I’m struggling to get some Yealink phones to connect to a hosted FreePBX server. The Yealink phones are behind a pfSense firewall, with default/out-of-the-box config (version 2.5).
I’ve tested these phones behind a consumer ASUS router, and they have no issues registering with the FreePBX server.
After tinkering with NAT rules for an hour, I’m looking for some guidance on what configuration changes I can make in pfSense to allow these phones to successfully connect.
Finally got it all figured out; sharing my results here since I learned something today, and maybe someone else will too.
My issue had nothing to do with pfSense. An important detail missing from my diagram above is that each firewall is assigned a different public IP address by our ISP.
After hunting through ntopng in pfSense (Tom has a video), I was able to determine packets were being sent from Client → Server, but no packets were being received from Server → Client.
During the initial configuration of this PBX, I had only added the “ASUS” IP as a ‘Trusted’ network in the FreePBX Firewall settings (Connectivity > Firewall > Networks). Additionally, while I did have the Responsive Firewall enabled in FreePBX, I did not have ‘SIP Protocol (pjsip)’ enabled (Connectivity > Firewall > Respnsive Firewall).
