The firewall appears to be blocking outgoing text messages from my phone ...
-
Is IPv6 used for your WiFi calling? It isn't on mine. You can use Packet Capture to see what's used.
-
@JKnott Apparently this is an intermittent problem, the phone pulled an IPv6 address, and failed to receive a wifi call. So I rebooted it, after which it received a wifi call fine. I don't know if the call is going over IPv4 or v6. Really all I can tell at this point is the problem appears to be confined to Samsung phones, and rebooting seems to make it work for a while. I don't currently have a firewall rule passing WAN net inbound to LAN net on 500 and 4500, as it seems to work intermittently with or without these rules.
-
My Pixel 2 always gets an IPv6 address, whether on my home network or the cell network. It has nothing to do with the problem. You can run Packet Capture on UDP port 4500 to see if IPv4 is used or IP protocol 50 (IIRC) to see if IPv6 is used. The reason for the difference is that UDP is used to get around NAT on IPv4.
However, given that it only applies to the Samsung phone and a reboot fixes it, that's likely where your problem is, and not with pfSense. Regardless, packet captures can often tell you a lot.
-
@JKnott Yeah, especially on Verizon, phones are IPv6. If I FTP into my media server using my Pixel 2 it shows an IPv6 address on Filezilla FTP server. I'm sure it is a Samsung problem and not pFsense, but there must be some way to work around it. I don't recall having this problem with my ancient Draytek Vigor 2130 router.
Is packet capture a pFsense utility? Never tried it before. Tried to use Wireshark once, but gave up - incredibly complicated to figure out.
-
If the problem is with the phone I doubt there's anything you could do in pfSense to get around it. PfSense includes Packet Capture, on the Diagnostics page. However, by itself, it provides limited info and it's better to download the capture to read with Wireshark. Yes, Wireshark is complicated, but it does a lot of useful stuff for working on networking problems. I use it regularly.
-
I use the software firewall untangle as my router firewall for my home network. I found over the last several months that all of the phones in my house that use Wi-Fi calling will sometimes have problems either sending or receiving pictures via SMS. I'm not trying to hijack this post, I'm trying to point out that it's not just pfsense that's causing this problem, nor is it just older phones because I just had the issue 5 minutes ago on my note 10 plus. It's also not limited to carrier because the original poster is on Verizon and I am on AT&T.
-
@red3recon said in The firewall appears to be blocking outgoing text messages from my phone ...:
I use the software firewall untangle as my router firewall for my home network. I found over the last several months that all of the phones in my house that use Wi-Fi calling will sometimes have problems either sending or receiving pictures via SMS. I'm not trying to hijack this post, I'm trying to point out that it's not just pfsense that's causing this problem, nor is it just older phones because I just had the issue 5 minutes ago on my note 10 plus. It's also not limited to carrier because the original poster is on Verizon and I am on AT&T.
Ah, you have Samsung too. It is my slightly-informed opinion that Samsung has a problem with wifi calling (which is SMS-over-wifi as well) with an IPv6-enabled network. But I'm neither tech-savvy enough, or interested enough to become more wireshark-skilled, to prove this with certainty.
My solution will be to ditch the only Samsung phone in our household, which will come at a price. But I can't have the darn thing not receiving calls to one of my kids, and I'm not interested in trying to accommodate Samsung's stupidity.
-
Wifi calling uses the same protocol as VoLTE. It's VoIP encrypted with IPSec and then encapsulated in UDP, if passing through NAT. I don't know what's used when directly on the cell network, but on my WiFi, it uses IPv4, even though I have IPv6 available. I don't know much about the protocols used beyond that. Perhaps someone else here does.
-
@JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:
Wifi calling uses the same protocol as VoLTE. It's VoIP encrypted with IPSec and then encapsulated in UDP, if passing through NAT. I don't know what's used when directly on the cell network, but on my WiFi, it uses IPv4, even though I have IPv6 available. I don't know much about the protocols used beyond that. Perhaps someone else here does.
I know Verizon uses IPv6 on their mobile network, as an FTP login to my server from my phone connected to a mobile tower yields an IPv6 address. I'm not sure how I could ever tell if IPv6 is used for VoLTE, though, as I don't have that level of access to their network.
I do know that my mother-in-law's Samsung phone doesn't have a problem on her home wifi, but that is your typical consumer router <2 years old. I think it is common for such gear to default to IPv4 on the LAN. It may be there is a Samsung bug with wifi calling that is triggered by the availability of IPv6, even if it isn't using it. To be honest, it is academic once it is isolated to a Samsung problem rather than pfSense - the Samsung phone must go.
-
@lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:
I know Verizon uses IPv6 on their mobile network, as an FTP login to my server from my phone connected to a mobile tower yields an IPv6 address. I'm not sure how I could ever tell if IPv6 is used for VoLTE, though, as I don't have that level of access to their network.
My cell company (Rogers) also has IPv6 and I get a /64, when I tether to it. Like you, I have no way to see what's on the cell network.
I do know that my mother-in-law's Samsung phone doesn't have a problem on her home wifi, but that is your typical consumer router <2 years old. I think it is common for such gear to default to IPv4 on the LAN.
Actually, routers these days should handle IPv6, thought some people don't enable it. It's the client that normally defaults to IPv6, not the router.
-
@JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:
Actually, routers these days should handle IPv6, thought some people don't enable it. It's the client that normally defaults to IPv6, not the router.
I think what you're referring to as IPv6 is a link-local address. A globally-routable IPv6 (SLAAC) requiring prefix delegation is not the default configuration in a consumer router, and does require a change to router setup. I think. It isn't default in pfSense either.
-
No, if IPv6 is available, from an ISP, the default is to prefer IPv6, though that can be changed. So, if you have IPv6 on your network, and not just link local, then it will be used, unless you've configured the computer otherwise. However, there are people who have IPv6 avaiable from their ISP and don't even know it. They configure for IPv4 only.
BTW, I've been running IPv6 on my home network for almost 10 years, so I'm speaking from experience. I have a utility on my browser called "ShowIP" and it's currently displaying an IPv6 address for the forum.
-
@JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:
No, if IPv6 is available, from an ISP, the default is to prefer IPv6, though that can be changed. So, if you have IPv6 on your network, and not just link local, then it will be used, unless you've configured the computer otherwise. However, there are people who have IPv6 avaiable from their ISP and don't even know it. They configure for IPv4 only.
BTW, I've been running IPv6 on my home network for almost 10 years, so I'm speaking from experience. I have a utility on my browser called "ShowIP" and it's currently displaying an IPv6 address for the forum.
My point was that a default router configuration, even if it receives an external IPv6, still does not prefix-delegate a globally-routable address for use by LAN devices. I'm sure you're aware pfSense does not enable this by default, so your average consumer router doesn't either. I just did this recently so the experience is still fresh in my mind. IPv6 on the LAN, not device-generated link-local addresses, is a deliberate configuration in pfSense, not the default.
I also have globally-routable IPv6 addresses available to my LAN devices, but I had to deliberately configure this way. Which is why I think we don't see a flood of Samsung wifi calling/SMS complaints. 99% of home network owners don't set up LAN IPv6.
-
I bet the phone is not pointing to the SG-3100 to resolve all DNS request when using WIFI.
-
@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:
I bet the phone is not pointing to the SG-3100 to resolve all DNS request when using WIFI.
A few people have posted here with very similar problems, usually involving Samsung. I can't speak for them, but my pfSense (Supermicro X11SDV-4C-TP8F) is configured as the DNS server and works well with Android Pixel phones, but not Samsung.
-
@lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:
My point was that a default router configuration, even if it receives an external IPv6, still does not prefix-delegate a globally-routable address for use by LAN devices. I'm sure you're aware pfSense does not enable this by default, so your average consumer router doesn't either. I just did this recently so the experience is still fresh in my mind. IPv6 on the LAN, not device-generated link-local addresses, is a deliberate configuration in pfSense, not the default.
With my ISP, if you use their modem in gateway mode, it will provide IPv6 as well as IPv4. The problem arises when people install their own router. Since they're not aware of IPv6, they likely won't configure for it. I haven't used one of those consumer grade routers on my network for several years. However, 10 years ago, my firewall was built on openSUSE Linux and I only got IPv6 by running a tunnel. When my ISP started providing IPv6, 4 years ago, I switched to pfSense because my old firewall wouldn't handle DHCP-v6-PD. I also suspect many who should know better don't enable IPv6 because they're not competent with it.
-
@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:
I bet the phone is not pointing to the SG-3100 to resolve all DNS request when using WIFI.
If Wifi calling uses a publicly available DNS or even one internal to the carrier, that shouldn't be an issue. Also, I did a host lookup on the address used for Wifi calling and it didn't return a host name, so it may be configured by actual IP address, rather than host name.
-
@JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:
. I also suspect many who should know better don't enable IPv6 because they're not competent with it.
Guilty...my ISP gives both; yet, because my brain goes into foreign mode and refuses the hexadecimal, I stick to IPv4...silly! Need to overcome it soon!
-
@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:
Guilty...my ISP gives both; yet, because my brain goes into foreign mode and refuses the hexadecimal, I stick to IPv4...silly! Need to overcome it soon!
But your Samsung phone works with wifi calling and SMS, like most people.
-
@lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:
@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:
Guilty...my ISP gives both; yet, because my brain goes into foreign mode and refuses the hexadecimal, I stick to IPv4...silly! Need to overcome it soon!
But your Samsung phone works with wifi calling and SMS, like most people.
Well, I am an Apple person...so iPhone here.