Anderson Silva

@apalrd Have you been facing issues with #WiFiCalling while running #IPv6mostly in #OPNsense ?
I can't figure out exactly why it breaks in my home network, since there are no misconfigured rules nor anything related - if I disable DHCP option 108 and assign old addresses to each client, it works; when passing through #tayga #nat64, it stops entirely.

All this because the carrier's servers are stuck in the last millenium, of course they are: https://www.netify.ai/resources/mobile-gateways/country/br

#AskFedi #IPv6

Mobile Gateways - Brazil - MCC 724 - 3GPP Info

Details on Brazil Mobile Gateways: 3GPP WiFi Calling, RCS, hostnames, IPs and networks.

Oct 20 at 2:51amWeb
Show threadapalrdOct 20

@UnderEu which mobile OS?

Someone on my discord has been debugging some really bad behavior by Android. As far as I know iOS doesn’t have the same issues.

It basically comes from losing and re-gaining connectivity without triggering a network event

Show threadAnderson SilvaOct 20
@apalrd Both Android & iOS
Show threadapalrdOct 20
@UnderEu as to wifi calling specifically it uses IPsec with a sim-based key exchange so anything that breaks IPsec will break wifi calling. I’m not even sure if they do udp encap, but they probably do.
Show threadapalrdOct 20

@UnderEu I wonder if the default Opnsense nat rule is different from the one the tutorial has you create somehow. Nat44 is done by FreeBSD PF in either case but maybe it’s not using port 500 and the server hates that or something weird.

IPsec can be tricky even though it shouldn’t be

Show threadJensOct 20
@apalrd @UnderEu
default NAT in *Sense is always doing random ports, whereas IPsec needs client side static port for 500/4500 to work correctly. Most tutorials about IPsec or WiFi calling do create a rule for source <mobileIP> to any port 500/4500 with static port checkbox enabled. Thus the client port won't get rewritten so IPsec can work UDP/500 to UDP/500 as needed by those old systems. Automatic outbound rules don't work for that.
Show threadAnderson SilvaOct 20
@apalrd Here are my current NAT rules, for the record (Vivo = WAN connection).
Show threadThomas SchäferOct 20

@UnderEu @apalrd

@Oskar456

I have the same experience with tayga based IPv6mostly setups. In May in Lisbon (jool based) at ripe90 it finally worked.
Maybe people at #ripe91 can check it again, if it still works.

Show threadThomas SchäferOct 20
If someone sees "WLAN call" / "WiFi call", please make a call to verify.
The symbol alone isn't enough.
Show threadThomas SchäferOct 20
By the way: The personal hotspot of iPhones does also IPv6mostly when the mobile uplink does IPv6only.
In that case WiFi call works in a android device. Connected to the personal hotspot and doing clat.
Show threadlucasmz (en)Oct 20
@UnderEu @apalrd does it not work with CLAT?