Hi,
I have a Grandstream GRP2602P plugged into pfSense at a remote site which then connects to our main site over IPSEC VPN but the phone is unable to make outbound calls either to extensions or external telephone numbers.
Packet captures on the phone, remote pfSense, and local pfSense show that the phone emits the correct SIP INVITE message but that those messages are not received on the IPSEC interface by the local pfSense router and so never reach Asterisk. There are no errors in either pfSense logs.
The firewall rules are currently set to allow anything on any protocol to/from that home worker’s subnet and other SIP traffic does come through, EG:/ the phone does register to Asterisk and it can receive calls. We’ve also proven that traffic is flowing over each IPSEC phase 2 entry.
I thought this was an MTU problem so tried changing these settings on the remote pfSense’ WAN & LAN, enabled MSS clamping on the IPSEC service, and changed MTU on the phone but no combination of values allows that remote phone to make calls. This same kit worked fine in our test environment before being shipped out.
I believe this is a networking problem but the strangest thing is that a different phone works fine on that site. We have an NEC SIP phone out on there which is working for inbound and outbound calls but it is connecting to an NEC PBX over the same VPN which is local here.
Can anyone point me in the right direction to resolve this?