Thanks Larry Yes our IPSec rules are very open, essentially allow all over ipsec. The strange thing is VOIP works well on the other remote sites and a voip phone pointing back to the private ip of voip server at the main site. Its just this site that I am having trouble with, the only difference I am having is that this remote site has another pfSense box at it. Gavin
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Larry Sampas Sent: 06 February 2012 12:03 To: pfSense support and discussion Subject: Re: [pfSense] PFsense to PFsense IPSEC VPN and VOIP I'm assuming your VOIP is using SIP and generally uses ports 5060 and 5061. Registration and call control goes over those ports. If your range of RTP ports is blocked (usually a wide range of ports like 10000-20000) then you will not hear any voice. I believe pfSense 2.1 has all ports blocked on ipsec remote LANs by default. Did you open it? If you're using Asterisk for VOIP, then you'll need to add the remote network's internal IP range to /etc/asterisk/sip_nat.conf if you're doing NAT with SIP. Each non-NATed network needs to be listed there get voice traffic going. (In FreePBX, it's in advanced SIP settings.) Larry On Mon, Feb 6, 2012 at 3:44 AM, Gavin Will <gavin.w...@exterity.com<mailto:gavin.w...@exterity.com>> wrote: Hi there, I have a PFsense box at our main site with ipsec vpns to 2 other sites with different firewall / routers (Draytek and Zywall) at the remote sites there is a voip phone going back to our main office across the VPN with the private internal ip of the VOIP server. This works fine. I have another new site that has another pFsense box and the ipsec VPN back to the main office (pfSense again) Routing and firewall rules are correct and I can access both networks fine. The voip phone registers and can make a call but both ends cannot hear each other each other. I'm confused with this, since the vpn is up and traffic appears to flow OK. Im aware of the rules you need to set the outbound NAT to Manual but this would only apply to stuff from the WAN and not Ipsec. I'm going to do a packet capture but any ideas? Gavin _______________________________________________ List mailing list List@lists.pfsense.org<mailto:List@lists.pfsense.org> http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
