Outbound calls don't have audio unless the phones are behind a second router

FreePBX Version:
2.10.1.9
Asterisk Version:
10.12.1

Our building is providing us internet access for the next few months until we get a fiber line installed. We are hosting our freepbx server at rentpbx.com. Our phones were connected to our router which was then connected to the building’s network via it’s WAN port (nested router configuration). Everything worked fine, we could make and receive calls.

The execs wanted their assistants to have BLF keys enabled on their phones, but in the nested configuration BLF wasn’t working. I moved the phones to the building’s network and BLF worked fine, but then outgoing calls stopped having audio. I can’t figure out why the outgoing calls would work fine in the nested router configuration but not work behind the first router alone.

Without knowing more about the network setup it is going to be difficult to troubleshoot this remotely, but with sip debug on you might glean some more information as to why this is happening.
I’d start looking at the obvious offenders such as firewalls, source port rewriting, etc…

Sounds like you did not address your SIP settings after the architecture change.

This is one of the reasons I only recommend using hosted providers that utilize a VPN for access. By using a site to site VPN you can provision the phones automatically and quickly, solve all NAT issues, secure your system and have meaningful QoS since all voice traffic is reduced to a single TCP encrypted wrapper.

I am doing a lot of debugging, including capturing packets on the PBX and using wireshark to analyse the calls. So far nothing looks wrong with the calls, but I’ll keep at it. To clarify, the company router is connected to the same network the phones get connected to, so any firewalls, port mapping etc, between the phone and the PBX should be the same except now one less routing/handling step.

Essentially I’m taking the phones from being behind 2 NATs to only 1 NAT and when I do that the outbound calls stop working. Everything except BLF works fine behind the 2 NATs. It seems like reducing the number of routers handling the calls should make things work better, but that does not appear to be the case.

initial architecture (BLF doesn’t work, everything else does):
PBX —Internet----Building Router(172.x.x.x)----Company Router(192.x.x.x)----VOIP Phone

Second architecture (BLF works, but outgoing calls don’t):
PBX—Internet----Building Router(172.x.x.x)----VOIP Phone

Why would you be running any NAT with contiguous private IP space? It’s just routing at that point.

Remember any non-translated network is local to Asterisk and must be included in the localnet table.