Problem with External Address In SIP Settings

System is a fresh install of FreePBX distro. FreePBX 12.0.67

I have a catch 22 problem.

My SIP trunk provider is also my ISP. They give me two network connections.

WAN Connection 1 Connected to a router. PBX on LAN serviced by router.
WAN Connection 2 only used for accessing sip trunks. Directly attached to second network interface on PBX.

The pbx has a route set so only requests to the SIP trunk server host go over the WAN Connection 2. This connection is restricted by the ISP to only allow access to the one Host.

External Address in SIP Settings is set to WAN connection 2’s IP Address, the SIP trunk connection (will explain why in a sec)

The phones on the LAN work with SIP connections. Can make and receive calls no problem.

I can connect remotely via SIP from outside firewall but can’t make calls. No audio basically plus the calls seem to drop quickly.

I can connect remotely via IAX and make calls with audio and no problems. Problem is my phones only support SIP (using softphones for testing)

So. I change the External Address in SIP Settings to the WAN Connection #1 IP Address. This is the one that is selected if you press Detect External IP button.

Now I can call between two external extensions and have a completed call with audio but now the SIP trunks are not working, no audio and drop connection quickly. So I can only call extensions on the PBX… No external facilities.

The catch 22 is that I can have either remote SIP extensions or SIP trunks but not both. My ISP used to provide SIP trunks on my single connection and since they stopped I have had this problem.

This is all based on the one setting, External Address.

HELP!!!

Thanks in advance for any suggestions.

-Mark

If you have a multihomed system you will need to bind the server to an address that all your connections can see. Probably your local address, I don’t think that anything in the GUI will help you there and you will have to do all your PNAT’ing on your firewall(s)

Yes I have agree that the GUI can’t handle this situation. It does seem like a typical situation.

It seems that there is no way for a freePBX system to use resources from two different interfaces. It seems like I need a SIP Proxy to handle all the heavy lifting and hide the complication from the freePBX system. The problem is that it is taking a very simple situation and making it very complicated.

I don’t think I can fix this simply by having a single ip address on the FreePBX system. I will still have the same problems if I push the routing further away. FreePBX can simply not have resources coming in on two different public IP’s … it would seem.

Not really, bind to 0.0.0.0 and have your various routers PNAT forward connections bi-directinaly as necessary.

Thanks so much for helping.

I only have one router. The other connection is directly attached to my PBX. My PBX has two network interfaces.

I don’t think I understand when you say bind to 0.0.0.0 And I googled PNAT and could not find anything? Can you give me a bit of direction?

Thanks again.

-Mark

VPN your remote extensions?

If you have two nics there will be two ip addresses, you need to set your router to route all traffic properly to your various networks by source/port to destination/port bidirectionally so the external traffic goes to/from the correct address/pair ports you need to do the same for internal connections also it all depends on how you set up your three networks if you are Masquerading. Go google iptables if that is what you are using for your routing router, PNAT is Port and Address Translation, Masquerade in iptables talk. https://www.frozentux.net/iptables-tutorial/chunkyhtml/c584.html

I think that would fix the problem but would like to allow access without VPN and block access via iptables.

I really want to figure this out. It is driving me nuts.

The traffic to the SIP trunk provider is not doing any NAT because it is directly connected to the PBX via a second NIC. This second NIC has a public IP address. There is a route setup on the system directly to the host that provides the SIP trunks. So any request for that host will go over the second NIC. All other traffic on the PBX goes over the internal IP nic. This nic has NAT running via the router it is attached to.

For some reason I have to set the external Address under sip settings to the second NIC, the public IP nic or the SIP trunks don’t work correctly. If I let the system pick the external address via the button next to the field, the External SIP extensions work correctly but the SIP trunks stop working…

There is a setting in the trunk setup nat=yes I set this to nat=no and the sip trunks also stopped working. Kinda crazy because the SIP trunks are directly connected t the PBX.

I have been in the software/technology business for 25 years including being a phone tech 20 years ago. This is the most difficult problem I have had to get my arms around mostly because I don’t understand how SIP works. I have read many article and I still don’t see how it is working.

I don’t get how the PBX is going out and connecting to the SIP Trunk resource. I the setup of the trunk it says what IP the request is coming from. Why is it using the External Address setting for this? What does the request to the provider look like? How can I trace the request?

Try ngrep -T [providers IP here] port 5060 ran on same machine, and asterisk -vvvvvvr in another terminal (screen is your friend and ngrep needs libpcap)

In an effort to beat this to death with one more possibility.

Could I setup a SIP Proxy. The sip proxy will have a local IP address. The SIP Proxy will communicate directly with the SIP Trunk provider. My PBX will then access the Trunks via the SIP proxy on my local network.

Would that work?

I don’t know, I don’t use one, I’ve my PBX behind NAT :J
Maybe check the machines’ IP settings (address, mask, bcast, network - from ifconfig - and default route - from route -n and dns servers setting (/etc/resolv.conf) ?

I was able to fix this problem.

The problem was that the connection to my SIP provider was using nat. I was able to set the externip = to my true outgoing IP, and not the IP of my SIP provider by add the host of my sip provider.

Then enter the host a internal networks (under the external address setting).

Then the system does not use NAT for that host and enabled me to enter the outgoing address to be used by all other NAT connections.

Thanks to everyone that helped with this problem.