Asterisk VOIP and pfSense IPSec VPN Clients

I had setup a pfSense 2.1 based IPSec VPN following the instructions at https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0 which worked well for my mobile devices and machines.

However, using a SIP based softphone over VPN connecting to my workplace’s Asterisk based VOIP setup never really worked properly. I dabbled in changing the subnet masks, changing asterisk settings, phone settings, NAT and many other things – all of which didn’t really work. The maximum I was able to achieve was calling up *43 which is the echo number and hear my own voice.

The reason for it to not work was that my VPN setup was having a different IP Address range (e.g. 192.168.10.x/24), and my LAN network was different (say 192.168.5.x/24). This is how the VPN is setup, but this allows one way communication – my VPN clients can reach the LAN, but LAN cannot reach the VPN clients. So, Asterisk server, while signaling worked, the media didn’t. So the ring was there, but no voice, since it was trying to send it back to 192.168.10.x series and my pfSense box wasn’t passing it through.

The simple solution was adding a firewall rule in LAN settings, and allowing the LAN subnet to pass traffic to the 192.168.10.x/24 network (Protocol: any, Ports: any). By default it is blocked. And THEN I could ping my VPN clients from LAN too which was the ideal setup, even for remote troubleshooting.