I’m having a problem where external users (Zoiper and Yealink Phones) cannot register to a HA setup of FreePBX 13 (Distro 10.13.66-10) with all the latest module and Asterisk 11.
The PBX is sitting in an internal network and all the proper ports (TCP & UDP 5060 + UDP 10000-20000) are forwarded to the floating IP.
This setup is replacing a previous single FreePBX with Asterisk 1.8 which is still alive, if change the port forwarding’s to point to the old FreePBX’s IP then external clients can register to it and calls work fine with audio both ways, so it does not seem to be a firewall problem.
I enabled TCP transport on the SIP Configuration and registration starts working but then the call has one way audio only (outgoing), this leads me to believe the problem is with UDP only. Looking at the firewall logs I can see the connections (TCP & UDP) coming to the public IP and being forwarded to the HA floating IP, but then I notice that the UDP connection from the server to the client is not originated from the floating IP but the IP of the active node, it is allowed and passes through but I think this is what is causing the problem. Maybe the client is rejecting it for that reason?
To test this, I change the port forwarding’s to point to the IP of the active node instead and then all starts working fine, clients can register with both TCP and UDP transport, and calls get audio both ways. This workaround is of course not ideal as it defeats the purpose of having a HA setup, a manual firewall rule change would be necessary when a failover happens…
Do you guys have any idea how can this be fixed? is it normal that the active node sends connections using is real IP vs the floating IP?