24.1 Sip Phone on Internet cannot contact FreePBX Voip server behind firewall

Started by Doyle13, February 23, 2024, 05:53:35 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 23, 2024, 05:53:35 AM
Hi -
I think I have an OPNsense issue not allowing sip traffic for softphones on the internet communicating in to a PBX on my LAN
I'm on 24.1.2_1

What works:
   • Zoiper phone  inside the Lan same LAN the freepbx box is on
   • Sip Trunk to Tynlex
   • Inbound calls to Zoiper phone on the Lan
   • Outbound from the Zoiper phone
   • IAX Zoiper on the internet communicating to the PBX on the LAN, Inbound and outbound
What doesn't work -
   • Registering Zoiper SIP phones outside the lan from the internet
   • Error is Request Timeout(408)
I'm really confused because the SIP Trunk works, Telnyx has given me sip.telnyx.com so I sort of assume it's using 5060

Firewall rules for port forwarding
   • 5060 TCP/UDP
   • 5061 TCP/UDP
   • 4569 TCP/UDP for IAX
   • 9000-20000 UDP

I looked at siproxd but it looks like it's for SIP phones going out of OPNSense, I'm trying to go in from WAN via OPNsense to get to the PBX.

I've been playing with settings on the phone, stun on and off, I tried setting 5060 up on the outbound NAT and I've tried cruising the internet for an answer.

Any suggestions?
Thanks.

Among other things I've tried:
https://forum.opnsense.org/index.php?topic=17960.msg81585#msg81585
https://forum.opnsense.org/index.php?topic=37730.msg184970#msg184970
February 24, 2024, 04:00:11 AM #1
I've confirmed that the issue is most likely the firewall.  With the help ar the freepbx boards I've run sngrep and confirmed that the initial registration request is being delivered, but nothing is coming back to the softphone.

I've agonized over every setting in https://forum.opnsense.org/index.php?topic=22149.0 honing in on the outbound NAT settings to no avail.
February 24, 2024, 04:09:59 AM #2
One more thing I've done, I set firewall optimization to conservative.
February 24, 2024, 09:49:22 AM #3
Please check https://forum.opnsense.org/index.php?topic=38961.0 if you are affected by the same.
February 24, 2024, 07:37:40 PM #4
Good call, thanks for the advice.  unfortunately at this time I"m not running any internet intrusion detection at this time.
Print
Go Up Pages1
User actions