Netgate SG-1000 microFirewall

Author Topic: VoIP b/t subnets - audio problems  (Read 2184 times)

0 Members and 1 Guest are viewing this topic.

Offline SpaceBass

  • Full Member
  • ***
  • Posts: 135
  • Karma: +2/-0
    • View Profile
VoIP b/t subnets - audio problems
« on: August 11, 2006, 08:13:21 am »
Hey folks,
Recent convert from a linux based system and I'm having some issues with a VoIP setup.

My voip server, Asterisk, is on my lan, along with my hard-wired voip phones.

I have opt2 setup as a wlan with an open AP (no security) for some WiFi phones that don't support WPA.

I created a virtual IP (10.1.2.40) on opt2 and a 1:1 nat to the VoIP server (10.1.1.40). There are, for the sake of testing, two rules that allow both wifi phones to pass any proto on any port to the asterisk server (10.1.1.40).

Nevertheless I'm still having issues. If I call from the LAN (hardwired voip phone) to the wifi phone on opt2 I get 2 way audio. If I call from the WiFi phones I get no audio.

Audio, fyi, travels on UDP b/t ports 10,000 - 20,000 .

Anyone have any suggestions?

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +7/-2348
    • View Profile
    • pfSense
Re: VoIP b/t subnets - audio problems
« Reply #1 on: August 11, 2006, 01:01:17 pm »
Search the forum for the static port option.  It fixes the problem 99% of the times.

Offline SpaceBass

  • Full Member
  • ***
  • Posts: 135
  • Karma: +2/-0
    • View Profile
Re: VoIP b/t subnets - audio problems
« Reply #2 on: August 11, 2006, 02:20:28 pm »
Thanks for the tip!
I've been reading up and I guess I'm still missing something.

I've tried creating two outbound nat rules:

WAN        10.1.2.70/32      any port, any destination, any nat
static port =YES
LAN    10.1.4.70/32      any port, any destination, any nat
static port =YES

where 10.1.2.70 is the wifi phone on opt2
and   10.1.1.40 is the Asterisk PBX on LAN

still only getting audio in one direction.

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: VoIP b/t subnets - audio problems
« Reply #3 on: August 12, 2006, 02:18:17 pm »
NAT is making problems with a lot of VOIP implementations as long as you don't have any kind of proxy or STUN server. I would suggest setting this up without NAT and simply route between OPT and LAN. If you want to add some security to your unsecured accesspoint enable captive portal at the ap interface and add the macasresses of your voipphones as passthrough macs.

Offline SpaceBass

  • Full Member
  • ***
  • Posts: 135
  • Karma: +2/-0
    • View Profile
Re: VoIP b/t subnets - audio problems
« Reply #4 on: August 18, 2006, 08:45:31 am »
NAT is making problems with a lot of VOIP implementations as long as you don't have any kind of proxy or STUN server. I would suggest setting this up without NAT and simply route between OPT and LAN. If you want to add some security to your unsecured accesspoint enable captive portal at the ap interface and add the macasresses of your voipphones as passthrough macs.
Thanks for the suggestions!
Unfortunately captive portal just isn't secure enough, it would be trivial to spoof the MAC and gain access.
I'll keep playing and see what I can come up with. I still think there might be a solution with static ports, just need to figure out how that works.