As a disclaimer, we have had the issues documented below with our phone system ever since installing it on Trixbox 2.8 a year and a half ago. Last week I got fed up with it and bought a brand new Lenovo ThinkServer and loaded it with the latest FreePBX 64-bit Stable-2.210.62-6 distro thinking that maybe it was a Trixbox problem (and it was time to retire Trixbox anyway). We don’t have a complicated setup, so I configured it from scratch without any issues.
The main problem we are having is that randomly phones do not ring on the ring group for incoming calls (sometimes only 1 phone will ring out of 5, other times 2 or 3 may ring, but they have never once all rang as expected). When one of the users answers the call, they cannot transfer the call to any of the phones that didn’t ring as they don’t seem to be connected, however, all of those users can call out on through the exact same phone number immediately before or after the failed incoming calls. We have 5 Cisco SPA525G2 phones with 2 toll-free numbers (both toll-free numbers behave the same). Everyone has their own extension for both toll-free numbers, but the ring group rings all 5 extensions for both lines. We have tried adjusting the settings on the phones to no avail. Each of the phones also has a local Fongo.com VoIP line programmed on one of the phones 5 available lines, and these all work perfectly for incoming and outgoing calls. I did some limited testing on a softphone from a PC through one of the toll-free numbers and it seemed to work properly, but I didn’t test it enough to be 100% confident that it would keep ringing every time.
I should mention that this VoIP server is remote on a 50mb line behind a pfSense firewall, although before with our Trixbox 2.8 server we had it right on the internet and it exhibited the same problem, leaving me to believe it is likely something to do with the Cisco phones or a phone configuration/conflict. The phones are on the latest 7.5.4 firmware.
Outgoing calls all work fine. We also have one additional phone number/line not programmed on any of the Cisco phones that just forwards directly to a cell phone, and that user can dial into the phone system and make calls, and this works perfectly fine for incoming and outgoing and is used a lot through out the day.
Can anyone give me some advice regarding settings to look at that could cause issues like this? Any help would be greatly appreciated!
Do you know if the phones are staying registered? Can you have a look in the Asterisk log file /var/log/asterisk/full to see if there are any occurrences of phones being unreachable for a short time.
If you have multiple phones in one NAT’ed network trying to register to asterisk on another network, then the PNAT boxes between them need to be well configured. There is no one answer to that. but consider using a different SP registration port (not 5060) for each and every one of them as a workaround.
Thanks for the posts guys, my replies are below:
leemason: No, they are not. There is tons of messages like this for all the lines:
[2013-03-30 14:06:06] NOTICE chan_sip.c: Peer ‘101’ is now UNREACHABLE! Last qualify: 5
[2013-03-30 14:06:06] NOTICE chan_sip.c: Peer ‘201’ is now UNREACHABLE! Last qualify: 6
[2013-03-30 14:36:54] VERBOSE chan_sip.c: – Registered SIP ‘101’ at x.x.x.x:52183
[2013-03-30 14:36:54] NOTICE chan_sip.c: Peer ‘101’ is now Reachable. (10ms / 2000ms)
[2013-03-30 14:36:54] VERBOSE chan_sip.c: – Registered SIP ‘201’ at x.x.x.x:52183
[2013-03-30 14:36:54] NOTICE chan_sip.c: Peer ‘201’ is now Reachable. (6ms / 2000ms)
[2013-03-30 14:38:58] NOTICE chan_sip.c: Peer ‘101’ is now UNREACHABLE! Last qualify: 6
[2013-03-30 14:38:58] NOTICE chan_sip.c: Peer ‘201’ is now UNREACHABLE! Last qualify: 6
dicko: On our other Trixbox 2.8 server we had them on different ports for each phone (ie 5060, 5061, 5062, 5063 and so on), but it wasn’t behind a NAT’d system, it was right on the internet. It behaved the same way this new machine does behind the NAT. I should also clarify that none of the phones are local on the same network as the server, they are all remote/offsite (although one location has 3 of the phones each with 2 lines behind a single NAT/firewall), so would this still be necessary?
Appantly you need go something . . .
Both 101 and 201 are. Both trying to use the same port maybe the same IP
Look as if phone de-registering and re-registering is causing the symptom that you are seeing. As dicko suggests using a different port for each phone might be a good idea. 101 and 201 do seem to be using the same port to connect which is not good for either of them as far as I know.
To my knowledge PNAT can handle those situation, To my further knowledge many don’t unless stroked in the right way, these include Sonicwalls and PFsense, my favorites . . . For Sonicwlls, don’t accept any “helpers” from them, they wont help you. For pfsense, one solution is to add sippproxy as a service on the firewall. The other is to add a 1:1 relation to your asterisk box on the LAN.
But truly identifying all foreign extensions directly by unique ip/port is easy and rigorous in that it should work with or without a properly configured NAT system, please try it if you have troubles like you describe, registering several phones behind the same router.
Dicko: Line 101 and 201 on are both on the same physical Cisco SPA525G2 phone, so yes, they would be on the same IP address. Each phone is statically configured and has a unique IP address on our LAN. Regarding the pfSense SIP proxy I’m assuming you mean Siproxd? I will maybe try installing that if you
think it will help.
I have inserted links to 2 screenshots, I am a little confused by the NAT port forwarding and the passive port range. In the setup guide for FreePBX it talks about setting your RTP Media ports to 10000-20000 and pointing them to the FreePBX in your router/firewall, which I have done (see image at http://www.urlgone.com/eae652/ ).
In the second screenshot (see image at http://www.urlgone.com/b58052/ ) we see some incoming requests from the remote FreePBX being blocked by our local firewall. Now - this is the interesting part - I have noticed if the phones are all working, these errors do not show up in the logs! So I’m curious as to why sometimes it works, and why sometimes it fails. Maybe I need to make a firewall rule locally to point to the Cisco phones? Or am I misunderstanding the RTP firewall rule? Or as dicko suggested, install the SIP proxy on the local firewall?
What is 10.1.1.2 on the remote network?
That is the FreePBX machine
Anyone else have any ideas?
I’ve always used a hardware VPN to connect multiple phones at a remote back to the switch. I’ve never got it to work right using NAT alone.
I would never even bother with NAT. As Bill said, use a VPN or some time of tunnel connection back to the remote server.
Thanks a lot for the info guys, I have setup a VPN tunnel and deleted the NAT firewall rules, so far so good! I didn’t realize running it through NAT would be a problem, but the VPN is working well since I set it up last night.