Home > Asterisk, networking, pfsense > Using pfsense with remote sip phones

Using pfsense with remote sip phones

pfsense by default only allows one sip registration to be active at a time on a protected LAN. The siproxd extension allows multiple phones to coexist happily, but it is a little confusing to set up. Here is what works the best from my testing:
Firewall: Rules: WAN = none for SIP or RTP

Firewall: NAT: Port Forward = none

Firewall: NAT: Outbound = Manual Outbound NAT, using default rule with NO Static Port mapping

Reboot the pfsense machine

UPDATE: siproxd is not necessary for multiple sip reigsrations to work! The above should be adequate.

Install the siproxd package from the System:Package Manager page on the pfsense admin page.

Services: siproxd: Settings = Inbound to LAN, Outbound to WAN, Port to 5060. Expedited Forwarding on.

Reboot the pfsense machine

I am including some screenshots to help.

Click on the “e” to edit the rule.

siproxd settings:

Categories: Asterisk, networking, pfsense
  1. cbuechler
    January 21, 2010 at 12:43 am

    You probably don’t need the siproxd package in this case. That’s generally only necessary if you can’t rewrite the source port on your SIP traffic (which is what you’re doing with the outbound NAT, so that works with your provider).

    The proper configuration depends on how your provider is setup. Some will require siproxd, some are fine with just outbound NAT to rewrite the source port, but that breaks other providers. The 3 things to look at for VoIP issues are here: http://doc.pfsense.org/index.php/VoIP_Configuration

    There is no one configuration that works for everything, unfortunately. Some require IPs within SIP packets to be rewritten (which is what siproxd does), some require the source port to not be rewritten (the default), some require the source port to be rewritten (what you describe above with outbound NAT).

    • January 22, 2010 at 1:24 pm

      You’re correct. I tried again on a different lab setup and it looks like just changing the NAT outbound rule and rebooting was adequate for sip registrations to work properly. Now if I can just get tftp to work through the pfsense…

  1. March 31, 2012 at 8:33 pm

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: