I’ve been pulling my hair out trying to get a remote extension setup but I can’t get it to register for the life of me. I’m a network engineer but don’t really have a deep understanding of how SIP works.
Anyways, I have a FreePBX server at my office and a Grandstream handset at my house. I followed the Freepbx Wiki guide when trying to set up the remote extension but it fails to register. All handsets local to the PBX work flawlessly.
Running a tcpdump on the pbx, I can see the traffic hitting the pbx but it doesn’t appear that it is sending any traffic back which I believe is the problem. Here’s what I’m seeing…
11:08:39.418000 IP wsip-X-X-X-X.21061 > 192.168.10.252.sip: SIP: REGISTER sip:X.X.X.X SIP/2.0
11:08:43.421929 IP wsip-X-X-X-X.21061 > 192.168.10.252.sip: SIP: REGISTER sip:X.X.X.X SIP/2.0
11:08:47.426417 IP wsip-X-X-X-X.21061 > 192.168.10.252.sip: SIP: REGISTER sip:X.X.X.X SIP/2.0
11:08:51.430768 IP wsip-X-X-X-X.21061 > 192.168.10.252.sip: SIP: REGISTER sip:X.X.X.X SIP/2.0
11:08:55.432909 IP wsip-X-X-X-X.21061 > 192.168.10.252.sip: SIP: REGISTER sip:X.X.X.X SIP/2.0
11:08:59.433804 IP wsip-X-X-X-X.21061 > 192.168.10.252.sip: SIP: REGISTER sip:X.X.X.X SIP/2.0
The first address is the WAN IP of my house and the address after the “REGISTER” is the WAN IP of my office.
I currently have NAT set to “yes” in the extension settings, I also have NAT set to “yes” in SIP settings and have my external address and local networks all setup correctly.
On the remote Grandstream phone, I have tried all of the different NAT settings but they all fail to work.
I have googled for many many hours and have not found a solution. Any help would be greatly appreciated.
You may want to check the pbx firewall settings by going to Connectivity->Firewall, and looking at the networks tab so see if you’re house network is not included. Also, can you tell us what routers are being used on your pbx network, as well as your houses? Typically, you don’t have to do any special setup on your home router, but it’s still worth knowing while troubleshooting something like this.
What does the Asterisk CLI show during these registration attempts? It would also help to see more about the packet trace, like the details within those REGISTER packets, and the tcpdump command that was used. For example, it could be a clue if you’re seeing your grandstream’s internal ip in the Contact header instead of your house network’s WAN address. This is assuming a VPN isn’t involved.
Hey wmoon, thanks for the respnse. I can confirm that my house’s WAN ip address is allowed on the PBX firewall.
I am using a pfsense firewall at both my office and my house. Currently all outbound ports are open at my house and as stated, the necessary ports are forwarded on the pfsense at the office.
When I ran the tcp dump, I just ran “tcpdump port 5060” which gave the output shown above. I did however, just run a “tcpdump port 5060 -vv” and uploaded a screenshot of what I got back. (The green mark is my house WAN IP and the blue is my office WAN IP.
So as you stated, it does in fact look like it is using the private IP address of the phone in the contact header. Am I right by thinking this has something to do with the NAT settings on the phone?
It’s possible that it’s an issue from the phone, but by the sound of your network description, I’d think whatever the default setting is should work. And it sounds like you have the correct settings on your PBX, with NAT set to yes for the Extension and Asterisk SIP Settings. I’m assuming that’s what was set during the recent packet capture.
Usually issues like this stem from some SIP handling features on the router. I don’t know of any obvious options to disable for pfsense setups, but maybe there’s something I don’t know about. I’d still recommend trying to find out if others have reported common issues with pfsense to see if there’s a preferred way of setting up external access for SIP.
Not that it should matter here, but is there any particular reason Chan_SIP is being used over PJSIP for your extensions?
