Hello,
I have a Cisco SPA112 VoIP to connect my analog phone to my provider SIP
system. Recently I replaced my Linux based (Fritzbox) with a OpenBSD 6.4
firewall. The firewall is connected to a vDSL modem and performs NAT for
outgoing IPv4 connection. The connection to the SIP server from the SPA112 is a
IPv4 with NAT via UDP port 5060. The connection works and I can see the NAT in
the state table. I have configured NAT-Keepalive on the SPA112 to keep the
state open. After 24 hours my provider terminate my connection and after
established a new connection the firewall has a new public IPv4 address.
After this change the SPA112 can't longer communicate to the SIP server because
it's still using the old state with the old public IPv4 address. If I deleted
the state manually on the firewall the force the SPA112 to register again it
works. The SPA112 has also an automatism to re-register after 60 minutes. But
without deleting the state the SPA112 will use again the old state/connection.
>From my point of view the SPA112 should use a new connection for the
>re-register or at least a new connection, if it detects the lost of the
>previous registration. But this problem doesn't exist with the old Linux based
>firewall. I can also see a lot of other NAT entries in the state table with
>the old public IPv4 address. Is there a feature of pf to delete all NAT
>entries with the no longer existing public IPv4 on a address change?
Best Regards,Patrick