Hey all,
Question if anyone knows about cell phone wi-fi calling in US. Googling isn’t finding what I’m looking for. We have a corporate site in US where users have BYOD capability, and use their phones with wi-fi calling enabled. Site uses a single NAT address (IPv4) for BYOD access. Recently the site reported wi-fi calling had stopped working for all user phones, Apple and Android, all about the same time. The guest network did have some bandwidth limitation applied and they had overuse. That was since resolved, we upped the bandwidth. But the phones all still avoided wi-fi calling. It’s a manufacturing site with known cell signal issues, so most users had no signal via carrier. I did not get a packet capture yet to see what could be going on, we’re 99% sure we’re not blocking traffic. I’m wondering if the phones have an algorithm to test wi-fi signal, and perhaps the carriers will blacklist public IPs with known wi-fi calling issues to avoid cases where an emergency call can’t be made because of intermittent bad performance? It seems odd that even when no bandwidth issues exist, it’s not attempted.
Thoughts?
Thanks,
Chuck Church
I’ve seen if there’s too much buffering or some sort of other issues it drop out and not work. I’ve actually replaced customer CPE to address this.
You want to make sure that you are passing ESP through, and there’s even issues with some of the carriers not liking a phone using wifi calling if it has a public IPv4 address (!)
I don’t recommend this, but will point out that the carriers have defined SSIDs you may be able to shunt the devices over to, and if you do the open roaming stuff it may also help depending on your environment.
ATT_US.bundle/profile.mobileconfig- <string>attwifi</string>
Verizon_LTE_US.bundle/profile.mobileconfig- <string>VerizonWiFiAccess</string>
You also see this in their config for their SSIDs:
<key>DisableAssociationMACRandomization</key>
<true/>
If you have BYOD but under enterprise management it may make sense to shunt the phones to a discrete SSID which has fewer restrictions.
- Jared
Wi-Fi calling is pretty much an IPsec VPN from the cellular device to the carrier.
While I don’t have a list of IPs some quick googling did find some form post with domain names and IPs block for some carriers.
The main thing is making sure IPsec is not blocked or is otherwise not interfered with or broken.
Of course this is mainly going to be UDP Port 500 and 4500.
Apparently also port TCP 143 (IMAP) may also be used for some for some reason for some carriers, Not 100% clear on that one.
Brandon Jackson
bjackson@napshome.net
My understanding has been that generally, if the cellular network signal was above a certain threshold, phones won’t even attempt to use wifi calling. Some carriers used to let you flip a switch to force the phone to prefer wifi over cellular, but some have removed that. ( Verizon for example. )
In my experience some years ago in a similar environment, that cellular threshold to switch was set so low that it was useless. I could be standing in a spot with barely tickling the bottom bar, and nothing. If I flipped to airplane mode, was able to wifi call instantly.
Thanks all. Oddly enough, it seems that the entire site’s userbase suddenly started working. From what I understand no action was taken to fix anything. So unless a dynamic PaloAlto update broke it and then unbroke it later, I’m not sure what was going on. I’ll debug a bit to know what a working baseline looks like, since I’m not sure.
Thanks again,
Chuck
I’ve had issues with wifi calling on Palo Alto as well as delayed SMS delivery and receive.
I had to allow port 500 and 4500 out to get this working properly. I am planning on trying to implement a whitelist using IPs/domains in the future.
–Brendan