Soft phone registration issue


i have freepbx 16 installed
dynamic public IP with DDNS configured

i am able to register extension (pjsip) to freepbx on softphone(zopier/GSwave) using ip address when in LAN environment
i am able to register extension (pjsip) to freepbx on softphone(zopier/GS wave) using DDNS domain when in WAN environment (on mobile Data)

so i know -

  1. NAT is configured correctly
  2. internal network is configured correctly
  3. hostname resolution is working
  4. dynamic updation IP address is work correctly

my problem-

not able to register when using DDNS domain in LAN environment gives - 408 timeout error
sngrep shows nothing
asterisk log shows nothing
nslookup resolves the domain to correct ip address

tried disabling freepbx firewall
no IP blocked in fail2ban

any ideas??

You either need a ‘hairpin’ rule on your firewall for the DDNS domain or a local name service that points the DDNS domain to the FreePBX server.

1 Like


i am using pfsense as firewall…
but i still dont understand the reason behind it…
DDNS is working over cellular service but not when on internal network…

can you help me out on hairpin rule?? what you mean by that…

i have forwarded all incoming WAN connections on UDP to
-freepbx server and sip port
-wireguard server and its port

Inside your LAN you best need to resolve to (or whatever) otherwise there are any number of reasons why you are not getting connected all of which although probably resolvable will be external to your FreePBX your pfSense can be set to redirect LAN traffic to back to te LAN at in the symmetrical way WAN traffic to is so redirected, that is a ‘hairpin’ rule. If your pfsense is the authoritative DNS server on the LAN then a static entry for should also work.


currently nslookup of the DDNS points to my public IP.
So you are advicing to setup a static local DNS entry in the pfsense firewall pointing DDNS to ip).
what if the DNS entry points to the firewall itself??

neither of these have any effect… no activity on sngrep…

sngrep monitors traffic on the interface of the FreePBX box , if that is in your LAN and SIP INVITES and REGISTERS are sent from the endpoint to that interface it will show. If they don’t show then recheck your pfsense setup because that is the device responsible for directing connections

ok will try again and update
have put a static local dns entry for the DDNS domain in the firewall…


so it works… now the local dns override makes softphone able to register on the freepbx…
but this causes another issue…now wireguard service is not working… as that was also using the same dynamic domain to connect to the wireguard server running on pfsense.

Wireguard suggests tailscale

You need to create a Hairpin NAT rule on your router, I don’t know how it works in PFSense, but in mikrotik (winbox) I did it like this:

chain: masquerade
src address: (my local network)
dst address: (my pbx)

action: masquerade

I have a rule like this for each service within my network that has a connection to a domain, so that it is accessible via the internal network

without this rule, when you try to access the domain via your LAN, the packets are “lost”.
This video explains it better, it’s very practical and quick, I believe it is similar in pfsense:

With this rule, domain services work perfectly on the LAN
EDIT: Looks like in PfSense this function is called NAT Reflection

It’s called NAT Reflection in pfSense: Network Address Translation — NAT Reflection | pfSense Documentation

For mikrotik to allow local clients like wireguard you might need the corollary rule

1 Like


yes the issue is resolved…
it was because in the pfsense firewall, NAT reflection was off… changed it to true NAT and everything came in place…
now without pointing the domain to one IP address… the firewall is automatically deciding which service to look for and sending wg connections to firewall and sip connections to pbx server.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.