Known Issues:

  1. VoIP configuration changes need to be made to prevent other VoIP-related issues.
  2. Response to WAN pings from our Call Quality Monitoring and Troubleshooting Servers needs to be allowed.

Resolution:

  1. Login to the firewall
  2. Click on Diagnostics > Edit File
    • Navigate to /etc/rc.php_ini_setup
    • Add the following entry: max_input_vars = 5000
      • If this entry is already present, then edit the value to that above.
  3. Click on Firewall > Alias > IP tab
    • Address Alias set 1.
    • Name: RTP_Blocks
    • Description: (optional)
    • Type: Networks
      • Please contact Intermedia to obtain the IPs that need to be whitelisted.
    • Address Alias set 2.
    • Name: Config_and_DNS_Servers
    • Description: (optional)
    • Type: Hosts
      • Please contact Intermedia to obtain the IPs that need to be whitelisted.
  1. Click on Firewall > Alias > Port tab
    • Port Alias Set 1.
    • Name: Communication_Ports
    • Description: (optional)
    • Type: Ports
      • Please contact Intermedia to obtain the ports that need to be whitelisted.
  2. Click on Firewall > Alias > All tab
    • Now we need to create an Alias Group for IP Alias’, this does not apply to the ports alias, as those were contained in a single alias group already.
    • With PFsense 2.0, were are allowed to use Alias names within an Alias to create a “Super Alias”, for lack of a better term.
    • Name: VoIP Addresses
    • Type: Leave this defaulted to hosts.
      • RTP Blocks
      • Configuration and DNS Servers
  3. Click on Firewall > WAN tab > click on the + icon to create 4 new WAN rules
    • Rule 1.
      • Action: Pass
      • Disabled: Leave this box unchecked
      • Interface: WAN
      • TCP/IP Version: IPv4
      • Protocol: ICMP
      • ICMP Type: any
      • Source > select the Type drop-down box > Single host or alias >
        1. Enter:  – <Add Network Information Provided by Intermedia>
      • Destination > select the Type drop-down box > select WAN address
      • Log: Leave this box unchecked
      • Description: Allow WAN pings from VoIP monitoring server
      • Click Save
      • On the next page, click Apply changes to allow the new rule to take effect.
    • Rule 2.
      • Action: Pass
      • Disabled: Leave this box unchecked
      • Interface: WAN
      • TCP/IP Version: IPv4
      • Protocol: ICMP
      • ICMP Type: any
      • Source > select the Type drop-down box > Single host or alias >
        1. Enter: – <Add Network Information Provided by Intermedia>
      • Destination > select the Type drop-down box > select WAN address
      • Log: Leave this box unchecked
      • Description: Allow WAN pings from VoIP monitoring server
      • Click Save
      • On the next page, click Apply changes to allow the new rule to take effect.
    • Rule 3.
      • Action: Pass
      • Disabled: Leave this box unchecked
      • Interface: WAN
      • TCP/IP Version: IPv4
      • Protocol: UDP
      • Source > select the Type drop-down box > Single host or alias > Enter: VoIP Addresses
      • Source Port Range:
        1. From: Communication_Ports
        2. To: Communication_Ports
      • Destination
        1. Type: LAN net
      • Destination Port Range
        1. From: Communication_Ports
        2. To: Communication_Ports
      • Log: Leave this box unchecked
      • Description: Inbound communication from VoIP Servers
      • Advanced Features:
        1. Diffserv Code Point: set to ‘af43.
      • Click Save
      • On the next page, click Apply changes to allow the new rule to take effect.
    • Rule 4.
      • Action: Pass
      • Disabled: Leave this box unchecked
      • Interface: WAN
      • TCP/IP Version: IPv4
      • Protocol: UDP
      • Source > select the Type drop-down box > LAN net
      • Source Port Range:
        1. From: Communication_Ports
        2. To: Communication_Ports
      • Destination > select the Type drop-down box > Single host or alias > Enter: VoIP Addresses
        1. From: Communication_Ports
        2. To: Communication_Ports
      • Log: Leave this box unchecked
      • Description: Outbound communication to VoIP Servers
      • Advanced Features:
        1. Diffserv Code Point: set to ‘af43.
      • Click Save
      • On the next page, click Apply changes to allow the new rule to take effect.
  4. You, your IT, or whoever setup the pfSense firewall will need to follow the steps below.  Your VoIP provider cannot make these changes for you.
    1. Follow the 4 VoIP configuration found at the site below:
    2. Next install the SIProxd package as explained at the site below:

Additional Resources: