Why does “sip show peers” show my router/gateway address as the client IP address?

Home » Asterisk Users » Why does “sip show peers” show my router/gateway address as the client IP address?
Asterisk Users 4 Comments

Hi Everyone,

I am using pfSense to do firewall and NAT on an Asterisk server. I have
ports 5060 TCP/UDP and 10k-20k UDP forwarded to the Asterisk server local IP
192.168.5.5. However, when a user from outside using Linksys WRP400 ata
connects to the Asterisk server and registers I see them as 192.168.1.1 in
the “sip show peers” command. In face, all many different of the Linksys
WRP400 show the same. It seems that pfsense does something to the packets
that when they reach Asterisk it thinks they are sent from the Gateway
rather than the actual endpoint hence the calls are not reaching the other
side but registration is made.

Any experience with this?

Thanks

4 thoughts on - Why does “sip show peers” show my router/gateway address as the client IP address?

  • Do you have the siproxd package installed on pfsense? It is suspossed
    to handle registrations from multiple phones behind NAT. In your case
    since the phones are external I would probably remove it if installed.
    I haven’t needed siproxd.

    Also on Asterisk set externip to your static IP in sip.conf. Or if you
    don’t have a static IP set externhost. You also need to configure
    localnet.

    Ryan

  • Thanks for the feedback Ryan.

    Siproxd is not installed. I think Siproxd like you said just does the
    reverse meaning if phones are part of pfSense subnet then it connects to
    outside world. But in my case they are coming into Asterisk which is on
    pfSense subnet. I do have a static IP and it’s set like:

    externip=34.34.34.34
    localnet=192.168.5.0/255.255.255.0

    Do you use pfSense for this same situation? Can you do a sip show peers and
    let me know if you actually see the outside public IP addresses for the
    clients? Also how is your outbound NAT setup? AON?

    Thanks

  • Thanks for the confirmation. Do you have both LAN and WAN as outbound AON
    like this:

    WAN any * * * * * YES
    LAN any * * * * * YES

    ???

    I am stumped as to why pfSense behaves like this in this instance.

    Thanks again.

  • You only want one outbound NAT if you only have WAN and LAN interfaces. Mine is

    WAN 192.168.1.0/24 * * * * * YES

    Replace 192.168.1.0/24 with your internal network range.

    Ryan