Some of the biggest problems that plague people such as "one way audio" or "Calls dropping after XX Seconds" are caused by NAT not being correctly setup.
Make sure you have a resolvable address on the Internet.
If you don't want to pay a few bucks to get a static IP address, and are served by an ISP that periodically changes your IP address, then get an account with a dynamic DNS service such as DynDNS . Your router may already have built-in support for one or more of these services, if so, use one that your router supports and then configure your router to automatically update your dynamic address when your ISP changes your IP address. Failing that, you can set up an updater program such as inadyn, there are instructions for doing that at this blog page
Adding NAT information in FreePBX
All of your settings will be under Settings > Asterisk SIP settings
Next Click Chan SIP in the right menu
This right menu is specific to FreePBX 12. In 2.11 all settings are on the main page
Set NAT as yes
Static IP from your ISP
Select "Static IP" and enter your external IP
Dynamic IP Updated through dynamic IP service
Select "Dynamic IP" and put the Full host name in such as "foo.dyndns.net"
After clicking "submit changes" and the Red Apply click "General SIP Settings" on the right menu
Under "NAT" you will see a box for "Local Networks"
In these boxes you will put your LAN information with the IP in the first box and the SUBNET in the second box
If your IP is 192.168.0.254 you would put 192.168.0.0 / 255.255.255.0
Click "Submit changes" And the red "APPLY" button.
RTP Port Range
Open the SIP and RTP ports to your Asterisk server
You must make sure that you open the correct UDP ports in your router's firewall and pointed at your Asterisk server. For SIP protocol, open UDP (NOT TCP) port 5060 (SIP) AND ports 10000-20000 (RTP, which must also be defined in /etc/asterisk/rtp.conf, see below). All these ports are UDP, opening the TCP ports will NOT help anything and may expose your system needlessly. While you are in your firewall configuration, you may as well also open UDP port 4569 (IAX), since sooner or later you'll probably want to accept IAX connections.
You can see the actual range under the "General SIP Settings" page.
If the port values are any different, change them. These MUST match what you opened in your firewall
Some people feel the need to open fewer than 10,000 ports. I don't recommend this because six months from now when you start having audio problems you may not remember that you opened fewer than the recommended number of ports, and may spend hours troubleshooting the issue. But if you are simply obsessive about open ports, remember that each open SIP connection may require as many as FOUR concurrent ports, so don't cut it down to some ridiculously small number. For the non-paranoid, I suggest sticking with the recommendations above (and remember, if a hacker is looking at ports on your system, he's going to scan ALL of them, so having fewer UDP ports open really doesn't make you any more secure).
You also sometimes need to to a Manual Outbound NAT (pfsense is one) (https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to#Manual_Outbound_NAT)
Routers/Firewalls need to know not to rewrite the port:
NAT as we all know rewrites the source IP address for an outgoing packet. So a packet addressed as asterisklocalIP:5060->providerip:5060 becomes wanip:5060→providerip:5060. However to increase security, pfSense also rewrites the source PORT. Thus the packet goes out as wanip:somerandomport→providerip:5060.
I did not need to do the sip proxy recommended on the pfSense wiki here: https://doc.pfsense.org/index.php/Asterisk_VoIP