You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[x] I have searched the existing issues and I'm convinced that mine is new.
Is your feature request related to a problem? Please describe.
We're using an internal PBX for SIP based VoIP. Phoning in general works fine. But there's a problem if we configure a call forwarding to an external (e.g. mobile) number. If a caller from outside calls in and gets forwarded to an external number, no audio is transfered for the first 15 seconds of the call. The SIP invite package contains the dynamic UDP ports for the RTP stream (often in the range between 10,000 and 20,000), but OPNsense doesn't inspect them and thus the needed ports stay closed until after 15 seconds a keep alive package gets send which opens the needed ports.
Describe the solution you'd like
I'd like to have a config option (e.g. check box) to enable the feature SIP inspection. If enabled OPNsense shall inspect the SIP invite packages and open the mentioned ports for the duration of the call (so called RTP pinholes).
Describe alternatives you've considered
The only work around currently available seems to be to statically open the ports (e.g. 10,000 ports in the range between port 10,000 and port 20,000). A limit to the IP of the PBX and SIPtrunk provider is possible.
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
[x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
[x] I have searched the existing issues and I'm convinced that mine is new.
Is your feature request related to a problem? Please describe.
We're using an internal PBX for SIP based VoIP. Phoning in general works fine. But there's a problem if we configure a call forwarding to an external (e.g. mobile) number. If a caller from outside calls in and gets forwarded to an external number, no audio is transfered for the first 15 seconds of the call. The SIP invite package contains the dynamic UDP ports for the RTP stream (often in the range between 10,000 and 20,000), but OPNsense doesn't inspect them and thus the needed ports stay closed until after 15 seconds a keep alive package gets send which opens the needed ports.
Describe the solution you'd like
I'd like to have a config option (e.g. check box) to enable the feature SIP inspection. If enabled OPNsense shall inspect the SIP invite packages and open the mentioned ports for the duration of the call (so called RTP pinholes).
Describe alternatives you've considered
The only work around currently available seems to be to statically open the ports (e.g. 10,000 ports in the range between port 10,000 and port 20,000). A limit to the IP of the PBX and SIPtrunk provider is possible.
Additional context
The feature seems to be common in other firewall solutions, e.g. https://www.fortinetguru.com/2020/02/voip-solutions-sip-pinholes/ or https://help.fortinet.com/fos50hlp/52/index.html#page/FortiOS%205.2%20Help/SIP.190.045.html
Relevant forum thread: https://forum.opnsense.org/index.php?topic=20126.0
The text was updated successfully, but these errors were encountered: