VoIP NAT Config questions

Does anyone have a sample config with a working SIP Based VoIP system behind VyOS when using IPSEC VPN?

Our scenario is the following:

SIP PBX <-> VyOS <-> public internet <-> remote Site IPSEC connected <-> ip phones

We are able to get the IP Sec connection working properly and audio in some scenarios (extension to extension).

However when we try and make external calls our translation keeps getting sent out as the LAN address of the PBX rather than WAN so the traffic from provider is either rejected since its a LAN ip or sent back to the LAN ip which will not work.

Anyone have any sample NAT configs we can look at?

1st of all, try disabling sip helper:
set system conntrack modules sip disable

Thank you we have disabled this and it does help. We found most of are issue are related to IPSEC and it’s non-ability to actually create interfaces (unlike OpenVPN).

Did you try to pair ipsec site-to-site with VTI interface instead of setting up tunnel mode?

This is my actually in-prod scenario (a leg of it): PBX ↔ VYOS ↔ IPSEC ↔ VYOS ↔ OVPN ↔ Phone