Messages

hm. log looks correct for me now. may be its time to packet capture and look on traffic at pbx port?

Hey Fright thanks for the help, the issue was with the freepbx server, once I disabled the firewall it started allowing the traffic

I think I've pulled the rules, I've attached them.

I'll update the rule again to allow any.

So I've updated the rule, but my phone doesn't ring, live view is allowing the traffic but I'm getting a pfTop still saying no traffic single

Hi Fright please see the below:

what's in PBX_ports alias? Please see https://imgur.com/a/wKXyVce
do you want to allow access only for voip_sip_provider? Yes
(current rule for surevoip should not work afais)
can you enable looging on port forwading rules to see allowed packets? I have enabled logging however I can't figure out where to find the log files for the rule could you tell me where they would be so I can upload?
what IPs is hidden on Live View screenshot?The source was my VOIP, servers IP, the destination on the block ones were my WAN IP

Hello OPNSense forum how are you doing? It seems I managed to get my firewall to allow traffic to my freepbx server, unfortunately I didn't lock it down to only my SIP provider, now my got completely spammed, think I had over 1703 calls by the time I checked. In a panic and whilst on my phone I was meant to disable the rules instead I deleted it -.- and didn't backup the config.

I've recreated the rules to what I thought they would be, I can see on my WAN traffic is being allowed but my freepbx server isn't showing any logs on the console of the calls and it doesn't ring on my IP phone or on the phone I'm dialing my landline. Before I rebuilt the freepbx server I just want to QC my rules encase it was a stupid mistake I've made and over looked something. I see on pfTop they are being dropped and I'm trying to figure out why.

Here is my firewall rules and live log view https://imgur.com/a/E4RuPEB

pfTop:

Code Select Expand


Up State 1-200/576, View: default, Order: source port
PR DIR SRC DEST STATE AGE EXP PKTS BYTES

udp In SIP-IP:5060 10.1.1.6:5060 NO_TRAFFIC:SINGLE 00:00:07 00:00:26 4 3572
udp Out SIP-IP:5060 10.1.1.6:5060 SINGLE:NO_TRAFFIC 00:00:07 00:00:26 4 3572


Code Select Expand

Int Proto Source -> Router -> Destination State
all udp 10.1.1.6:5060 (WAN-IP:5060) <- SIP-IP:5060 NO_TRAFFIC:SINGLE
all udp SIP-IP -> 10.1.1.6:5060 SINGLE:NO_TRAFFIC

Thanks, Leprejohn

Hello, OPNSense forums, I've been trying to fix an issue with my SIP trunk provider for my VOIP phone and I seem to be having alot of issues with the rules being blocked.

I have no idea why it's being blocked to the default rule I've added pictures off all of my rules below:

https://imgur.com/a/LvJHfjp

Sorry to bump an old thread.

I'm also facing the same issue, SIP being blocked by the default rule, when I run a packet capture it looks good

Code Select Expand

Interface Capture output
WAN
hn0 17:19:25.796754 IP 185.26.240.4.5060 > 188.223.75.170.5060: UDP, length 887
WAN
hn0 17:19:26.296327 IP 185.26.240.4.5060 > 188.223.75.170.5060: UDP, length 887
WAN
hn0 17:19:27.397625 IP 185.26.240.4.5060 > 188.223.75.170.5060: UDP, length 887
WAN
hn0 17:19:29.397009 IP 185.26.240.4.5060 > 188.223.75.170.5060: UDP, length 887
WAN
hn0 17:19:33.395182 IP 185.26.240.4.5060 > 188.223.75.170.5060: UDP, length 887

Did you manage to get your SIP fixed? If so how? As my SIP trunk provider gave me a SIP proxy address.

Hello everyone, how are you all doing? I'm having an issue with my VOIP server, it is not getting inbound/outbound calls.

I've created inbound and outbound NAT rules to for the ports needed but it still doesn't seem to be working. I spoke to my SIP truink provider and they are blaming firewall issues.

I would like to throw my freePBX server onto the DMZ to test to see if once added to DMZ if my number will ring.

Thanks, John

Hi, I just thought to update the thread, I could not figure out what was wrong, as the opnsense VM was able to get an DCHP IP on the vlan when my ISP router was connected, once I flipped to the pass-through modem I could not get an IP address.

I tried with both ESXI and Hyper-V with the same setup WAN adapter setup with the tagged VLAN, both worked when I changed the ISP router to the modem and was able to get an external IP.

So I've decided to go back to hyper-v instead of proxmox as this setup is working :)

Thanks, LepreJohn

Hello opnsense forum. how are you all doing? I've been trying to get PFSense working with my draytek 130 modem (ISP is Sky UK).

I was pointed towards the direction of opnsense, which I've got to say looks pretty good so I've decided to give it a try, I've managed to get it working on bare metal with using the sky username and password, using a 4 port NIC.

However as I want to install the VM on my proxmox server, as then I could fail it over to a different host if I'm taking down a server which is something I would love to do.

However when I tag the VLAN on WAN port with only 1 NIC, even with the 4 port NIC I still was unable to get an external IP. So I was hoping to reach out and get some advice.

Thanks, LepreJohn