[WXC/VFX] Incoming calls from SIP trunk failing

Forums › One NZ (including Farmside) › [WXC/VFX] Incoming calls from SIP trunk failing

breakaway

112 posts

Master Geek
+1 received by user: 5

#144160 9-May-2014 10:36

I've moved my Raspberry PBX to a VMWare VM PBX using PBX in a Flash. So far so good - I've got inter-extension calling, outgoing calling etc working great, however I am not able to get incoming calls working, despite replicating settings in the webGUI exactly what my old RaspBX was setup as.

I've got the following ports forwarded to my PBX in a Flash VM

10000 - 20000 TCP & UDP
5000 - 5500 TCP & UDP

And yet when I tail the asterisk logs with maximum verbosity and make a call from my cell to my number, I get "the party you are trying to reach is unavaialble". At the same time I'm not seeing anything at all in the asterisk logs at all (as in the system is completely idle). I believe if the issue was with my inbound routes or something like that I'd see something in there.

At this point it looks like WxC's end is unable to reach my PBX at all. On closer look at the PBX, I am getting a "STATUS = REQUEST SENT" for SIP registration, and not "REGISTERED" as it should show. What gives?

grudge

266 posts

Ultimate Geek
+1 received by user: 26

#1040727 9-May-2014 11:15

PM me your IP or Phone number and I'll see what's happening.

breakaway

112 posts

Master Geek
+1 received by user: 5

#1040776 9-May-2014 12:35

Done -- cheers!

grudge

266 posts

Ultimate Geek
+1 received by user: 26

#1040790 9-May-2014 12:46

Actually seeing the INVITE's from WXC to your endpoint time out (pm'd you a ladder map). If your ASTERISK box is not seeing the inbound invite at all i'd look upstream from that to make sure that your router/nat is passing the traffic properly. The INVITE is sent over port 5060 to your end. Can your router see anything passed over this port ? May also pay to look at disabling SIP ALG on your router if it has it as a feature.

What is your setup ?

breakaway

112 posts

Master Geek
+1 received by user: 5

#1040861 9-May-2014 14:54

Hi,

I'm running a pfSense and to the best of my knowledge there is no SIP/NAT ALG features in it.

Here's a topology diagram: http://i.snag.gy/d0fZN.jpg

And here's a screenshot of my port forwards: http://i.snag.gy/9f2p2.jpg

grudge

266 posts

Ultimate Geek
+1 received by user: 26

#1040869 9-May-2014 15:02

That looks good as far as I can tell.

Perhaps go over this page to see if any of the information there will help :

https://doc.pfsense.org/index.php/VoIP_Configuration

Or rather this may be more helpful :

https://doc.pfsense.org/index.php/Asterisk_VoIP

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1040891 9-May-2014 15:36

You should never under any circumstances have any port forwards for SIP. It's not a matter of if you'll get hacked, it's when.

If you can't explain why you need them, you don't..

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

ubergeeknz

3344 posts

Uber Geek
+1 received by user: 1041

Trusted

Vocus

#1040893 9-May-2014 15:38

Indeed, at least pin those rules down to the proxy/sbc addresses of your chosen provider...

breakaway

112 posts

Master Geek
+1 received by user: 5

#1040942 9-May-2014 17:14

Ok I finally got the SIP trunk "registered", inbound calls work.

Fixed it by enabling static port mapping: http://i.snag.gy/zIQ38.jpg

And I'm aware that having 5060 forwared to the world is dangerous, I was just doing it in testing.

Ragnor

8279 posts

Uber Geek
+1 received by user: 585

Trusted

#1041759 11-May-2014 16:32

Looks like you figured it out, yes in pfsense you need to enable static mapping, in other devices/software it's often called consistent NAT or 1:1 NAT.