OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: guest14952 on August 02, 2018, 08:49:42 pm
-
after updating to 18.7 my voip phone is unable to register ("time out") to the provider/sip server.
the outgoing connection is made via a simple static port (sip and rtp) mapping from the internal ip;
packets are still going out to the external server (sip and stun ports), but no result.
if not static port mapping, could the use of firewall alias and nat or dnsmasq the problem?
thanks
-
This seems odd. Could you provide us with the /tmp/rules.debug files from 18.7 and 18.1 where it worked? You could use the 18.1.6 image to import and boot live so you don't lose / have to redo your installation.
Please send them to project@opnsense.org for analysis.
Thanks,
Franco
-
thanks for your reply, until now i tested configurations with working dnsmasq and unbound dns.
Result 18.1 working ; 18.7 fail, so it seems not the "127.0.0.1 bind to lan, localhost" issue which was
mentioned in other threads.
the firewall log shows for
18.1.13
filterlog: 83,,,0,pppoe0,match,pass,out,4,0x0,,63,16914,0,none,17,udp,32, <wan ip> , <provider ip>,5060,5060,12
18.7
filterlog: 80,,,0,pppoe0,match,pass,out,4,0x0,,63,49592,0,none,17,udp,620,<internal ip voip phone 192.168.x.x> , <provider ip>,5060,5060,600
... so is the NATing with static port different in 18.1/18.7 ?
If there is no easy one click and everything solved solution, i will send you the debug files.
-
update / status quo
after some tests (thanks for support franco) it looks like an firewall bug aka regression
it is not linked directly to voip, but the aforesaid assumend disfunctional nat with static ports caused the failed voip connection.
In the web gui everythings looks fine, but if you look in /tmp/rules.debug you will find
in 18.1: nat on pppoe0 inet proto udp from <192.168.x.x> port $VoIP_Ports to any -> pppoe0:0 static-port # Voip out
in 18.7: # nat on pppoe0 inet proto udp from <192.168.x.x> port $VoIP_Ports to any -> pppoe0:0 static-port # Voip out
so activate the row again and reload the rules manually: pfctl -f /tmp/rules.debug
of course this is not 'reboot safe', but you can change it
actually (i suppose this will soon superseded) here is a patch from the developers, which does at least the job for my config
opnsense-patch c76006cd5
if not or serious problems go back to original 18.7
opnsense-revert opnsense