understanding issues for routing in wireguard/OPNsense

[systemimmanent]

I have 2 separate networks, and a remote worker.
Wireguard is working fine, also internal access seems to be fine up to a certain point where i don't know where to start debugging.

External access from wg clients to internal network behind OPNsense works fine.
However: i have the "dirty" network behind a tplink (192.168.0.0/24) which is "somehow" accessible.
I can get the webinterface of sip telephony system from internal OPNsense and wireguard client, but clients are not able to make calls.
So i assume either there needs to be special treatment for sip telephony, but on the other hand i have no rules which say no, everything is allowed to this specific ip address in the dirty network.

Anybody an idea where to start first?
I already tried to disable all FW rules, no difference.
So i thought this might be a routing issue. But then why all clients reach the web interface of the telephony system?


thx a lot!