I have seen multiple posts with issues using Voip or Wifi Calling when connected to wiregaurd. I’m setup using the mt3000 and wiregaurd works great for everything except making/receiving calls. I have horrible cellular service so we rely on wifi calling. I’m using surfshark WG and on Xfinity Mobile (verizon towers). Would switching VPN provider or cellular provider help fix this issue or is there no way to configure WG and use wifi calling?
Can you try to set up OpenVPN instead of WG and test the WiFi calling ? What if you turn off the vpn completely, does it work ?
I just now try mt3000 with 4.4.6 firmware sip calling with wireguard and double NAT with no problem. What you mean by “wifi calling”? SIP or something else?
Connected with WG on router all incoming calls to my cell phone or wife’s ring twice then go to voicemail. No missed calls. When disconnecting Wireguard on router it obviously works fine. I’m using WiFi calling because I have no cellular signal. If I use the phone app and connect to WG it works, but I would prefer network protection instead of each device having to run WG. Any pointers if this is working for you? Maybe it’s Surfshark vpn and I should try another?
No it is not SIP. WiFi Calling is a feature where your phone establish IPsec tunnel back to the ISP over WiFi to make and receive SMS/calls.
Did you try this suggestion ?
Also try to enable this option while you’re connected to WG vpn:
Another thing to try: use a Surfshark VPN server in the country of your residence since some ISP allows WiFi calling feature only within their country.
Lastly, I believe this post could solve your problem:
Let us know!
Sorry just circled back. I’ll test it again but I’m 99% sure it works with OpenVPN just throttles devices down to ~150-200mbps. I get around 900 hardwired and 600 on most wireless devices with no vpn. With WG I’m getting ~400 which is my preferred means of connecting. In previous testing WiFi calling works at the router level with OVPN at much slower speeds. All servers are connected in same country. I’m in Houston Texas and the servers I use are Houston/Dallas.
According to your description, I guess it’s more like a DNS issue to resolve the wifi calling server’s IP.
Please try changing one of Surfshark’s default DNS servers to a public one—for example, 1.1.1.1.
Thanks for the reply but that hasn’t helped. I have tried at least 10 different pairs of public servers. No change on my end. I feel like it’s dns too, maybe it’s just a limitation of my wireless provider or Surfshark? Thinking about trying some others to see. It’s weird, it works on individual devices perfectly fine, but something gets wonky going through the router.
Have you set vpn policy?
I just tried this option and not changes. Is there something more that I would need to do than just toggling on and hitting save? It updates almost instantly when hitting save. Thanks again for all the help.
I’m really suspecting something with surfshark here. When uploading the OPVPN and using username/password (generated many keys) it fails to start. But I can go through the IOS app and setup OPVN (profile on phone/profile on router). It works, check routing all devices go through VPN server. Doesn’t make much sense for it not to work on manual setup.
I did set the VPN Policy to “Do Not Use VPN” and tested with my wife’s phone and my work laptop. My work laptop has it’s own VPN to network resources so needed to bypass the local router. Rules seemed to work as my work laptop and her phone bypassed but other devies did not. Any suspected issues or suggestions?
Even when you set up wireguard/openvon on your phone, the WiFi calling is not going through it; it bypasses the VPN and establishes a. IPsec tunnel to the telecom network - at least I know this is the behavior of Android phones. However it should work fine when the VPN is on. The router because the phone does not know about it and therefore does not attempt to bypass it. That’s why I asked you to try OpenVPN on the router and retry the WiFi calling again.
I am suspecting the double NAT, one on the phone and one on the router. I am suspecting the MTU as well. Try different sufshark vpn servers coz some telco block vpn’s known IPs.
Troubleshooting Tip: try to capture with tcpdump dns and IPsec traffic on the router to see what’s going on.
One case we met is that when using vpn server in another country, wifi calling is disabled by the carrier.
As you said you are using vpn server in the same country I am not sure about your case. But you can try a different vpn service?
Has someone figured this out? I have the exact same problem. Tried both Wireguard and OpenVPN servers. Only works when I turn off the VPN service on my Beryl router. Using NordVPN. I sent them a ticket asking the workaround.
I dont want to use Split Tunnel in Nord on each of my family members cell phones. Want it all working through the Beryl router with VPN service active. Data and Text messages work with it but not working for outbound and receiving calls.
I boxed mine up and it’s been in the garage shortly after my last post.. I bought deco mesh that’s has built in VPN and works great.
1 Like
That sucks. Nord got back to me and said need to use TCP protocol which support VOIP over OpenVPN which I tried already with no success. Asked them what next? We will see. GL.iNet has to know this answer. They develop their routers around NordVPN.
I figured out the workaround. I found so many posts including GL.iNet admins and even they couldnt figure this out. You just need to setup your cell phone clients a certain way in the VPN Policy. Worked like a charm with 1 downside. Basically any cell phone you assign as a client on the same VPN network you bypass it's MAC address and will avoid tunneling through the VPN and allow Wifi calling/receiving. Like I said however the only downside is these cell clients will then not be behind the VPN and protected for internet browsing once you add its MAC to not use the VPN. Im going to keep tinkering if there is a way to do this.
I wish TCP servers worked as NordVPN support stated. Only solution I found when omitting the cell phone client working through the VPN from the router side was to actually install the Android version of NordVPN to my S24 Ultra and activate Split Tunneling for that client. Then it was once again protected for internet browsing. I was trying to avoid this app install for all my family members however. Easier for me to just instruct them to turn off Wifi calling on their cells and stay behind the VPN when browsing on public wifi. I can leave mine on this setup because Im knowledgable enough to know how to use but for the kids and wife I dont want them to be concerned on using NordVPN on their phones. Our use is purely for networking the Beryl on the road in our RV when traveling and using public wifi or Starlink.
When doing this you need to optimally chose a server in the same country with good speed and low latency. I was successful setting up on WG which is quite a bit faster than OPNVPN.
You need to do this in the VPN GUI section of the router. "Modify Proxy Mode".
Photos attached for simplicity.
