Having a potential NAT issue with my setup and I am not sure where to start looking. I’ll describe what we have going on bellow and hopefully somebody here can help me troubleshoot.
Our general setup is a single PBX with phones on the same network behind a pfSense firewall with a dedicated external static IP address for the phone VLAN with three remote extensions (Polycom VVX phones) that are behind a NAT themselves.
Everything on the local phone VLAN works great (both outbound and inbound calls). The problems that we are having are with inbound calls to the remote extensions. When the remote extensions first boot they are visible as registered extensions when we do a
pjsip show endpoints, however very quickly after that they unregister and
pjsip show endpoints shows the extensions as unavailable. Dialing the extension directly does not ring them nor do they receive any incoming calls from the outside as part of a ring group that they are in. However the display of the phone shows that the extension is happy and registered and dialing an internal extension or an external DID from these phones works just fine.
I am a bit lost and not sure what would cause that. Anyone seen this before and able to lend some assistance?
check this out
i would try the first two options and see if that alone solves it
- Disable source port rewriting
- Set Conservative state table optimization
I saw that article and from the use case that they described there it didn’t seem like it applied to this scenario. I’ll definitely give this a shot though and report back.
I should have also mentioned that the external extensions are all on different networks/ISPs with different external IPs and they are all behind different firewalls, none of them are pfSense.
Have you checked the /var/log/asterisk/full log to see why the phones are unregistering?
This is all I get in the logs for one of the extensions:
[2019-10-18 04:30:03] VERBOSE res_pjsip/pjsip_configuration.c: Endpoint 3210 is now Reachable
[2019-10-18 04:30:03] VERBOSE res_pjsip/pjsip_options.c: Contact 3210/sip:[email protected]:5060 is now Reachable. RTT: 32.447 msec
[2019-10-18 04:32:06] VERBOSE res_pjsip/pjsip_configuration.c: Endpoint 3210 is now Unreachable
[2019-10-18 04:32:06] VERBOSE res_pjsip/pjsip_options.c: Contact 3210/sip:[email protected]:5060 is now Unreachable. RTT: 0.000 msec
pfsense community might help you more with this https://forum.netgate.com/category/66/pfsense-software & https://www.reddit.com/r/PFSENSE/
you can try to create NAT / firewall rule to direct the remote phone (xxx.xxx.xxx.xxx) to the FreePBX
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.