VoIP one-way audio through Wireguard

Hey friends, i hope you are doing fine :slight_smile:

I am currently in Brazil, and my home is based in Germany.
At the moment i have to do a lot of calls, so i wanted to use my VoIP phone through my VPN connection to my home location.

Here in Brazil i have a simple OpenWrt router, providing DHCP on LAN, and providing a VPN connection to the remote location. At the remote location, i have set up an OpenWrt VM, providing direct connection to the SIP gateway (Which is also WAN), and the Wireguard interface on the LAN side.

SIP packets "seem" to flow correctly, but somehow i only have audio in one direction. I cannot hear anything, but the other side can hear me.

Prior to the OpenWrt endpoint i've tried setting up a simple Linux VM, but didn't manage to get any further as in the OpenWrt approach with iptables.

Maybe someone can help me to troubleshoot this :slight_smile: SIP seems to be a beast!
Traceroute works.

chairman@fedora:~$ traceroute
traceroute to (, 30 hops max, 60 byte packets
 1  _gateway (  0.491 ms  0.426 ms  0.455 ms
 2 (  251.470 ms  251.386 ms  265.839 ms
 3 (  266.030 ms  265.948 ms  265.929 ms


1 Like

The issue has nothing to do with OpenWrt yet.
Both SIP and RTP packets needs to be captured and analysed on either side.

I have a somewhat similar problem, although with an IAX connection over Wireguard. I'm going to capture the RTP packets on the weekend, let's see, maybe something applies.

"IAX does not use the RTP protocol" per rfc5456
That has nothing to do with OpenWrt as well.

I wasn't aware of this, thanks for the clarification.

I'm very well aware of that, all I wanted to say is that the solution to my problem might also help the OP.

In the meantime, however, I've found out that my one-way audio is actually a two-way audio just with really bad voice quality in one direction - so more of a codec issue than a routing issue.

Well, the issue seems to be somewhere between the SIP gateway, and the VoIP device. Directly connected it works, with 2 OpenWrt routers and the Wireguard connection it only does one-way. So it has something to do with OpenWrt. So i'm trying out to figure out, what exactly doesn't work here. I'm suspecting some issue with NAT traversal, and connection tracking.

It should not be any NAT traversal and connection tracking in your setup.

Traffic flow of all devices.
On OpenWrt (On VoIP side)

On OpenWrt (Heading to SIP gateway)

On SIP gateway

Pictures are useless and I still see no reason to discuss this issue in this forum.

What's the appropriate place for this discussion then?
Do i have to use kmod-nathelper maybe?

[SOLVED] Incoming calls not reaching hosts on the network - #2 by vgaetera

It should not be any NAT in your setup as I mentioned earlier, so everything related to *nat* is out of discussion.

You've verified that you can initiate connections from Brazil to Germany - what about the other way round? Can your SIP gateway reach your SIP phone?
You might be missing a route to the net on the SIP gateway (maybe a Fritz!Box? If it's running a recent FRITZ!OS release, you could also terminate the WG connection there and omit the OpenWrt VM).

1 Like

one way audio typically happens due to:

  • firewall blocking,
  • NAT/routing problems, e.g. check your SDP media sections both end whether IP addresses are routable,
  • codec mismatch

check allowedIPs in wireguard config as a start then SDP.

1 Like


Well, i don't know how, but that did the trick! It works now!
Is this always necessary, or are there any workarounds?
But it works great now! Thanks a lot!


Exactly, i'm using a Fritz!Box, didn't know about the Wireguard feature before. I've created a Wireguard config there, and didn't know, i can share the same IP for the peer's wg interface, and internal LAN interface. So i don't have to go through NAT at all.
It also works flawlessly, i think i will go for this solution, as my Wireguard peer is only there for the VoIP device itself.
Thanks for this hint as well!


Oh yeah! I don't like SIP for all these potential issues.
Finally the NAT/Firewall, whatever issue is solved :slight_smile:


What does this package do?


> nft list chain inet fw4 helper_lan | grep -e sip
		udp dport 5060 ct helper set "sip" comment "!fw4: SIP VoIP connection tracking"

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.