Outbound policy for cellphone VOIP

A cell phone connects to the local lan via wifi. It automatically connects phone calls over VOIP when it has a wifi connection. I’d like to route this VOIP traffic over an SFC tunnel. But I would like all other traffic through this device to avoid the tunnel. I’ve been combing through various Peplink documentation and can’t seem to find a way to do this.
Any suggestions?
Balance 20x

Outbound policy.

I’m sorry but I’m going to need you to hold my hand for this. How do I differentiate VOIP traffic from all the other traffic? I see a VOIP setting in the QOS section but that’s entirely different from routing that traffic over the tunnel.

And another thought has crossed my mind. I believe that all the WIFI traffic from this device is routed through a VPN from the phone carrier. This probably means that I can’t separate the VOIP traffic from the rest anyway. But I would still like to know how to do it for other devices (like desktop computers) that might occasionally function as a VOIP device but otherwise do all kinds of other things don’t need a speedfusion connection.

You should be able to look at active sessions in your pepwave before and during a call and see the different ports that are open if they are any.
SIP typically is 5060 and then a random higher port likely in the 10k -15k range.
Another option is to do an outbound rule based on the destination of the sip server.

Do you mean you are using a VoIP application on your mobile, or do you mean your mobile carrier support “VoWIFI” or “WIFI Calling” and your normal mobile number makes calls over the wifi?

Google Fi.
When the device encounters WIFI hotspots that google deems “safe” it will connect and use that for data AND voice calls. I seem to recall that there may be an option to disable the VPN that they use but I’m not sure of the details. I believe that any network I manually connect to is treated the same as one of the hotspots in their list.
I need to do some more research about this as this issue didn’t occur to me until I was already trying to configure routing in the Peplink.
That said, I do indeed want to work out rules for other devices that may do VOIP of various sorts as well as Zoom, Skype and Facetime etc.

Yes, thats using Voice Over WIFI (an optional part of LTE). You can do this with an outbound policy but you need to be applying the policy to the VPN not SIP traffic as you cant see that (its encapsulated).

If you look at active sessions when you have a call in progress, you will probably see a session on port 500 or 4500 from your device outbound. That is the traffic you need to apply policy to. See here:

Thank you Jonathan.
Monitoring for SIP is certainly a good place to start. But it seems like most voice/media systems are moving to more secure protocols these days? I guess I’ll have to spend some time looking for activity and see what I can find.

might need different rules for different carriers. typically you can find the ports/servers by googling or monitoring an active session. i use all wans with a secondary speed fusion tunnel with smoothing for wifi calling/texting. it works very well. the phones typically have zero signal in the location but the exterior antennas bring in cellular and WiFi WANs.