Here you can see I entered my Virtual IP address in the “External Address” box. I have also entered my local networks.

freepbx%20working%20asterisk%20sip%20settings
freepbx%20working%20asterisk%20sip%20settings1234×869 87.1 KB

You can see the Override External IP box has populated with the External Address setting previously set, which is my Virtual IP.

freepbx%20working%20asterisk%20sip%20settings%20sip%20settings
freepbx%20working%20asterisk%20sip%20settings%20sip%20settings1148×1820 177 KB

Using these settings on my network with my equipment worked and fixed 99% of my issues. I still have to tweak some things in pfSense to get a bit better quality and really do some more in-depth testing to ensure this is nearly perfect. I’m on a 50x5 internet connection that’s usually pretty reliable so only time will tell.

If there is something that I missed or forgot to add, I will do so in the coming days. I hope this information helps anyone else having issues. I know these settings are going to vary some, depending on your configuration. I mainly wanted to create this in full since many posts go unfinished when someone gets their issue resolved. Many posts with titles that are not related to the actual problem contribute to the frustration of searching forums. Titles like “PBX not working, help!” are not helpful. Something more like “No audio, Dropped calls” is more searchable and helpful when browsing through the form posts. I’m a visual learner and have a hard time reading and retaining what I read. I learn the fastest by watching and doing. I like to see the results of what a setting does or doesn’t. The whole “RTFM” model, doesn’t work with me and pisses me off. I understand the other side as well, the same question or variation over and over gets old too. Hopefully this post will help a lot of people with these annoying issues.

7

UPDATE:

Its been just about 2 weeks that I’ve been messing around with this setup and I’m just about to pull the plug on it and send my phones back. I cannot find consistent information or get a “read this and that” type of response in all of the forums I’ve visited. Maybe I’m not using the right words when searching?

For the most part, I’ve been able to make outgoing calls without an issue. Incoming calls however, have been hit and miss. I’ve made dozens of test calls from my cell phone to my pbx and in some cases, when I call my pbx, I get a busy signal. If I wait a few seconds and retry, it works fine. This is potentially lost business and that is not acceptable. At this point, I’m frustrated with this whole system and that I’ve spent good money on and its not working consistently.

I’m sure its a config issue somewhere but where?!?! What am I doing wrong? I’ve included screenshots that shows my current settings and I don’t know what to change that will be that magic switch to make it just work. No, I’m not getting rid of the pfSense router. I need this to be secure and work. If not, I’m going to dump it. I would really appreciate some constructive help.

8

You need a two step solution:

  1. Find out what is going wrong.
  2. Fix it.

I strongly suspect that when an incoming call gets a busy signal, Flowroute’s INVITE is not reaching Asterisk. To confirm this, at the Asterisk command prompt, type
pjsip set logger on
which will cause SIP traces to be included in the normal Asterisk log. When you get a busy signal, see whether the INVITE is there. If it is (my suspicion was wrong), post the log so we can see why Asterisk mishandled the call.

Otherwise, capture with tcpdump, both on the PBX and on the firewall’s WAN interface.

If the INVITE is present at the PBX, its software firewall blocked it.

If it’s at the WAN but not at the PBX, it was probably blocked by pfSense, which may have logged something useful. You might capture on its LAN interface to rule out any network infrastructure between firewall and PBX.

If it’s not at the WAN, there could be a lost registration; check the log for the last REGISTER and the response. Confirm that the Contact header was correct and it was not expired. Otherwise, does the pfSense WAN interface have the same (public) address as whatismyip.com shows? If not, please explain (modem configured as router, ISP does NAT, etc.)

9

Since you are trying to solve at least five unrelated problems at the same time, let’s try something unheard of - solving one problem at a time.

One way audio is almost always a NAT problem, and when it isn’t it’s a CODEC mismatch. There are several places where NAT settings are pertinent - in the Trunk settings, in the SIP Settings, and in the Extension settings. Each of these has specific use cases that all revolve around whether or not the device that’s initiating the call is behind a firewall or not WRT the PBX server.

Always remember, there are no “phone to phone” connections with Asterisk (and hence FreePBX) since all calls are Back to Back through the server. In essence, every call is a call either to or from the server, and these calls are bridged together to make a conversation between two phones.

No audio is usually a problem with the RTP traffic not having access to the server. This may be because of several problems, but the two categories are NAT setup (which we just eluded to) and router configuration.

Since you are using pfSense for your router, you have some special problems that are specific to pfSense, in addition to the “standard” problems people have with routers.

“Standard” problems include incomplete audio paths because the RTP from your ITSP in through the pfSense firewall is not redirected correctly to your server. Setting up a UDP port redirect for ports 10000-20000 from the pfSense router to the PBX is the easiest usual solution, but if you are using any of the “special” features of the pfSense router, they can mess with you.

Multiple DIDs are only problematic if you are getting ahead of yourself, and there are actually two issues that you need to address.

  1. You should ALWAYS have a default “ANY/ANY” route with no DID and no CID value. This will allow any calls that make it into your PBX that have any one of a dozen vagaries in inbound numbering answerable.
  2. You may be running into calls from servers you aren’t expecting. If you set up your trunk so that it only accepts traffic from one IP address and your provider sends you calls from some other server, these calls will be rejected.

This is 99% of the time a misconfiguration in the router dropping your audio either because the NAT sessions are expiring before they get ‘verified’ or because the NAT is not being processed correctly.

This problem is so common that just searching for “30 seconds” will get you a handful of things you need to look for and solutions for each.

If the calls are busy on incoming, there are two possible culprits:

  1. Calls are coming from an IP address that the server rejects
  2. The calls are not even making it to your server.

Either way, the /var/log/asterisk/full log will give you the information you need to troubleshoot this.

This problem is almost always because of a misconfiguration in the inbound trunks. If you can hit your server 1 time in 4, the chances are that three of your provider’s IP addresses are not what you are expecting.

One of the things that can cause this is using FQDN instead of IP addresses. If there are any failures in DNS resolution, FQDN will cause problems like what you’re describing. The reason is because most systems (at the Linux/BSD/Windows level) resolve a name once and then hang on to that address until the expiration time is exceeded. This can lead to violations of astonishment rules until you know that’s DNS works. If that’s not your situation, there are other causes that are similar, including inconsistent operation of networks, switches, routers, cabling, IP addressing, and dozens of other places.

If this is accurate, you are in the wrong business. When you’re 8 or 9, that kind of know-it-all attitude is cute and even a little endearing, but if you want to grow into a real professional, you are going to have to start reading and learning the old fashioned way. There is way too much going on here for us to hold your hand every step of the way - there just isn’t enough time in a lifetime to show you every option on every part of the 100+ component collection of software that changes literally every week.

Now, if you’re done with your “I’m pulling the plug” tantrum and want to get started on solving your problems, pick one a solve it, then move on to the rest, one at a time. Stepwise, agile, problem solving based on limited sprints (for us old-timers, that’s “eating an elephant one bite at a time”) is the only way you are going to learn what you need to know to solve the problem.

1 Like
10

Allow me to defend myself. This is not NOT my main line of work. I don’t work in the IT or software industry, never said that I did and most definitely never will professionally. I don’t have a “know it all” attitude. I don’t usually ask for help until I get stuck. I’m asking what I’m asking because I don’t know how to word what I’m trying to accomplish. Please, I can do without the tantrum talk.

My “pull the plug attitude” comes from wanting to implement this as my main business phone system. My current service is lacking, terrible software and is not that reliable. I’m more frustrated with it so here I am. If this system doesn’t work consistently, that’s lost business. I think that’s good reason to worry about it. If it doesn’t work, even after the exhaustive troubleshooting, I will be forced to pull the plug and find another way. I won’t pay for something that I can’t use. I’ll probably have to eat the commercial module purchases but the phones will go back and I’ll cancel the sip trunk. I DON’T want it to come to that but I’m prepared to do so if need be, that’s my whole point. I understand there are going to be times when it will go down that are outside any of our control.

Dude, I’m just frustrated. We all get frustrated. I’m not looking for hand holding, just maybe some advice that I’m on the right track or not. There are a lot of posts that are unfinished, which adds to my frustration. I want to make sure this, and all of my posts have results and are thorough. This is why I’m providing links and screenshots to what I’m trying. I’m frustrated because everything that I’ve looked at and tried, doesn’t work or doesn’t apply to my situation. I’ve read everything I think is related to my setup. I’ve followed flowroute settings, netgate settings, freepbx wiki, etc with the same result. I’ve read pages on this and other forums trying to understand what errors others are getting and how they troubleshoot. I don’t quite understand much of it so I try and search but the results leave me more confused and down a deeper rabbit hole. If I see something that looks similar to my issue, I try it. Something better happens or nothing, or it breaks it more so I go back to settings I know worked. Now I’m second guessing things.

So now that I’ve defended myself…

One-way audio issues: These are fixed. I’m getting choppy audio on inbound calls that make it to the pbx, when my greeting plays and from the S505. S305 seems fine. I’ll worry about this later.

Multiple DIDs: I’ve tried with the DID as per flowroute and to ANY with no change in results. I’m only testing using the non-toll free DID at this time. Why would I configure this differently than Flowroute?

I’m using IPs how flowroute says to do it. I have them allowed in FreePBX firewall as Trusted, in pfSense as SIP_Trunk alias. I don’t use FQDN, only IP addresses. Am I misunderstanding something?
https://support.flowroute.com/895670-FreePBX-PJSIP-Trunk-Setup

Dropped calls: I think this is fixed. I’ve left myself on hold for 25 mins and it was fine, two-way audio was fine. I resolved this after following the Netgate video on VoIP setup using port forwarding. Is this no longer accurate or suggested? I have a dynamic IP from my ISP. Static IPs are available but expensive. I’d like to avoid this if at all possible.

pfSense configured as per NetGate and Flowroute:
https://support.flowroute.com/892942-Set-Firewall-Policies-for-Flowroutes-Direct-Audio

I’m not seeing errors in pfSense that are related to my IPs or ports so this leaves me lost at where else to look.

11

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.