RESOLVED: pfSense: cant register phone to internet based FreePBX

Anyone know what could be the cause of this?

– Registered SIP ‘200’ at
[2017-10-23 20:05:03] NOTICE[1772]: chan_sip.c:23797 handle_response_peerpoke: Peer ‘200’ is now Reachable. (80ms / 2000ms)
– Unregistered SIP ‘200’

packet capture shows that the SIP contact address is 192.168.x,x for my phones (which connect from my local network over the internet to FreePBX)

I dont know why neither my Yealink or my Zoiper are rewriting to external IP properly …

It is definitely the fault of my pfSense, but haven’t figured out how to fix it :frowning:

More info needed. Where is the PBX in this equation. What is your network layout?

FreePBX is hosted on VPS

Yealink phone connects through my pfSense to the internet -> FreePBX

It appears to work when I use VPN to another network, so I’m blaming pfSense, but wish I knew how to fix it. Lots of bad information I have found on pfSense voip online

Will probably replace with vyos and try it out

Don’t blame pfSense. Thousands of pfSense users successfully use VoIP through it. You probably haven’t configured NAT correctly for your extensions in FreePBX.

Because they don’t know they are behind NAT until you tell them. The Yealinks have a place for “NAT IP” (or whatever they call it) where you set the external WAN IP so the phone uses it. Zoiper, not sure if that is available in the free version or even if the paid version has an option like this.

No, he can probably blame pfSense. The #1 problem I see with every pfSense user (and I’m in IRC channel is they pop in there a lot) is that pfSense takes a crap on the NAT and SIP handling. Any and all SIP helpers need to be disabled and Port Randomization needs to be turned off. Those two things usually improve the situation.

But in every network I’ve ever dealt with that had VoIP problems and used pfSense it was 100% pfSense. Replacing pfSense with another router would see the issue go away instantly.

The sipproxd package is not installed by default. ALL routers with NAT do port randomization by default to obscure the type of service being offered.

Turning off the randomization may help but your much better off turning on rPORT in zoiper and making sure NAT settings are enabled st the extension level.

Oh wow, it turns out its not pfSense’s fault

I didn’t enable NAT -> Yes on the extension itself

This literally gets me almost every time I install a new FreePBX lol, can’t believe it got me again

Thanks @thehammer86 for that reminder

I could probably dig up half a dozen forum threads of me making the same mistake hahaha

I did see alot of complaints about pfSense + VoIP, however, it does appear to work out of the box for me (when NAT = yes on FreePBX extension)

But my configuration is with phones behind pfSense and FreePBX on a VPS over the internet, the complaints and solutions I was seeing regarding port randomization were with FreePBX behind a pfSense

I’m still not sure why my extensions were able to register with NAT turned off on the FreePBX extension when using a different network. That network had a Ubiquiti USG. It’s possible it had some kind of SIP ALG rewriting which actually was helping I guess

Glad I could help.

Also, I have my FreePBX behind pfSense without issue. Some extensions local and some remote. Once you wrap your head around how asterisk treats NAT it all starts to make sense.

1 Like