Persistant Incoming Call Failure Issue

[chpalmer]

Hi Russ:

Ive successfully used pfSense as my routers in several locations including any customer I have. Right now I use three different numbers here at my house, one at the office and one of my customers has a number from Voipo behind her pfSense router which I admin.

The reason your audio is hit and miss comes down to the way SIP and audio are handled with this system. SIP connects to (in the case of Voipo byod) sip.voipwelcome.com but the audio may be coming direct from one of the carriers that Voipo uses. The great thing about this setup is that your RTP or audio is probably coming from a server very close to your location thus latency is reduced over other setups which might use the same server for SIP and RTP.

The drawback is that firewalls don't like what they feel is unsolicited traffic from a strange server (RTP) and thus they block the traffic.

Your using a PAP2. I have one here as well and it works flawless.

First thing I want you to do is to delete any port forwards to your PAP2.

Delete the WAN rules if they do not automatically delete with your NAT rules. We are going to start over.

You should know your ATA's IP address by heart at this point with all your troubleshooting.

YOU DO NOT NEED TO PORT FORWARD WITH pfSense! All the information the SIP server needs is sent to it via your ATA registration.

1. Create a WAN rule with UDP Source 67.228.182.2 (sip.voipwelcome.com) port 5060 (or whatever your pointed at) Destination (your PAP2 LAN address) port 5060 (or whatever have set under port on the ata).
hint- you can find all the port info on the vpanel under connected devices. And yes I do mean your PAP2 LAN address in case your not familiar with WAN rules with pfSense.

2. Restart the ATA. Try and make a call while watching the firewall logs. You should see blocked traffic trying to reach your ATA's RTP ports Linksys default is 16384 - 16482.
hint- I see some from 174.36.46.0/23 and others from 67.228.190.129/25 here on my router. You might see from others.

3. Create a WAN rule with UDP source 174.36.46.0/23 (sub the RTP server you are seeing try and connect here.) port * Destination (your PAP2 LAN address here) 16384 - 16382.

4. Duplicate the last rule for RTP servers as you find them trying to connect. My guess is your will only find one or two RTP servers trying. Sometimes they do change and you will need to be vigilant or-

You could just open up your RTP source to the whole world by using source any/any but Id recommend locking it down. Just takes a little work. If your need screenshots let me know and Ill post some on my server for you.

In my case I did set outbound NAT for my ATA's as static port. I do not believe you need to do this but it is something to keep in mind.