@johnpoz Well, I have here a scenario in it's not possible for the packets to go through the local/internal network.
I have a pfSense with a /29 public IP (one address in the WAN and others as VIPs). In the LAN side, I have a PBX IP running in a VLAN1, and a STUN/TURN Server running on another VLAN2.
For the PBX I have a VIP with NAT Port Forward Rules, and NAT Outbound Rules;
For the STUN/TURN Server, I also have a VIP with NAT Port Forward Rules, and NAT Outbound Rules;
The IP Phones/Softphones located "in the world" can access the STUN/TURN Server via VIP address.
But the PBX, can't access the VIP address of STUN/TURN Server.
And why do I need this? Because the STUN/TURN Server needs to receive/recognize the Public IP address of the PBX and send back this information to the PBX put this on the SIP packets.
If the PBX reaches the STUN/TURN Server internally, the STUN will return the internal IP to PBX, and this info will be informed in the SIP packets, and then no one on the internet can find the RTP address of PBX.
But I didn't find how to make it work here. Any idea?
BR,