If so, do you use port forwarding in your router to get your VoIPo service to work?

The reason I mentioned m0n0wall or pfSense is they are fairly similiar in port forwarding, and I'm using m0n0wall. I would imagine some other routers out there may also be similiar in setup to m0n0wall and pfSense.

I want to verify that thee is somebody out there is actually doing port forwarding with m0n0wall or pfSense with 2 or more VoIPo lines...and it is working properly for you. If it works for you, then it might work for me.

I have 2 VoIPo lines. I can receive phone calls on one VoIPo phone number using ports 5060 & 5061. Tech support told me to use those ports.

VoIPo tech support told me to use ports 5078 & 5079 on my other VoIPo phone number. I cannot receive phone calls on that line. When I try to answer, the calling phone never hears that I have answered, and the calling party just goes through to my VoIPo voice mail.

If I can just find someone out there that has 2 or more VoIPo lines that work properly for you, with your ATAs behind your m0n0wall or pfSense router, then that will give me hope that I can eventually do the same thing. Maybe I'm not port forwarding correctly, but so far I can't see that I'm doing it wrong.

I use to be able to receive calls on both phones, but about 3 weeks ago, I stopped being able to answer calls on my one phone line...I have no idea why. I was told to do the port forwarding, which so far has not worked. But like I said, I would feel much better if I could just find someone out there that it does work for, that has 2 VoIP lines.

Tech support told me to hook my 2 ATAs directly to my ISP's modem. I can't because I'm using my only public static IP on my router. I don't have any public static IPs left for my 2 ATAs. Plus I don't want to spend a lot more money just so my 2 ATA will each have a public static IP.

I think my 2 VoIPo ATAs should be able to work correctly when placed on the LAN side of my router, because I think there are a ton of other people here with 2 or more VoIPo lines with their ATAs behind their router.

I have heard there is something called STUN technology that some VoIP companies use that routes ports through the router, to the ATAs without the customer having to resort to doing port forwarding. I don't know if VoIPo uses that though...although I remember seeing a tech support person mention that in a chat session I had with them a couple days ago. I asked about it, but he didn't say much about it.

Thanks much for your reply.

Bob

If so, do you use port forwarding in your router to get your VoIPo service to work?

The reason I mentioned m0n0wall or pfSense is they are fairly similiar in port forwarding, and I'm using m0n0wall. I would imagine some other routers out there may also be similiar in setup to m0n0wall and pfSense.

I want to verify that thee is somebody out there is actually doing port forwarding with m0n0wall or pfSense with 2 or more VoIPo lines...and it is working properly for you. If it works for you, then it might work for me.

I have 2 VoIPo lines. I can receive phone calls on one VoIPo phone number using ports 5060 & 5061. Tech support told me to use those ports.

VoIPo tech support told me to use ports 5078 & 5079 on my other VoIPo phone number. I cannot receive phone calls on that line. When I try to answer, the calling phone never hears that I have answered, and the calling party just goes through to my VoIPo voice mail.

If I can just find someone out there that has 2 or more VoIPo lines that work properly for you, with your ATAs behind your m0n0wall or pfSense router, then that will give me hope that I can eventually do the same thing. Maybe I'm not port forwarding correctly, but so far I can't see that I'm doing it wrong.

I use to be able to receive calls on both phones, but about 3 weeks ago, I stopped being able to answer calls on my one phone line...I have no idea why. I was told to do the port forwarding, which so far has not worked. But like I said, I would feel much better if I could just find someone out there that it does work for, that has 2 VoIP lines.

Tech support told me to hook my 2 ATAs directly to my ISP's modem. I can't because I'm using my only public static IP on my router. I don't have any public static IPs left for my 2 ATAs. Plus I don't want to spend a lot more money just so my 2 ATA will each have a public static IP.

I think my 2 VoIPo ATAs should be able to work correctly when placed on the LAN side of my router, because I think there are a ton of other people here with 2 or more VoIPo lines with their ATAs behind their router.

I have heard there is something called STUN technology that some VoIP companies use that routes ports through the router, to the ATAs without the customer having to resort to doing port forwarding. I don't know if VoIPo uses that though...although I remember seeing a tech support person mention that in a chat session I had with them a couple days ago. I asked about it, but he didn't say much about it.

Thanks much for your reply.

Bob


I do and it works fine.

What are you using as your router? pfSense or Monowall and what version?

Hi chpalmer:

Thanks for the post.

I am using m0n0wall v 1.231 on a WRAP board.

Are you using m0n0wall? I have a pfSense book and notice it is fairly similiar to m0n0wall for port forwarding. I wish there was a good book on m0n0wall.

I assume you are using 2 ATAs, both behind the same NAT...one for each of your VoIPo phone lines?

Are you using ports 5060 & 5061 for your one ATA and 5078 & 5079 for the other ATA? Thats what VoIPo tech support told me to do.

I have a feeling I'm not doing port forwarding correctly. How did you do your port forwarding?

Thanks much,
Bob

Hi Bob:

I use pfSense 2.0 with an ATA for two separate lines and another that only does outgoing for a third line (so no register)

I do no port forwarding. Only built firewall rules to allow the servers access to the wan address...

The two routers do have some differences. I know on earlier versions of pfSense the static port redirect did not happen on 5060. But would on 5079... I have no problem with redirect and in fact it helps. They have taken the 5060 static port out of the later versions as its easy enough to add if you need it...

With pfSense you can use a Siproxd package which if all the ata's are on on port (say 5060) then it will allow multiple ATA's on the same sip server... I dont think you'd need that as I dont...

Hi chpalmer:

Thanks for the reply.

That could be the difference.

Sounds like you are using one ATA, with two VoIPo lines going to the one ATA. I have two seperate ATAs, with one phone line going to each.

So maybe I should get VoIPo to set me up with two phone numbers on just one ATA. That way I'll only have one ATA to worry with.

When you say,
"I do no port forwarding. Only built firewall rules to allow the servers access to the wan address..."
I'm not sure I understand.

Do you have a public static IP on your router wan port? I use public static IP.

What do your rules look like? Are they built into the Firewall>>>>NAT and Firewall>>>>Rules sections of pfSense?

My 2 ATAs are Broadstream model HT501. The one ATA that I can receive calls on, the "Phone 1" & "Phone 2" LEDs flash at the same time...when the phone is on the hook. But for the one ATA that I cannot receive calls on, the "Phone 1" & "Phone 2" LEDs do not flash at the same time. They alternate in flashing. One turns on, while the other is off. Then the other LED flashes on while the other LED is off. So something is definitely different (or wrong) there.

UPDATE: I got up this morning, and now the 2 LEDs are flashing simultaneously, just like the other one. That might be a good sign.

Hi chpalmer:

Thanks for the reply.

That could be the difference.

Sounds like you are using one ATA, with two VoIPo lines going to the one ATA. I have two seperate ATAs, with one phone line going to each.

So maybe I should get VoIPo to set me up with two phone numbers on just one ATA. That way I'll only have one ATA to worry with.

When you say,
"I do no port forwarding. Only built firewall rules to allow the servers access to the wan address..."
I'm not sure I understand.

Do you have a public static IP on your router wan port? I use public static IP.

What do your rules look like? Are they built into the Firewall>>>>NAT and Firewall>>>>Rules sections of pfSense?

My 2 ATAs are Broadstream model HT501. The one ATA that I can receive calls on, the "Phone 1" & "Phone 2" LEDs flash at the same time...when the phone is on the hook. But for the one ATA that I cannot receive calls on, the "Phone 1" & "Phone 2" LEDs do not flash at the same time. They alternate in flashing. One turns on, while the other is off. Then the other LED flashes on while the other LED is off. So something is definitely different (or wrong) there.


I use two ATA's... One with two lines that register and receive incoming calls as well as outgoing... and one ATA that does not register so it does not get incoming calls but only outgoing.

For that reason the second ata really does not count here.

But I do not have any port forwarding rules for the ata's. Ive never needed them.

I have two wan addresses here. One dhcp and one static. Voip stuff is on the dhcp.

http://doc.pfsense.org/index.php/VoIP_Configuration Heres a pfSense doc...

Running out to a quick service call....

Hi chpalmer:

Thank you so much for your info on this.

That pfSense link on adjusting pfSense for VoIP is so important. Did you adjust your pfSense that way? I wonder if m0n0wall has similiar settings? Hopefully so.

It's good to know you have 2 ATAs behind your router, with no port forwarding. Seems the only difference between your setup and mine, is you are using dhcp to your ATAs, and I'm using private static IPs there. And I'm using a public static IP on the wan of my router. That shouldn't cause any problems for me I don't think.

I guess you are using the Grandstream HT501 routers?

I have to run to church for now. I'll post a little more when I get back. My wife wants me to drive her to Gettysburg (about 30 miles away), so that might slow me down a little.

I do thank you so much for the input you are giving.

I wonder if there are any m0n0wll people here with 2 or more ATAs behind their router? Feel free to post. Thanks.

Bob

I had an additional thought.

I see that port forwarding is suggested by VoIPo to various people that might have VoIP connection problems. After reading the link you gave me, I'm thinking there is a root cause other then port forwarding, since you don't need to do port forwarding at all and your VoIPo phones work find, with no port forwarding. I'm thinking the port forwarding solution is a work around to a root cause problem, which I haven't identified yet in my m0n0wall.

I was hoping to see some other people who use pfSense or m0n0wall post here also.

I'm thinking the link you posted (although I don't completely understand it yet), may be the root cause to the connection problem I have. I have to figure how to implement that solution in my m0n0wall. Otherwise I might switch over to pfSense.

When you use your ATAs, the ports have to be opened or your phones wouldn't work. Doesn't NAT automatically open those ports, when they are needed? Then close them when not needed? That way you have more security.

Well, I have to leave and drive my wife to Gettysburg. Thanks much

Sorry to jump in, but the port forwarding issue has been on the table for some time now..

Every provider has different routes and different upstream carriers. Depending on how those carriers config their systems will depend on whether you need port forwarding or not.
For a long time with my Spa2102 ATA, I didn't need it. With my PAP2T and HT502 it seems to work better if I have the full range 5000-65000 enabled.
At the same time, I think the routers are pretty much the first line culprits...Many of them seem to do their own things no matter how they're set up..I've never had to use STUN.
My ISP provides dynamic DNS so my routher is set to DHCP, however, I point the forwarding route to a static IP imposed on my ATAs.

I come from the POTS telephony world and VOIP is still a constant learning process for me. Don't know if I'll ever learn.

Hi burris:

Thanks for your post.

I called Verizon...my FIOS Internet provider...to see if they are blocking any ports. They say they aren't.

I did try to do port forwarding with my m0n0wall, but for some reason it didn't work. Either I'm not doing port forwarding right (although I did a lot of Googling on it), or my m0n0wall is malfunctioning.

I'm tempted to go to pfSense. Back around Feb., I bought the book about pfSense, by Chris Buechler. m0n0wall has no such book. It seems more difficult to get help with m0n0wall then pfSense...although I did get my m0n0wall set up to take credit cards for WiFi hotspots, and made it do captive portal, and dns, etc. It's just the port forwarding I can't do...yet.

I'm tired of not being able to answer my one VoIP phone. The other VoIP phone I can answer. This has gone on for 3 weeks. It use to work. I didn't make any changes on my end.

I was happy to see the link that chpalmer posted about setting pfSense up to work with VoIP. That means that very knowledgeable router people have recognized there can be a problem with passing VoIP ports through routers...and they posted a solution, which didn't have anything to do with port forwarding. chpalmer doesn't even use port forwarding with his two VoIPo lines. So maybe there is a chance for me yet.

I can call out ok though. For the most part, I like the good call quality of VoIPo.

I installed my Linksys router...and wow. Yipee...It works


And I didn't even need to use port forwarding.

What is wrong with my m0n0wall that my m0n0wall won't let me call my one VoIP phone?

Maybe it's a solution similiar to the pfSense VoIP solution, where cfpalmer previously posted a link to correct a similiar problem with pfSense, that was needed to get VoIP to work with pfSense. That pfSense solution had nothing to do with port forwarding either.

So it seems that it has to be something other then port forwarding in my m0n0wall, that my m0n0wall router won't let me answer VoIP calls on my one VoIP phone.

It's a simple Linksys BEFSR81 router that now allows my VoIP to work...all without port forwarding. Now I'm really curious why my m0n0wall gives such a problem. It has to be something in the m0n0wall configuration that I'm doing wrong.

Hi Bob:

Have you seen this? http://doc.m0n0.ch/handbook/

Seems there is a sip proxy available also...

I'm don't even know what sip proxy is...lol.

I do have the m0n0wall manual printed out. I'll look at it to see if there is anything about sip proxy.

Are you saying I need to turn on something called sip proxy in my m0n0wall?

At least now I can receive phone calls with my linksys router installed...all without port forwarding.

I sure would love to figure out why m0n0wall won't let it work. Maybe that sip proxy you mentioned might be a clue. For best security, I believe m0n0wall disallows things unless specifically allowed. I must not be allowing something, where the Linksys is allowing the phone calls to go through.

I assume you are the same user (Airplane777) over in DSLR. If so, it appears your m0n0wall has caused more issues than your current one. Just out of curosity, is it really worth the headaches to continue to use m0n0wall? I'm not familiar with it at all, but for the average user a feature rich home router should suffice for most peoples needs and would likely eliminate the issues you've been having altogether.


So maybe I should get VoIPo to set me up with two phone numbers on just one ATA. That way I'll only have one ATA to worry with.

If you are intent on keeping m0n0wall, I would pursue the option you've stated above and move both phone numbers over to the ATA that is not having any problems at all. It's likely this would eliminate the firewall/port blocking issue you are having with 2 ATA's attached. This would also allow you to assign a port forwarding range if necessary to a single ATA. As it stands now, your port forwarding range options are limited because you can't assign the same port range to the static IP's of both ATA's.

To avoid violating the TOS limit of 5000 minutes per month, I would try one these options:

Option 1:
If you use more than 5000 minutes combined between the 2 phone numbers, then I would have Voipo combine both accounts (phone numbers) to just 1 ATA on line ports 1 and 2 respectively.

Option 2:
This option is cheaper and assumes that you never have need to have the phone accounts at a separate location or public network. If you use less than 5000 minutes combined between the 2 phone numbers, then I would close one of your accounts and convert/move that phone number into a virtual number over to the remaining account for $3 extra per month. Then you would convert the virtual number into an independent 2nd line on line port 2 by logging into vPanel, clicking the Beta tab, then "2nd line" and follow the procedures for converting the virtual number. You could also have Support do this process for you, just to keep problems from arising during the account closure and virtual number conversion process.

I'm sure Voipo's support group will help you get things working whatever your decision might be. Their Tier II support team is top notch and very knowledgeable. I would try to schedule a support call with them.

Bill-

How many ip's do you get with your ISP connection?

While I agree with tritch about keeping it simple I know that I got tired of running to the office to reboot my store bought routers over the weekend when they froze up due to the number of connections...

Generally a pc running a pf solution such as mono or pfsense will have less latency due to the faster hardware but it depends...

I used Monowall for about a week several years ago so can't speak for it other than some of the similarities to pfSense... but a proxy is simply a solution to point your clients to in order to get them tunneled through a specific way whether its a browser proxy that makes you see a certain page when you first sign on or in this case a program running on the router that makes all the ata's appear to the voip provider to be only one ata with multiple numbers with your public ip address... And there is other uses also...

Ive been curious for a while about trying a sip proxy here and this seems like a good time to try...

I don't know if support has tried this already, but I'm curious if assigning different SIP servers to the ATA's would alleviate the problem. Maybe the SIP communication will properly traverse the firewall to the correct ATA if the SIP information is coming from different SIP server IP's. The data is either being blocked or being routed to the wrong ATA.

1st ATA - sip-east01.voipwelcome.com (Washington DC)
2nd ATA - sip-central01.voipwelcome.com (Dallas)

Hi tritch:

Thank you for your post.

I did post on another thread about possibly using one ATA. That was when I thought that might be my only solution. That was when I thought my problem was port forwarding. Now I don't think it is a port forwarding issue because...

1. When I installed my Linksys router my two VoIPo phones are working quite well now. And there is no port forwarding set up in my Linksys that I could find...not even with UPnP.
2. chpalmer has a pfSense router with two ATAs and he isn't using port forwarding.
3. There is a pfSense link that chpalmer posted that recognizes that there can be VoIP problems if pfSense isn't configured correctly. Which means some smart pfSense router guru out there wrote up that configuration info for people who have VoIP connectivitiy problems.

I like the features that m0n0wall and pfSense has. For instance I have a seperate firewalled WISP subnet on my m0n0wall, seperate from my home network. Now with my Linksys I have to run the WISP network along with my home network. I prefer not to do that for very long.

I will probably try upgrading to a later version of m0n0wall, just in case I have a bug in the version I'm using now. But I'm also thinking of moving over to pfSense. Especially since chpalmer is having such success with it.

I'm looking into taking a seminar on pfSense when one is offered in the USA. I'm on an email list now to be notified when one is offered.

You are right. The commercial Linksys router did fix my problem. Both ATAs are now working. But I will probably be testing out a newer version of m0n0wall to see if that fixes the problem. I don't want to give up on finding a root cause answer to the problem. For instance, I will see if I can interpret the logs that are generated. Someone on the other thread suggested that I can probably see what is being blocked by viewing my firewall logs and that can probably give me an idea of the root cause of the problem.

I will probably eventually switch to pfSense, since I know it works for chpalmer. Thanks for your suggestions.

One big reason I went with VoIPo is I know they are associated with HostGator, and I like the HostGator service. When I get to where I feel pretty confident with using router configurations with this VoIP service, I have even thought of reselling VoIPo service, since I think it is a good value for the money.

Hi guys:
Today I finally got around to loading a newer m0n0wall firmware version...v 1.33. Yipee...it worked.

The old firmware version was the culprit.

Now I can answer the one VoIPo phone when it's called...all without port forwarding.

I still have an old lingering problem with one way audio when one VoIPo phone calls the other VoIPo phone...only when my m0n0wall router is used. It's a problem caused by my router.

If I use the Linksys router I have two way audio just like I should. So there is some kind of an issue in m0n0wall causing one way audio, but thats not a big deal since no one ever calls me thats using a VoIPo phone.

So I thank everybody for the great posts and help.

The old firmware version was the culprit.

That just saved me. That did it for me as well! https://imagicon.info/cat/6-4/1.gif

I just wanted to add to this thread, since it's what shows up at the top of a google search for PFSense and VOIPo. I have a GrandStream TA.

I was experiencing 1 way audio on inbound calls once I installed PFSense. I noticed looking at the firewall logs that the external servers were attempting to connect on low ports outside the "standard" port forward ranges VOIPo recommends. The problem is caused by an outbound port remapping feature, which is enabled by default for security reasons:

https://doc.pfsense.org/index.php/Static_Port

This link describes the feature and includes instructions on enabling a "static port" which disables this feature for a specific device. Once you do that, the generally prescribed port forwarding options will work and the 1 way audio problems stop.

I had seen a few other posts suggesting setting up some specific mappings for specific external servers, but I didn't want a solution that was dependent on knowing external IPs. VOIPo might change those. I figured it had to be something simpler, since the port forwards work OK with most generic routers

I just wanted to add to this thread, since it's what shows up at the top of a google search for PFSense and VOIPo. I have a GrandStream TA. Ive replied to a few posts over at the pfsense forums on similar subjects and since the 2011 post I made here I have turned up a few pfsense boxes for customers with VOIP. Basically if you look at the information you have already described here namely the failed attempts by the servers to connect inbound you can build firewall rules based on that. No port forwarding needed. You dont want it especially if your running more than one ATA behind your firewall. I have a few numbers here behind my primary data center and use the SIProxd package on my pfSense box. At other sites I simply have built firewall rules allowing both SIP and RTP servers access to the LAN address of the ATA on the customer LAN and have absolutely no problem.