Behind firewall no audio either way

VitalPBX Community Support General Discussion Behind firewall no audio either way

  • Post
    nj44451
    Participant

    I have one phone system setup with VitalPBX using a public IP and no firewall and don’t have any audio issues.

    I setup another system using the same sip provider but this time behind a firewall and using a local IP address.

    I have all the correct ports open even tried it with the DMZ no luck.

    Codec are correct.

    Internal audio is fine. 

    Calls ring in but no audio either way.

    Under SIP/Network I have the Nat option set to force comedia and the external IP address in the text box. The local address is listed in the box below also.

    I have an IVR setup and even through that I have no audio as I was thinking it might be just the phones.

    Is there any other setting I can change that might address the issue?

    Can you use a DNS record instead of an ip address to help resolve the IP address.

     

    Thanks for any help anyone can give.

     

    Trent

    0
Viewing 12 replies - 1 through 12 (of 12 total)
  • Replies
    phil
    Participant
    Up
    0
    Down

    Hi There,

    The phones are OK if it works with no firewall.

    If the calls ring in with firewall but no audio the the SIP port is correct, but my guess is the RTP port is not matching on either Vitalpbx, firewall or the phones – you need a range – I use 10000-20000 on the RTP setup on vitalpbx, you need this through the firewall and also 10000 as the base range on the phone. You also want to make sure the firewall is setup correctly to stop anyone making calls through the pbx extension and via your trunk.

    HTH

    Phil

     

    0
    nj44451
    Participant
    Up
    0
    Down

    @phil

     

    The rtp is set at 10000-20000 I am now able to get audio from the IVR calling in once I added a stuns server in that same tab.

    I have the NAT set to force comedia and the external ip in the text box in the sip network box.

    Now the issue is I have audio internal but if the call rings to a phone there is still no audio.

     

    The phones are yealink T38 phones.

    Shoundn’t the audio be handled through the PBX? 

     

    Is there some other setting in the phones or firewall I need to set?

     

    Thanks,

     

    Trent

     

     

     

     

     

     

     

    0
    phil
    Participant
    Up
    0
    Down

    Hi Trent,

    Audio one way using a stun implies (to me) that the external IP was not being handled correctly.

    I am not sure what firewall you have and if you use a sip proxy.

    It also depends on the scenario – so you may have a cloud hosted pbx and your phones are in an office behind a firewall and your trunk is somewhere different – or you may have your pbx and phones local to the same lan behind the firewall and only the pbx needs to talk to the trunk.

    So first goto settings:sip settings:network

    I have the NAT entry NAT as force/comedia and the external IP as the public IP of the PBX

    Local networks i have both the private ip of the pbx and the private ip of the lan my phones are on

     

    Under settings:rtp settings

    I have rtp start 10000 and rtp end 20000 and nothing else

     

    My firewall allows ports tcp/udp 5060, 5061 and 10000-20000 from pbx public ip to my phone lan public ip

     

    Go to reports:pbx reports:status reports and then peers – you want to see the extension logged in and a status of OK -if its unreachable then the firewall is not correct – the host column should show the public ip of the phone lan

    My setup FWIW is VitalPX on AWS and 3 locations with different firewalls and phones behind the firewalls, my trunk provider is somewhere else – it can be done and done securely – opening it up without a firewall is not an option.

     

    HTH

    Phil

    0
    nj44451
    Participant
    Up
    0
    Down

    @phil

     

    The vitalPXB box and the phone are both on the same local LAN IP and subnet.

    The firewall has open the same ports as you mentioned it allows ports tcp/udp 5060, 5061 and 10000-20000 but these port are ported forwarded to the local IP of the vitalPBX box.

     

    The SIP provider does not have a proxy and they are on the outside of local the network.

     

    2 questions:

     

    You mentioned “ Local networks i have both the private ip of the pbx and the private ip of the lan my phones are on” so you have in there the a range of ip adress for the phones or added each one in the list?

     

    You mentioned also “My firewall allows ports tcp/udp 5060, 5061 and 10000-20000 from pbx public ip to my phone lan public ip”  So you mean you opened the ports to whole LAN versus just forwarding to the PBX?

     

    Thanks again for your help,

     

    Trent

     

     

     

     

    0
    nj44451
    Participant
    Up
    0
    Down

    @phil

     

    I took a screen shot of the Sip Peers the phone show up with there local ip.

     

    0
    phil
    Participant
    Up
    0
    Down

    ok, it could be the vitalpbx firewall under security – disable that on the same network.

    then allow tcp/udp 5060 from your sip trunk public ip to your firewall and port forward to vitalpbx. then allow world to udp 10000-20000 to firewall which is forwarded to your pbx.

    this ensures sip the connection control can only be setup by your local phones and also through the trunk. the rtp connection can then be handed off to any ip.

    if you have a trunk that has several ip’s they must all be in the firewall and forwarded to the pbx

    Settings:sip settings:network

    I have the NAT entry NAT as force and the external IP as the public IP of the PBX/phones lan

    Local networks i have the private ip of the pbx/phone lan eg: 192.168.1.0 

     

    try that 🙂

    0
    nj44451
    Participant
    Up
    0
    Down

    @phil

     

    Phil,

    I have all the setting you mentioned but I will check the security.  One question in the report for the peer should the phones be reporting their local IP address or the public IP for things to work correctly?

    I attached a picture for that above

     

     

    0
    phil
    Participant
    Up
    0
    Down

    Trent,

    The peer report will show the ip of the local lan if the pbx is on this, if the pbx is remotely hosted then it will show the wan ip of your firewall.

    Stun server does nothing magical except get your public wan ip which is great if you have a dynamic address.

    Its possible that your phones config is now incorrect – the sip server is the pbx ip of your lan. The rtp ports on your phone should also have a start port or a range this should start at 10000 or range 10000-20000.

    99% audio issues are RTP ports or firewall – disable the vitalpbx firewall as its on your lan behind your main router/firewall and double natting can be a problem.

     

    Yealink:
    The Local SIP Port setting will be found in the settings of most Yealinks under Account –> Advanced or under Settings –> SIP.
    Your Yealink’s Local RTP Ports will be found under Network –> Advanced
     
    You can test using the *70 date/time *72/echo
     
    Sounds like you are getting close – one way audio outbound seems simpler because the connection is being established by you, but when the inbound audio comes in on rtp, it either has the wrong ip (eg its using private instead of public or vice versa) or it has the right ip but the wrong port.
     
    This is where connecting now to the vitalpbx server console with ssh and running a debug on the sip will show the setup of the call and then when the data comes in what happens.
     
    If this is still not working I will take some screen shots of my setup, I have both a local same lan PBX and an AWS PBX with a single phone – two different trunks for each PBX and once its mapped out, it does work well. I use pfsense firewall with *no* siproxy and just port forwarding for my local PBX.
     
    LMK
    Phil
     
    0
    nj44451
    Participant
    Up
    0
    Down

    @phil

     

    Thanks for reply. Just to recap.

    PBX and phone on local network both behind firewall SIP provider outside.

    Firewall has ports 5060-5010 TCP/UDP forward to local IP of PBX

    Firewall has ports 10,000-20,000 forwarded to local IP of PBX

    firewall in PBX is off

    external IP is entered in text box in sip/network

    Nat set to force comedia in Sip/network

    PBX and phones IP are listed in the local IP address

    phones are using the local IP of the PBX and register correctly

    Phones have 10000-20000 for the RTP

     

    Currently I have audio if I call into the IVR I can hear the message.

    Internal calls on the phones work fine.

    So the  issue is if you call into a DID to an ext it rings but no audio either way.

    Have not tried outbound calls.

    I will take a look at your configuration once you send it.

     

    Also do you need to set the NAT setting in the EXT’s screen?

     

    Thanks again for your help,

     

    Trent

     

     

    0
    phil
    Participant
    Up
    0
    Down

    Hi Trent,

    I had to rebuild my internal pbx again and reconfigure the firewall – however it is working fine after some tweaking.

    I will try and get around to sending some screenshots of my config

    Are you still having issues ? are they the same issues ?

     

    Thanks

     

    0
    nj44451
    Participant
    Up
    0
    Down

    @phil

    Phil with your help I was able to get 2 locations up and running behind the firewall. The first of 3 locations I was working on is still not working but now  I have 2 good examples and now have narrowed it down to the SOHO firewall. So I am focused on the SOHO to get things up and running.

     

    Thanks,

     

    Trent

     

     

     

    0
    mo10
    Moderator
    none
    Up
    0
    Down
    Posted by: @nj44451

    Phil with your help I was able to get 2 locations up and running behind the firewall. The first of 3 locations I was working on is still not working but now  I have 2 good examples and now have narrowed it down to the SOHO firewall. So I am focused on the SOHO to get things up and running.

    Please give more details about your solution. Thank you

    0
Viewing 12 replies - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.