I'm experiencing a very strange issue on OPNSense Business 25.10.2, running on a DEC750. I believe this was a problem also on previous versions, but I only disabled NetFlow just before upgrading to 25.10.2.
If I disable NetFlow (clear all interfaces, disable Capture Local, reboot), I can no longer make outgoing calls from my SIP phone. Incoming calls work fine. It remains this way until I re-enable NetFlow. I don't even need to enable it on my VOIP interface, it just needs to be enabled.
Looking at captured traffic, the client is sending large INVITE packets which are being fragmented. This happens both with NetFlow enabled and disabled. The only difference is that when it doesn't work (when NetFlow is disabled), there is no response from the server. It seems that the server is either silently dropping the packets, or they are not being delivered.
With NetFlow enabled, I get responses 100 Trying, 183 Session Progress, 180 Ringing.
With Netflow disabled, I get no responses, then client re-sends the INVITE, over and over until the call fails.
I have no static NAT rules, just Hybrid Outbound NAT, no SIP-specific OPNSense configuration whatsoever. I don't see any dropped packets in the firewall logs.
Any insight into this would be very appreciated.
Actually, I may have just found the issue. For some reason, I had unchecked "Disable hardware checksum offload" some time ago. Turning it back on fixes the SIP issues with NetFlow disabled.
Update: that's definitely it, I feel kinda stupid now for playing with settings like that and not trusting Deciso's default recommended settings.