Dear Community.
We have a problem (tm): At some sites, WiFi Calling works, at others it does not. Sometimes it's dependent on the provider, e.g. Sunrise&Salt works, Swisscom does not. At another place, Salt&Swisscom works, but not Sunrise.
Does anyone know when a mobile devices decides that WiFi calling is possible? Which ports/protocols/... are used? What are the addresses of the endpoints? How do the probes work? Are there any specific, other requirements, such as: geolocation, RIPE DB entries, ...? Does anyone know of a decent technical spec?
I've seem some IPSEC tunnels and read draft-pularikkal. But there seems to be much more.
The issues are not device dependent, the used device (and subscriptions) do support WiFi Calling, and are able to use WiFi calling at "some" places.
Best regards
wiwi
Hi
I have not been digging into this too much, but I have a few clues which could be helpful.
* Swisscom branded mobile phones (Samsung at least) prevent WiFi (or VoLTE) calling (HD Audio) from being used when SIM cards of other operators are used. (Maybe Swisscom uses a specific flavour of WiFi calling or VoLTE which is incompatible to others?)
* Sunrise, for sure uses IPSEC for WiFi calling but uses GeoIP filter to only allows this service from Swiss IP Addresses.
Sidenote: Sunrise Mobile CGNat cannot handle GRE protocol.
-Benoît-
Hello,
From my experience, in most (all?) cases, the "untrusted non-3GPP access" model is used. In this scenario, the mobile phone establishes an ipsec tunnel with a network element called "ePDG" (Evolved Packet Data Gateway) to connect to the mobile core. See 3GPP TS 24.302 for details.
The address(es) of the ePDG are discovered using DNS: the phone will try to resolve epdg.epc.mncXXX.mccYYY.pub.3gppnetwork.org, where XXX is your operator's Mobile Network Code (for instance Swisscom is 001), and YYY is your Mobile Country Code (228 for Switzerland).
So I guess a first test can be to look for these addresses and watch for ipsec traffic.
Best regards,
Alexandre
On 2020-06-25 08:56, Christian 'wiwi' Wittenhorst wrote:
Dear Community.
We have a problem (tm): At some sites, WiFi Calling works, at others it does not. Sometimes it's dependent on the provider, e.g. Sunrise&Salt works, Swisscom does not. At another place, Salt&Swisscom works, but not Sunrise.
Does anyone know when a mobile devices decides that WiFi calling is possible? Which ports/protocols/... are used? What are the addresses of the endpoints? How do the probes work? Are there any specific, other requirements, such as: geolocation, RIPE DB entries, ...? Does anyone know of a decent technical spec?
I've seem some IPSEC tunnels and read draft-pularikkal. But there seems to be much more.
The issues are not device dependent, the used device (and subscriptions) do support WiFi Calling, and are able to use WiFi calling at "some" places.
Best regards
wiwi
Hi,
The address(es) of the ePDG are discovered using DNS: the phone will try to resolve epdg.epc.mncXXX.mccYYY.pub.3gppnetwork.org, where XXX is your operator's Mobile Network Code (for instance Swisscom is 001), and YYY is your Mobile Country Code (228 for Switzerland).
So I guess a first test can be to look for these addresses and watch for ipsec traffic.
Also looks like a terribly easy way to spoof or screw up automatic discovery. I doubt any vendor uses DNSSec here (or that it will be of any use to protect against abuse).
And oh! What about home routers that don't delegate DNS to the provider's DNS infrastructure?
Regards, Greg
-
Alexandre Suter -
Benoît Panizzon -
Christian 'wiwi' Wittenhorst -
Gregor Riepl