i have freepbx 16 installed
dynamic public IP with DDNS configured
i am able to register extension (pjsip) to freepbx on softphone(zopier/GSwave) using ip address when in LAN environment
i am able to register extension (pjsip) to freepbx on softphone(zopier/GS wave) using DDNS domain when in WAN environment (on mobile Data)
so i know -
NAT is configured correctly
internal network is configured correctly
hostname resolution is working
dynamic updation IP address is work correctly
my problem-
not able to register when using DDNS domain in LAN environment gives - 408 timeout error
sngrep shows nothing
asterisk log shows nothing
nslookup resolves the domain to correct ip address
tried disabling freepbx firewall
no IP blocked in fail2ban
i am using pfsense as firewallâŚ
but i still dont understand the reason behind itâŚ
DDNS is working over cellular service but not when on internal networkâŚ
can you help me out on hairpin rule?? what you mean by thatâŚ
i have forwarded all incoming WAN connections on UDP to
-freepbx server and sip port
-wireguard server and its port
Inside your LAN you best need my.ddns.host to resolve to 192.168.1.34 (or whatever) otherwise there are any number of reasons why you are not getting connected all of which although probably resolvable will be external to your FreePBX your pfSense can be set to redirect LAN traffic to my.ddns.host back to te LAN at 192.168.1.34 in the symmetrical way WAN traffic to my.ddns.host is so redirected, that is a âhairpinâ rule. If your pfsense is the authoritative DNS server on the LAN then a static entry for my.ddns.host should also work.
currently nslookup of the DDNS points to my public IP.
So you are advicing to setup a static local DNS entry in the pfsense firewall pointing DDNS to 192.168.1.34(freepbx ip).
what if the DNS entry points to the firewall itself??
update!!!
neither of these have any effect⌠no activity on sngrepâŚ
sngrep monitors traffic on the interface of the FreePBX box , if that is in your LAN and SIP INVITES and REGISTERS are sent from the endpoint to that interface it will show. If they donât show then recheck your pfsense setup because that is the device responsible for directing connections
so it works⌠now the local dns override makes softphone able to register on the freepbxâŚ
but this causes another issueâŚnow wireguard service is not working⌠as that was also using the same dynamic domain to connect to the wireguard server running on pfsense.
I have a rule like this for each service within my network that has a connection to a domain, so that it is accessible via the internal network
without this rule, when you try to access the domain via your LAN, the packets are âlostâ.
This video explains it better, itâs very practical and quick, I believe it is similar in pfsense:
With this rule, domain services work perfectly on the LAN
EDIT: Looks like in PfSense this function is called NAT Reflection
yes the issue is resolvedâŚ
it was because in the pfsense firewall, NAT reflection was off⌠changed it to true NAT and everything came in placeâŚ
now without pointing the domain to one IP address⌠the firewall is automatically deciding which service to look for and sending wg connections to firewall and sip connections to pbx server.