My setup is :
External SIP Trunk Provider in Germany (Vodafone)
AVM Fritzbox 7530AX as Internet Router
internal Network with Raspbery PI (Asterisk hostet 16.28.0, pjsip-channel)
Glinet AX1800 Wireguard Client/Server.
internal Addresses 192.168.1.0/24 Wireguard Network 10.14.0.0/24
Wireguard works fine for complete Network (Laptops, IoT, …) without any issue
All internal Devices sent/receive their data to Glinet AX1800 Wireguard Router, the Glinet uses the Fritzbox as Internet Gateway.
Asterisk can connect to external SIP-Trunk provider if Wirguard is switched OFF.
If Wireguard is switched ON no connection is possible → we receive no packets from SIP-Trunk provider, even we do not know if Packets are received by SIP-Trunk provider.
We did many measurements with wireshark (internal and on internet side),
but we are running out of ideas. Also 'm not an SIP nor Wireguard expert.
According to some google searches the “Requirement of SIP Ports 5060” could be a issue?
My question: is it technical wise possible to tunnel SIP traffic via Wireshark protocoll ?
(we found no “Yes I did it” during our searches, maybe some discussions about VPN protocoll)
Are there some tutorials covering this issue (Asterisk/Wireguard/pjsip) ?
Any help would be highly appreciated
This is working in single-NAT scenario, but it is failing in double-NAT scenario?
Probably you do not need to adjust SIP port 5060 specifically – your outbound SIP registration to Vodafone will most likely keep the firewall open enough, at least long enough for an outbound test call. Instead, you might try disabling SIP ALG in the Wireguard. You can also try adjusting your NAT-related PJSIP settings in Asterisk.
…Asterisk can connect to external SIP-Trunk provider if Wirguard is switched OFF
That’s completely logical because your wan is connected thought a VPN.
With VPN on can you ping to “SIP Trunk Provider in Germany “? if answer is no, you should ask to Wireguard support if and how can set a route to Trunk provider.
Did you try the debug I gave above ? I would also try to netcat in udp port 5060 using tunnel to check if you can connect. ICMP is not TCP nor UDP. Did you set a source IP in Vodafone account which could be different that the one wg is using ?
This log is from Glinet Router → all interfaces are captured
1.) SIP Request initiated from Asterisk to SIP Provider
192.168.1.160 → 126.96.36.199
2.) GliNet Router forwards via wg tunnel
10.14.0.2 → 188.8.131.52
3.) some more wg traffic
4.) SIP Provider answers but now SIP Protocol received
It seems GliNet Router SIP ALG is enable causing Vodafone it´s receiving twice registration request from Asterisk 192.168.1.160 and Glinet 10.14.0.2 .
By the other way, are on the Lan segment using 2 ip address??? Not good ide to use.
Another mistake found
protocol=tcp;;; should be udp!!!
; wireguard tunnel between our router and surfshark.com
external_media_address= add ip data and test