Hey guys, I’ve been playing around with the latest stable version of Vyos. I have a lab phone system that sits behind the vyos firewall. I have a 1:1 nat setup and no outbound firewall rules established. But I allow everything from the SIP provider to the external address and block everything else. I am having problems with the SIP line and I suspect it’s do to the wrong IP in the SIP negotiation. I noticed when it’s behind my lab PIX, it changes the info in the SIP packet from the 10. private address to the external 1:1 nat because it’s running sip inspect. I have tried enabling and disabling all the modules under set system conntrack modules sip. but when I wireshark the WAN interface I’m not getting the results I expect. Any ideas?
So after some more investigating, I discovered that the SIP manipulation only works when the PBX goes out the the firewall on the masq IP. If you create a 1:1 NAT (source & dest) no longer does the SIP modification take place.
In other cases, you may want to try from config mode
set system conntrack module sip disable