OPNsense Forum

English Forums => 18.7 Legacy Series => Topic started by: kleineMocke on August 02, 2018, 08:49:42 pm

Title: VoIP issues after update 18.1.13 -> 18.7
Post by: kleineMocke on August 02, 2018, 08:49:42 pm
after updating to 18.7 my voip phone is unable to register ("time out") to the provider/sip server.

the outgoing connection is made via a simple static port (sip and rtp) mapping from the internal ip;
packets are still going out to the external server (sip and stun ports), but no result.

if not static port mapping, could the use of firewall alias and nat or dnsmasq the problem?


thanks
Title: Re: VoIP issues after update 18.1.13 -> 18.7
Post by: franco on August 03, 2018, 09:48:29 am
This seems odd. Could you provide us with the /tmp/rules.debug files from 18.7 and 18.1 where it worked? You could use the 18.1.6 image to import and boot live so you don't lose / have to redo your installation.

Please send them to project@opnsense.org for analysis.


Thanks,
Franco
Title: Re: VoIP issues after update 18.1.13 -> 18.7
Post by: kleineMocke on August 03, 2018, 11:15:19 am
thanks for your reply, until now i tested configurations with working dnsmasq and unbound dns.

Result 18.1 working ; 18.7 fail, so it seems not the "127.0.0.1 bind to lan, localhost" issue which was
mentioned in other threads.

the firewall log shows for

18.1.13

filterlog: 83,,,0,pppoe0,match,pass,out,4,0x0,,63,16914,0,none,17,udp,32, <wan ip> , <provider ip>,5060,5060,12

18.7

filterlog: 80,,,0,pppoe0,match,pass,out,4,0x0,,63,49592,0,none,17,udp,620,<internal ip voip phone 192.168.x.x> , <provider ip>,5060,5060,600

... so is the NATing with static port different in 18.1/18.7 ?

If there is no easy one click and everything solved solution, i will send you the debug files.
Title: Re: VoIP issues after update 18.1.13 -> 18.7
Post by: kleineMocke on August 03, 2018, 07:46:02 pm
update / status quo

after some tests (thanks for support franco) it looks like an firewall bug aka regression

it is not linked directly to voip, but the aforesaid assumend disfunctional nat with static ports caused the failed voip connection.

In the web gui everythings looks fine, but if you look in /tmp/rules.debug you will find

in 18.1:  nat on pppoe0 inet proto udp from <192.168.x.x> port $VoIP_Ports to any -> pppoe0:0 static-port # Voip out
in 18.7: # nat on pppoe0 inet proto udp from <192.168.x.x> port $VoIP_Ports to any -> pppoe0:0 static-port # Voip out

so activate the row again and reload the rules manually:  pfctl -f /tmp/rules.debug

of course this is not 'reboot safe', but you can change it

actually (i suppose this will soon superseded) here is a patch from the developers, which does at least the job for my config
 
opnsense-patch c76006cd5

if not or serious problems go back to original 18.7

opnsense-revert opnsense