SIP Calls not passing audio under one specific condition.

Dashrender

@JasGot said in SIP Calls not passing audio under one specific condition.:

@scottalanmiller said in SIP Calls not passing audio under one specific condition.:

@Dashrender said in SIP Calls not passing audio under one specific condition.:

I'm guessing I don't have a hairpin issue because there is no NAT on Vultr instances.

Exactly. Rod and I said the same thing. Our PBX has a public IP address (as does yours) so it sends the call right back to itself without a problem.

The pbx in question is behind NAT.

You're firewall needs to support hairpin, would be my guess.

JasGot

@Dashrender said in SIP Calls not passing audio under one specific condition.:

You're firewall needs to support hairpin, would be my guess.

It does, and it is configured properly.

What do you know about SIP Transformations. This looks like it could be helpful. The PBX is the only SIP client behind the firewall. So the test should be quick and easy. I've always read to keep SIP Transformations OFF on sonicwall, but I've never read if that applies to onprem PBX or hosted PBX.

From Sonicwall:
If your SIP proxy is located on the public (WAN) side of the SonicWALL and SIP clients are on the LAN side, the SIP clients by default embed/use their private IP address in the SIP/Session Definition Protocol (SDP) messages that are sent to the SIP proxy, hence these messages are not changed and the SIP proxy does not know how to get back to the client behind the SonicWALL. Selecting Enable SIP Transformations enables the SonicWALL to go through each SIP message and change the private IP address and assigned port.

scottalanmiller

@JasGot said in SIP Calls not passing audio under one specific condition.:

@scottalanmiller said in SIP Calls not passing audio under one specific condition.:

@Dashrender said in SIP Calls not passing audio under one specific condition.:

I'm guessing I don't have a hairpin issue because there is no NAT on Vultr instances.

Exactly. Rod and I said the same thing. Our PBX has a public IP address (as does yours) so it sends the call right back to itself without a problem.

The pbx in question is behind NAT.

That was my point, I just didn't explain it well. Without NAT, this just works. Meaning, it's NAT configuration that's the issue.

scottalanmiller

@JasGot said in SIP Calls not passing audio under one specific condition.:

I've always read to keep SIP Transformations OFF on sonicwall, but I've never read if that applies to onprem PBX or hosted PBX.

Well the first rule is to not have SonicWall, lol. Number one killer of SIP traffic out there. I've never seen any case where their SIP Transformations work (nor, in theory, should it ever be needed.) It's worth testing in this scenario, nothing to lose, but it feels unlikely to help by turning it on.

scottalanmiller

@JasGot said in SIP Calls not passing audio under one specific condition.:

From Sonicwall:
If your SIP proxy is located on the public (WAN) side of the SonicWALL and SIP clients are on the LAN side, the SIP clients by default embed/use their private IP address in the SIP/Session Definition Protocol (SDP) messages that are sent to the SIP proxy, hence these messages are not changed and the SIP proxy does not know how to get back to the client behind the SonicWALL. Selecting Enable SIP Transformations enables the SonicWALL to go through each SIP message and change the private IP address and assigned port.

Seems like it would not help if that's what it is supposed to be doing.

dbeato

@JasGot One thing I know from working with Sonicwalls at least 12 years is that SIP Transformations are usually not needed. Consistent NAT is what I have had to use mostly and increasing the UDP Timeout on the firewall rules.

In your case the Loopback is usually created automatically on Sonicwalls when using the Public Server Wizard.

JasGot

@dbeato
Two things I see that may be worth testing are 1) Consistent NAT, and 2) putting the public IP in the PBXs SDP field

Here's a comment I found in an article about Sonicwall and SIP.

By default, SIP clients use their private IP address in the SIP Session Definition Protocol (SDP) messages that are sent to the SIP proxy. If your SIP proxy is located on the public (WAN) side of the SonicWALL security appliance and SIP clients are on the private (LAN) side behind the firewall, the SDP messages are not translated and the SIP proxy cannot reach the SIP clients.

JasGot

Finally resolved by modifying the loopback rule in the router.
Key was to check this setting: "Disable Source Port Mapping"

Allowing Source Port Mapping caused the router to re-write the source ip and port to the internal address. The SIP Carrier had no way to locate the internal address.

dafyre

This post is deleted!

dbeato

@JasGot That is good to know.