SIP phones not NATted / call terminates after 30s / internal NAT phone network problem


I have received my Sangoma deskphone today and setting up was a breeze … but unfortunately calls get terminated after 30s. Before you say “Fix your NAT”, please let me explain.

My Freepbx is sitting on a DMZ, as I wanted to use it remotely, too.
Now I managed to connect various softphones and even analoge phones and they are work ok. All that is on a different network, and to get to the PBX itr goes through a firewall (OPNSense) and FreePBX that goes out
via a SIP (or landline, either way works).
Now I setup a separate network just for deskphones, connected to a second interface on FreePBX, 192.168.x.y. All connected up and “working”, my Sangoma gets provisioned, NTP time, firmware, what not.

Now when I make a call outbound via SIP trunk on the Sangoma it gets disconnected after 30s. When I call the same number from a softphone or the analog phone, it’s fine.

When I look into the network traffic I can see that the firewall(!) is actually seeing the IP from the Sangoma phone,, and it is trying to connect to my public IP:5060. This won’t work and that’s why the call get disconnected.

NAT -outbound to the internet- works. I do not have a problem with softphones on the other network or also via analog (->FreePBX->SIP trunk out). When I make a call from a softphone they talk directly to the FreePBX,
and there are no packets unanswered going out to my public IP - the call is fine.

In a nutshell, how do I NAT my phones on my phone network? I have “Local Networks” listed, but the firewall can still see directly phone traffic.

What’s the proper way here?
Does the Sangoma need to be NATted behind the FreePBX or do I need to have a route back to FreePBX for the phone network - ?




It sounds like the NAT on your extensions is not set up correctly, and the PBX and phone are losing contact after 30 seconds.

Your explanation of your network setup is really kind of all over the place. Let me help you:

  1. NAT is there when you traverse networks that are not routable, so if your deskphone is a network that your PBX can route to directly, you do not need NAT. All other cases, NAT is required.

  2. Your phones will never connect to “the Internet.” They connect to your PBX - that’s it. With that entire discussion removed from the equation: how do your connections work. If they connect on the Public side (the Internet side) then they will route through that interface, out onto your router, and then back into your DMZ.

So: NAT is definitely your problem. It allows the ‘encapsulation’ of your traffic to pass through other networks to get from point to point.

Takeaway:: If your phone can route traffic to and from the phone to the PBX and back, you do not need NAT. In all other cases you do. NAT is set on the instrument, in the extension definition, and on the SIP settings, as a minimum.

Thank you, cynjut.

I figured what the cause were for this problem:

  • Adding a route to the firewall, so that it knows that the phones network is behind the FreePBX
  • Adding and the internal network to the Local Networks, but I then also Saved,
    Applied the config, rebooted FreePBX. When it came back I re-provisioned the phones again.

After this it was immediately working, and no phone was talking to my firewall on its public IP.
I guess reason being for all this is that the phones provisioning thought is external.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.