The firewall appears to be blocking outgoing text messages from my phone ...

lifespeed

@red3recon said in The firewall appears to be blocking outgoing text messages from my phone ...:

I use the software firewall untangle as my router firewall for my home network. I found over the last several months that all of the phones in my house that use Wi-Fi calling will sometimes have problems either sending or receiving pictures via SMS. I'm not trying to hijack this post, I'm trying to point out that it's not just pfsense that's causing this problem, nor is it just older phones because I just had the issue 5 minutes ago on my note 10 plus. It's also not limited to carrier because the original poster is on Verizon and I am on AT&T.

Ah, you have Samsung too. It is my slightly-informed opinion that Samsung has a problem with wifi calling (which is SMS-over-wifi as well) with an IPv6-enabled network. But I'm neither tech-savvy enough, or interested enough to become more wireshark-skilled, to prove this with certainty.

My solution will be to ditch the only Samsung phone in our household, which will come at a price. But I can't have the darn thing not receiving calls to one of my kids, and I'm not interested in trying to accommodate Samsung's stupidity.

JKnott

@lifespeed

Wifi calling uses the same protocol as VoLTE. It's VoIP encrypted with IPSec and then encapsulated in UDP, if passing through NAT. I don't know what's used when directly on the cell network, but on my WiFi, it uses IPv4, even though I have IPv6 available. I don't know much about the protocols used beyond that. Perhaps someone else here does.

lifespeed

@JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:

@lifespeed

Wifi calling uses the same protocol as VoLTE. It's VoIP encrypted with IPSec and then encapsulated in UDP, if passing through NAT. I don't know what's used when directly on the cell network, but on my WiFi, it uses IPv4, even though I have IPv6 available. I don't know much about the protocols used beyond that. Perhaps someone else here does.

I know Verizon uses IPv6 on their mobile network, as an FTP login to my server from my phone connected to a mobile tower yields an IPv6 address. I'm not sure how I could ever tell if IPv6 is used for VoLTE, though, as I don't have that level of access to their network.

I do know that my mother-in-law's Samsung phone doesn't have a problem on her home wifi, but that is your typical consumer router <2 years old. I think it is common for such gear to default to IPv4 on the LAN. It may be there is a Samsung bug with wifi calling that is triggered by the availability of IPv6, even if it isn't using it. To be honest, it is academic once it is isolated to a Samsung problem rather than pfSense - the Samsung phone must go.

JKnott

@lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:

I know Verizon uses IPv6 on their mobile network, as an FTP login to my server from my phone connected to a mobile tower yields an IPv6 address. I'm not sure how I could ever tell if IPv6 is used for VoLTE, though, as I don't have that level of access to their network.

My cell company (Rogers) also has IPv6 and I get a /64, when I tether to it. Like you, I have no way to see what's on the cell network.

I do know that my mother-in-law's Samsung phone doesn't have a problem on her home wifi, but that is your typical consumer router <2 years old. I think it is common for such gear to default to IPv4 on the LAN.

Actually, routers these days should handle IPv6, thought some people don't enable it. It's the client that normally defaults to IPv6, not the router.

lifespeed

@JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:

Actually, routers these days should handle IPv6, thought some people don't enable it. It's the client that normally defaults to IPv6, not the router.

I think what you're referring to as IPv6 is a link-local address. A globally-routable IPv6 (SLAAC) requiring prefix delegation is not the default configuration in a consumer router, and does require a change to router setup. I think. It isn't default in pfSense either.

JKnott

@lifespeed

No, if IPv6 is available, from an ISP, the default is to prefer IPv6, though that can be changed. So, if you have IPv6 on your network, and not just link local, then it will be used, unless you've configured the computer otherwise. However, there are people who have IPv6 avaiable from their ISP and don't even know it. They configure for IPv4 only.

BTW, I've been running IPv6 on my home network for almost 10 years, so I'm speaking from experience. I have a utility on my browser called "ShowIP" and it's currently displaying an IPv6 address for the forum.

lifespeed

@JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:

@lifespeed

No, if IPv6 is available, from an ISP, the default is to prefer IPv6, though that can be changed. So, if you have IPv6 on your network, and not just link local, then it will be used, unless you've configured the computer otherwise. However, there are people who have IPv6 avaiable from their ISP and don't even know it. They configure for IPv4 only.

BTW, I've been running IPv6 on my home network for almost 10 years, so I'm speaking from experience. I have a utility on my browser called "ShowIP" and it's currently displaying an IPv6 address for the forum.

My point was that a default router configuration, even if it receives an external IPv6, still does not prefix-delegate a globally-routable address for use by LAN devices. I'm sure you're aware pfSense does not enable this by default, so your average consumer router doesn't either. I just did this recently so the experience is still fresh in my mind. IPv6 on the LAN, not device-generated link-local addresses, is a deliberate configuration in pfSense, not the default.

I also have globally-routable IPv6 addresses available to my LAN devices, but I had to deliberately configure this way. Which is why I think we don't see a flood of Samsung wifi calling/SMS complaints. 99% of home network owners don't set up LAN IPv6.

NollipfSense

I bet the phone is not pointing to the SG-3100 to resolve all DNS request when using WIFI.

lifespeed

@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

I bet the phone is not pointing to the SG-3100 to resolve all DNS request when using WIFI.

A few people have posted here with very similar problems, usually involving Samsung. I can't speak for them, but my pfSense (Supermicro X11SDV-4C-TP8F) is configured as the DNS server and works well with Android Pixel phones, but not Samsung.

JKnott

@lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:

My point was that a default router configuration, even if it receives an external IPv6, still does not prefix-delegate a globally-routable address for use by LAN devices. I'm sure you're aware pfSense does not enable this by default, so your average consumer router doesn't either. I just did this recently so the experience is still fresh in my mind. IPv6 on the LAN, not device-generated link-local addresses, is a deliberate configuration in pfSense, not the default.

With my ISP, if you use their modem in gateway mode, it will provide IPv6 as well as IPv4. The problem arises when people install their own router. Since they're not aware of IPv6, they likely won't configure for it. I haven't used one of those consumer grade routers on my network for several years. However, 10 years ago, my firewall was built on openSUSE Linux and I only got IPv6 by running a tunnel. When my ISP started providing IPv6, 4 years ago, I switched to pfSense because my old firewall wouldn't handle DHCP-v6-PD. I also suspect many who should know better don't enable IPv6 because they're not competent with it.

JKnott

@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

I bet the phone is not pointing to the SG-3100 to resolve all DNS request when using WIFI.

If Wifi calling uses a publicly available DNS or even one internal to the carrier, that shouldn't be an issue. Also, I did a host lookup on the address used for Wifi calling and it didn't return a host name, so it may be configured by actual IP address, rather than host name.

NollipfSense

@JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:

. I also suspect many who should know better don't enable IPv6 because they're not competent with it.

Guilty...my ISP gives both; yet, because my brain goes into foreign mode and refuses the hexadecimal, I stick to IPv4...silly! Need to overcome it soon!

lifespeed

@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

Guilty...my ISP gives both; yet, because my brain goes into foreign mode and refuses the hexadecimal, I stick to IPv4...silly! Need to overcome it soon!

But your Samsung phone works with wifi calling and SMS, like most people.

NollipfSense

@lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:

@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

Guilty...my ISP gives both; yet, because my brain goes into foreign mode and refuses the hexadecimal, I stick to IPv4...silly! Need to overcome it soon!

But your Samsung phone works with wifi calling and SMS, like most people.

Well, I am an Apple person...so iPhone here.

JKnott

@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

Need to overcome it soon!

There's no time like the present. PfSense works well with IPv6. As for hex addresses you just don't think of them. As there's no configuration involved, everything just works.

JKnott

@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

Well, I am an Apple person...so iPhone here.

That's OK. We all have our faults.

lifespeed

@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

Well, I am an Apple person...so iPhone here.

What are you doing in a pfSense forum, shouldn't you have an Air-something-or-other routing your network?

NollipfSense

@JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:

@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

Need to overcome it soon!

There's no time like the present. PfSense works well with IPv6. As for hex addresses you just don't think of them. As there's no configuration involved, everything just works.

Ah...I had been thinking to slowly implement on LAN...you might change my mind.

NollipfSense

@lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:

@NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

Well, I am an Apple person...so iPhone here.

What are you doing in a pfSense forum, shouldn't you have an Air-something-or-other routing your network?

Network consists of pfSense, Mikrotik, Netgear managed switch, and two Apple Extremes...likes all!

VCIO

@NollipfSense
I have Verizon for cell and had the same issue with the latest Android version. Text messages would hang, or not go out at all.

Turning off IPV6 on my internal LAN connection, no issues.
I can now text without issue.

Wife's iPhone (X) didnt seem to be affected.