Remote SIP phone FrerPBX

Good morning all, here i described my issue.

The following lines is are my case :
Asterisk server has a fix IP @ on the network : so i use FreePBX to configure these different files , SIP / Extension … An employee is in vacation so he wants to use his extension even when home, in SIP configuration i made a bit modification and put NAT set to Yes for this feature, the public IP @ is configure in the router’s interface and on NAT Firewall these ports are forwarded 5060 ; 10002 - 10006 pointed to the IP @ address of the Asterisk server which is but the SIP Remote phone does not work . I know i miss a lot of things !!! If someone has already experience this feature please help me…
One last question,does only the router that hosted the PBX server i need to configure for NAT firewall,what about to the other , the home router ?
Thanks !

Are you forwarding UDP port 5060? And also you should be forwarding a much larger range of ports in the 10000 range; if you haven’t told the system to use a different port range then you should be forwarding UDP ports 10000-20000.

The other problem is it sounds to me like maybe you have two routers in use, but you don’t explain why this is the case. If at all possible your Asterisk server should be connected directly to your primary router. And then the ports mentioned above need to be forwarding in that router’s firewall, to go to your Asterisk server. If there are any firewalls in the path that don’t pass those ports, the calls won’t reach your server. And going through multiple routers/firewalls is usually a very bad idea unless you know what you’re doing.

Once you get it working, consider the following. First, find out what IP address your employee will be at if at all possible, and change the firewall rules to only allow incoming traffic on ports 5060 and 10000-20000 from that one specific address, not the entire Internet. Then, read all you can about securing FreePBX. Opening ports in this way can be a very bad idea if you do it haphazardly, without regard to the possibility that you’re also opening a door for those who might want to attack your system and run up your phone bill. Look at the FreePBX Wiki and elsewhere on the Internet for pages on securing your system in this type of situation.

Okay,on the main office i use a Cisco router 2911 which is hosted the Asterisk PBX server,i forwarded these UDP 5060 and UDP range ports 1004-10008, these ports have been reduced in /etc/rtp.conf files,correct. So the SIP phone is located on outside and connected behind another router,home router,i try to call an extension that is located in the main office,that extension ring well but picking up the phone, communication goes in one way,they can hear but me i never heard them… so i have been adviced that i should set NAT firewall into the home router to open port 5060 too,but to be honest i never tested it for the reason this router is not on my possession, Do you think that it’s gonna fix my issue ? Set up NAT/ FW in both end .

Thanks !

I assume you meant UDP ports 10004-10008 and while I have heard of people reducing the number of ports, I have never heard of going down to just four. I don’t know if that’s part of your problem or not; you should maybe try increasing that range unless someone more knowledgable than I tells you it’s not necessary. Also I am not sure whether you can make changes in /etc/rtp.conf when using FreePBX and have them recognized. FreePBX has its own way of doing things and many times when you go outside the GUI to change settings you are just asking for failure.

Since you seem intent on going “off the ranch” I may not be able to assist you any further, but I will suggest a that you go to the Advanced tab and then look at the Asterisk SIP Settings page. Under NAT settings, make sure your correct EXTERNAL IP address is shown (that is NOT the address) and then under local networks put your local information (probably and Set the IP configuration to Static IP (even if you have a dynamic IP, at least try this to see if it fixes your one-way audio). And NAT should be set to YES. In FreePBX 12, the latter two settings are under the Chan SIP settings (see right hand side of the page for the menu, but don’t forget to save your changes before leaving a page).

Also on the SIP Settings page is where you change the RTP Port Ranges if you insist on trying to do that for some reason. I recommend not touching those and opening your firewall to forward those ports to your server instead, at least until you get the one-way audio resolved. Once you can get that working you can go back and do things that break your system if you want, at least then you will know what ypu did wrong. Don’t forget to undo the changes you made in that conf file (although chances are FreePBX might overwrite them anyway). In fact stop messing with the conf files until you know what you are doing, you are only going to break things and then your system won’t work. All changes you need to make, with very rare exceptions, should be made from within the FreePBX GUI, and you should never be modifying conf files to change SIP settings unless you are absolutely, positively certain that you are doing something that cannot be done from within the FreePBX GUI. Remember, even though you have Asterisk on your system, most instructions written for pure Asterisk users are not for you - FreePBX is your primary interface with the system and when you go around it, things can break!