WhatsApp videocalls on same network, connection really bad

NollipfSense

@operations Are you running any IDS/IPS package? Wondered whether it's a signal feedback too...

stephenw10

Guessing I'd say either it's trying to use a direct connection somehow and failing or both devices are trying to use the same ports, creating a conflict and falling back to some lesser relay mode.
Are your outbound NAT rules still at the defaults? Automatic mode?

Steve

Operations

@nollipfsense said in WhatsApp videocalls on same network, connection really bad:

@operations Are you running any IDS/IPS package? Wondered whether it's a signal feedback too...

No.

Operations

@stephenw10 said in WhatsApp videocalls on same network, connection really bad:

Guessing I'd say either it's trying to use a direct connection somehow and failing or both devices are trying to use the same ports, creating a conflict and falling back to some lesser relay mode.
Are your outbound NAT rules still at the defaults? Automatic mode?

Steve

No Hybrid mode. I direct some traffic in to certain external IPs and some traffic out via certain external IPs. I have got a /29 subnet.

stephenw10

Are any of those rules set to use static source ports? Are they being used by this traffic?

Operations

@stephenw10 said in WhatsApp videocalls on same network, connection really bad:

Are any of those rules set to use static source ports? Are they being used by this traffic?

Static source ports like 443, 25, 587, 993 etc are being used.

I am not 100% sure which ports are being used by this traffic.

stephenw10

It's unlikely any rule should have static source ports set for those ports.

can we see your outbound NAT rules?

Operations

@stephenw10 said in WhatsApp videocalls on same network, connection really bad:

It's unlikely any rule should have static source ports set for those ports.

can we see your outbound NAT rules?

Of course.

alt text

stephenw10

None of those added rules have static source ports set so that's unlikely to be the problem.

It looks like you have an internal /29 public subnet which is more unusual.

Which internal subnet are the whatsapp clients using?

Operations

@stephenw10 said in WhatsApp videocalls on same network, connection really bad:

None of those added rules have static source ports set so that's unlikely to be the problem.

It looks like you have an internal /29 public subnet which is more unusual.

Which internal subnet are the whatsapp clients using?

I have got an EXTERNAL /29 subnet. Or are we talking about the same thing?
192.168.100.1/24

Phone one is 192.168.100.80 and phone two is 192.168.100.79.

What i do just remembered, DNS wise my phone goes out externally through Adguard. And the other phone goes directly to 1.1.1.1 (or 9.9.9.9). I cannot test it at the moment, but could that be the issue? I have tested before leaving my phone on the WiFi and the other one on cellular network. So my phone was still using Adguard. This test went fine.

stephenw10

The automatic outbound NAT rules are including that /29 subnet which means it's assigned to an interface without a gateway. Or potentially as a VIP somewhere?

It won't be causing this, it just looked unusual.

Operations

@stephenw10 said in WhatsApp videocalls on same network, connection really bad:

The automatic outbound NAT rules are including that /29 subnet which means it's assigned to an interface without a gateway. Or potentially as a VIP somewhere?

It won't be causing this, it just looked unusual.

I have got one external IP address from my fiber ISP.

I have bought a subnet /29 from a different company. So i setup a GRE tunnel and use IP Alias for the /29.

Do you understand what i mean?

I get this is not relevant to my problem. But what so i do differently regarding this?

Operations

No one with anymore ideas?

stephenw10

@operations said in WhatsApp videocalls on same network, connection really bad:

I have bought a subnet /29 from a different company. So i setup a GRE tunnel and use IP Alias for the /29.
Do you understand what i mean?

I do. I would check the routing though, make sure the GRE tunnel has no become the default gateway for anything unexpected.

Your description of the problem indicates to me that the calls are forced to fall back to some sort of relay mode rather then clients connecting directly. It's unclear what causes that though.
It could be they require static outbound source ports since you didn't have any set. That would be a significant drawback for WhatsApp working behind many firewalls though.

Steve