Flowroute & pfSense: NAT or VLAN, getting both to work

[Jim13]

I have FusionPBX running in my home office and I've never been able to get my software SIP clients to work on a different VLAN than my server. This past week I installed a new copy of FusionPBX and decided to bang on it for a few days. By removing -nonat and modifying the external_rtp_ip and external_sip_ip variables I could make my MicroSIP client work, or I can make Flowroute work, but not both. Failing would mean no two-way audio or terminating the call after 32 seconds.

This afternoon I spent some time reading the freepbx documentation and I discovered the -nonatmap option (in /etc/default/freeswitch). This basically tells Freeswitch not to attempt to use UPnP, but to still support NAT. Then I changed the external_rtp_ip and external_sip variables to autonat:<my external IP> only in the external SIP profile, not under Advanced Variables.

And it worked. I can make outbound and inbound calls to/from MicroSIP, which is on a different VLAN from my FusionPBX server. I'm a hack at best and this might be old news to everyone, but hopefully this saves someone a few hours.

EDIT: I thought I had this resolved, but it stopped working the next day. My VLAN SIP clients are sending RTP traffic to my public IP, rather than the PBX on my LAN. I'm thinking I need to setup another SIP profile just for internal traffic, but for now I'll move my SIP clients over to the same VLAN as the PBX.

 

[Jim13]

Apparently when a SIP phone is on a different network than the PBX it will default to sending traffic to the public IP of the PBX. So I had to allow traffic from my phone VLAN to the public IP of the PBX at the firewall. All is good now,