Maybe I do not understand…
So you are telling me that I need to set back my RTP ports from 10000 to 20000 (in Freepbx settings, Freebox and pfsense router)… Right ?
No. I am not saying you have to. I am explaining how it works. The provider doesnt tell your what RTP ports you should use on your side.
To get a general idea where to look for the problem:
- On a failed call, does the caller hear the hold music?
- If so, do calls answered on ext. 1027 sometimes fail?
As someone already pointed out - the RTP ports for each direction are entirely at the control of the “sending” end. If you specify that your RTP ports are set to something, anyone that wants to send audio to you has to send them on those ports.
1 - Yes ! The caller can hear the hold music.
2 - Yes… They also fails.
But what is surprising, is that I can hear the agent announcement.
Due to the comments about RTP ports, I have modified the settings and put them back on the Freepbx range 10000-20000 and of course changed the settings in the box and pfsense too.
You probably already done this, but have you made sure that you configured static nat port mapping on pfsense, as recommended by them for a VoIP server behind pfsense using nat?
I do not know if you’ve already solved this or not, but it sounds eerily similar to an issue I fought with for over a year. EXACTLY the same condition - inbound calls only, intermittent, no pattern, caller calls back right away & it’s fine. Our callers could hear something back, but it was in no way comprehensible. It was also not reproducible, happening sometimes only a few times a week. Call recordings on our system were clean.
What I ended up doing is getting a cheap 5-port managed switch and configuring it with port mirroring to basically turn it into a network tap, then put this between our router and modem. A laptop was set up to save all the traffic being dumped from this tap, recycling drive space after it reached 100 gig with each segment broken up in 100 meg chunks. (Be sure to have NTP running both on your PBX & the laptop or be prepared to pull your hair out trying to find what you’re looking for… don’t ask me how I know this. )
This allowed me to use wireshark to reconstruct the RTP streams from the packet capture files as they were when they left our network. I gave this to our SIP provider to prove that the issue wasn’t on our end. They ran a packet capture on their system and when another call with poor call quality happened, confirmed that the audio was leaving their system clean. They then contacted their provider and after much back-and-forth, that provider changed something that eliminated the issue. (They SAID that they just took a trunk down & brought it back up, but I don’t really believe that’s all they did…)
Note - there is a LOT more that I did which isn’t in here… different ISPs, QoS, different paths, data center vs direct out, etc, etc, etc. The above is what worked to isolate it and get it solved. Had I done this to begin with, it would’ve been a 2 month project to get fixed with our provider rather than our having to put up with it for over a year. Hindsight’s 20/20 though…
Got again the one way issue with full login
Here is the full log
1009 : is the AASTRA extension where from I get the call when I’m at office.
192.168.20.104 : local IP of the AASTRA SIP phone
192.168.20.246 : local IP of the freepbx
91.131.129.x : public IP of OVH (SIP account), where the call comes from.
0033428297892 : the SIP account line number
0478520435: the number dialed by the caller (number associated to the OVH SIP account)
0603236666 : caller number
In the case of this log, I was trying to answer the call from 1009.
RTP port range is now 10000-20000
pfsense settings are according thoses settings
Any help ?
Till have the issue…
PFSense has been known to mess with the system. Check back through the forums for more information and perhaps some extra insights.
When an incoming call comes in, the audio is sent to your PBX on a port between 10000 and 20000 “cold” and without your machine’s setting up for it, unless the firewall messes with it. If your firewall is not set up to forward this traffic to your PBX, the initial audio stream will not connect. One thing you can try is putting the call on hold and seeing if that changes any of the symptoms. If it does, it’s a simple matter of the initial RTP traffic not making it to your PBX.
I already did thoses settings…
But OVH (SIP provider) gave me thoses settings :
UDP session life time >= 180 seconds -> Done !
Allow UDP from/to 18.104.22.168/24 -> Done !
Allow UDP from/to 22.214.171.124/24 -> Done !
SIP (UDP) ports to allow : 5060, 5080 & 5962 -> Done !
RTP (UDP) range to allow : 30000 to 40000 -> Done,
Deactivate ALG SIP -> Done !
And I already add thoses :
RTP (UDP) range to allow : 10000 to 20000 -> Done,
Is there an issue whith the 2 RTP ranges ? I’m a little bit confuse…
Have you set up your firewall to forward UDP packets in the 10000-20000 port range to your PBX? Allowing them through isn’t enough - you have to help direct the start of the stream to the PBX. Also, changing your Firewall to allow ports 10000-20000 instead of 30000-40000 should help.
Yes… I did all !
As you understand, I have double NAT (WAN -> Freebox -> pfsense -> Freepbx).
The settings are
Allow UDP from/to 126.96.36.199/24 redirected to pfsense
Allow UDP from/to 188.8.131.52/24 redirected to pfsense
SIP (UDP) ports to allow : 5060, 5080 & 5962 redirected to pfsense
RTP (UDP) range to allow : 30000 to 40000 redirected to pfsense
Deactivate ALG SIP
RTP (UDP) range to allow : 10000 to 20000 redirected to pfsense
In pfsense - Inbound
All SIP (UDP) ports 5060, 5080 & 5962 redirected to Freepbx
All RTP (UDP) range 30000 to 40000 redirected to Freepbx
All RTP (UDP) range 10000 to 20000 redirected to Freepbx
In pfsense - outbound (Manual Outbound NAT rule generation)
All UDP from IPBX allowed to got to WAN
In Freepbx - In trunk
UDP session life time (defaultexpiry) = 3600 seconds
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.