1
18.1 Legacy Series / SIP Phones: TFTP not working
« on: March 05, 2018, 06:22:53 am »
Hello,
We installed OPNSense at a client who have SIP phones but the phone server is remote and the phones get their provisioning via TFTP.
I haven't been able to find any OPNSens-specific posts, but have found a few for pfSense, most of whc=ich mention enabling a TFTP NAT helper, but I don't see the option in OPNSense.
Another suggestion was to (also) create an Outbound NAT rule for TFTP, which I created as follows (I enabled Hybrid outbound NAT rule generation):
Interface: PHONES
TCP/IP Version: IPv4
Protocol: UDP
Source Address: Single host or Network -> 10.15.2.0 /24
Source Port: any
Destination address: any
Destination port: TFTP
Static-port: Enabled
I saved, applied settings, and for extra good measure rebooted (it was suggested by others with pfSense that they had to reboot for their manual Outbound rules to take effect), but TFTP times out.
To test this, because I don't have access to the remote phone server, I setup TFTP on one of my servers and confirmed I could download a test file via TFTP from my home PC to verify the server works. I setup a Linux server on the phone subnet and am testing TFTP from there, and that is where I am seeing the time outs.
Is there anything else i might be missing?
Thanks! :-)
We installed OPNSense at a client who have SIP phones but the phone server is remote and the phones get their provisioning via TFTP.
I haven't been able to find any OPNSens-specific posts, but have found a few for pfSense, most of whc=ich mention enabling a TFTP NAT helper, but I don't see the option in OPNSense.
Another suggestion was to (also) create an Outbound NAT rule for TFTP, which I created as follows (I enabled Hybrid outbound NAT rule generation):
Interface: PHONES
TCP/IP Version: IPv4
Protocol: UDP
Source Address: Single host or Network -> 10.15.2.0 /24
Source Port: any
Destination address: any
Destination port: TFTP
Static-port: Enabled
I saved, applied settings, and for extra good measure rebooted (it was suggested by others with pfSense that they had to reboot for their manual Outbound rules to take effect), but TFTP times out.
To test this, because I don't have access to the remote phone server, I setup TFTP on one of my servers and confirmed I could download a test file via TFTP from my home PC to verify the server works. I setup a Linux server on the phone subnet and am testing TFTP from there, and that is where I am seeing the time outs.
Is there anything else i might be missing?
Thanks! :-)