The firewall appears to be blocking outgoing text messages from my phone ...
-
@sparkyMcpenguin said in The firewall appears to be blocking outgoing text messages from my phone ...:
@lifespeed
side note: using cloudflare dns (without adding TLS hostname) will use the DoH standard as per the explanation on their site. i believe google does as well. i dont remember about quad9, but from my understanding of the pfsense documentation, if you enter the TLS hostname, it will use both depending on whatever situation or browser being used. as for the 'insecure' secure quad9, that just means it doesn't have their complimentary 'we have ad blocker and ips/ids stuff too guys let us play..." hehSo it sounds like I left out a key step of entering the DNS server domain names? Or is TLS and DNSsec required as well? Just trying to figure out why I'm still not getting wifi calling and SMS on the Samsung phone.
-
@lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:
@sparkyMcpenguin said in The firewall appears to be blocking outgoing text messages from my phone ...:
@lifespeed
side note: using cloudflare dns (without adding TLS hostname) will use the DoH standard as per the explanation on their site. i believe google does as well. i dont remember about quad9, but from my understanding of the pfsense documentation, if you enter the TLS hostname, it will use both depending on whatever situation or browser being used. as for the 'insecure' secure quad9, that just means it doesn't have their complimentary 'we have ad blocker and ips/ids stuff too guys let us play..." hehSo it sounds like I left out a key step of entering the DNS server domain names? Or is TLS and DNSsec required as well? Just trying to figure out why I'm still not getting wifi calling and SMS on the Samsung phone.
yes for DNSSEC those extra little 'server options' from what i understand in the video i linked, need to be set
"tls and dnssec required?" i 'think' so. entering in the info just in the server options and in general setup i believe without the dnssec support checkbox enabled, could explain broken dns routing.
it's possible you need to check your phone APN settings and add the host names of your carrier listed there into the DNSBL whitelist (i did this for my carrier - still after it working just added it for certainty - like in case a blocklist lists those addresses) i had a block list blocking google dns just last week (reported it to the list owner already). no issues since
-
@sparkyMcpenguin said in The firewall appears to be blocking outgoing text messages from my phone ...: possible you need to check your phone APN settings and add the host names of your carrier listed there into the DNSBL whitelist (i did this for my carrier - still after it working just added it for certainty - like in case a blocklist lists those addresses) i had a block list blocking google dns just last week (reported it to the list owner already). no issues since
Does pfSense enable any blocklists by default? I don't think I have enabled any. If it isn't obvious already, I am far from an expert on this router SW.
-
@lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:
@sparkyMcpenguin said in The firewall appears to be blocking outgoing text messages from my phone ...: possible you need to check your phone APN settings and add the host names of your carrier listed there into the DNSBL whitelist (i did this for my carrier - still after it working just added it for certainty - like in case a blocklist lists those addresses) i had a block list blocking google dns just last week (reported it to the list owner already). no issues since
Does pfSense enable any blocklists by default? I don't think I have enabled any. If it isn't obvious already, I am far from an expert on this router SW.
as far as i know, no. but usually a cell phone carrier's proxy on mobile is set to an Internally Routeable IP Address (RFC 1918).
when i first started i had those blocks enabled. didn't work. turned it off, still didn't work. turned it back on, changed dns settings cleared cache reboot for safe measure, forgot about it for a couple days checked again and it was working just fine.
what i did (this is for ATT) was add their 'mmsc.x.x.x' and 'proxy.x.x.x' listed (hostname not ip as RFC 1918 is a private ip address not public, so the DNS lookup for that IP would fail as per my testing) (forgot to finish this thought:) added it to DNSBL whitelist
to verify all this i installed hetools onto my phone, on and off wifi did traceroute tests to the att proxy and my public facing wan ip
this gave me 'extra ip addresses' that i then added to the IP whitelist as yet another redundacy backup.
wifi calling also (for me) works over the openvpn i have set up (on wifi not cell service - obviously) with the android phone originally in question
i also have 'switch to mobile network when wifi connectivity..." turned on and off for testing. worked either way for me (depending on wifi interference as well.. too many walls in the way or if im outside, and wifi calling is still intermittent, but will reconnect when it gets a stronger signal)
-
@A-Former-User said in The firewall appears to be blocking outgoing text messages from my phone ...:
it's possible you need to check your phone APN settings and add the host names of your carrier listed there into the DNSBL whitelist (i did this for my carrier - still after it working just added it for certainty - like in case a blocklist lists those addresses) i had a block list blocking google dns just last week (reported it to the list owner already). no issues since
There are no hostnames in the APN settings of the Samsung/Verizon phone.
-
I did a host lookup on the IP address my carrier uses and there was no associated host name.
-
Just a quick update, the final resolution for this ended up being to replace the Samsung 9plus with a Pixel 4XL. It has been working reliably for a week using wifi calling. Not every network problem is pfSense's fault.
As an additional example of problem network clients, I use home automation software called Homeseer 3. The smartphone app can only access it from inside the network by IPv4 address, not from the WAN by domain and IPv6. But it can be accessed from the WAN by IPv4. It is not a problem with pfSense configuration either.
While I have to keep my home automation software and hope they fix it, I can work around it. But the Samsung phone not receiving calls on wifi was impossible to work around. Sometimes you have to be willing to trash a problem client.
-
I swapped out a Fresh Tomato NAT box for an SG-3100 last weekend and now both my wife (Galaxy S4 on Verizon) and I (Galaxy S10 on Verizon) are having issues with SMS over Wifi. Although I have an IPv6 firewall rule (Pass/IPv6/Any) for the VLAN the phones connect to, the ISP does not yet support IPv6 so I wonder how the "disable IPv6" workaround I see here might work for me.
I have a lot of experiments to run to try to resolve this issue for myself. I also have a second ISP that supports IPv6 so I can play with that too. In the mean time, I'm getting the wife a Pixel 4a to keep the peace. More later...
-
@NineEyes Keep us posted if you find a solution. There have been many reports of problems with Samsung, but I'm not sure it has ever been tracked down to a specific issue, other than the availability of IPv6 makes it choke. For me, disabling IPv6 to workaround what a believe is a Samsung problem makes no sense.
If it is a Samsung phone problem, then the solution is to ditch Samsung and keep using IPv6. Although I know getting rid of a new phone is painful.
-
@NineEyes - have you tried the suggestion here yet, i.e. changing the Firewall Optimization to conservative?
https://forum.netgate.com/topic/155113/wifi-calling-issue
A family member also has a Samsung Galaxy Android phone - this change seems to have resolved all issues (WiFi calling and SMS related) for us.
Hope this helps.
-
@tman222 - Your link looks promising. Thank you! I will definitely try it and report back when I have some solid data.
-
After 22 days of solid SMS performance with my Galaxy S10, I'm ready to call changing "Firewall Optimization Options" to "Conservative" a roaring success. Thanks @tman222!
I also like @MagneticMuffin 's explanation enough that I do not intend to research this further.
Thanks all!
-
This post is deleted! -
Wow! I started this thread over a year and a half ago, and it looks like we may finally have a definitive solution. Three of the four members of my family still use Samsung phones, so I'm excited to give this a shot.
Is there any downside to changing the firewall optimization to "Conservative"? What exactly does this setting do?
-
@gweempose said in The firewall appears to be blocking outgoing text messages from my phone ...:
Wow! I started this thread over a year and a half ago, and it looks like we may finally have a definitive solution. Three of the four members of my family still use Samsung phones, so I'm excited to give this a shot.
Is there any downside to changing the firewall optimization to "Conservative"? What exactly does this setting do?
Hi @gweempose - please check out the link below for some more info - essentially the difference between the various optimization modes is how quickly the firewall expires entries in the state table (i.e. in conservative mode this would happen more slowly):
https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#firewall-optimization-options
Hope this helps.
-
I am also able to confirm firewall optimization option set to conservative fixed the Samsung phone problem on my network as well.
Even though I have long since disposed of the only Samsung phone in our household as a workaround for this vexing problem, a relative has a Samsung phone. Previously it failed, now with the revised pfsense firewall configuration it works reliably.
I can't help but wonder if conservative is the more-appropriate default option for pfsense as installed.
-
I have now been using the new "Coservative" firewall settings for over two weeks, and I can say with confidence that it 100% fixed the problem with my Samsung Galaxy S8+. No more issue with texts. No more issue with wi-fi calling. Everything works exactly as it should.
-
This post is deleted!
