Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Whatsapp video and voice calls stopped working

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Polle
      last edited by

      Hi,
      Ever since we upgraded to 2.6, whatsapp audio and video calls stopped working on our guest network. We're using a captive portal and I did apply the system patch (and rebooted) - still no go. I disabled the captive portal, didn't help. The guest network is on a qtagged VLAN on a separate network interface so maybe that is not covered by the patch. Any idea ?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Did you disable all Captive Portal zones? Do you have Limiters configured?

        Do you see anything blocked in the firewall log?

        Steve

        P 1 Reply Last reply Reply Quote 0
        • P
          Polle @stephenw10
          last edited by

          @stephenw10 Hi Steve,
          I don't fully get your remark: if I disable the captive portal, the zones don't really matter I guess. The clients just get connected straight away once they select the visitor network.
          No limiters configured and I see nothing related in the firewall logs. Already took a (quick) look with WireShark but so far I didn't find a root cause ...

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            You might have only disabled the captive portal for the guest interface and still had it running on a different interface which would still create the issue.
            Did you reboot the firewall after disabling the CP? ipfw is not loaded at boot but disabling it after boot does not unload it.
            Does any UDP traffic work? The patch that addressed this allowed UDP to pass. Without it only TCP traffic passes the CP.

            Steve

            P 1 Reply Last reply Reply Quote 0
            • P
              Polle @stephenw10
              last edited by

              @stephenw10 Hmm - didn't reboot after disabling the CP - only after applying the patch. Going to try that later today (and check other UDP traffic).
              If that works, it means that the patch is not working ...

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                It could be something else. The patch should allow UDP traffic to work with the CP still active.

                If it works after rebooting with the CP disabled that implies some other interaction between ipfw and something. If so that's something we are not aware of. The issue with ipfw and Limiters restricts all traffic not just UDP. Also we are assuming this is a UDP issue because the previous time we saw whatsap video fail it was.

                Steve

                P 2 Replies Last reply Reply Quote 0
                • P
                  Polle @stephenw10
                  last edited by

                  @stephenw10 :-( No go - disabled CP and rebooted, still no WhatsApp audio/video calls on the guest network which means it's not the captive portal UDP issue ...

                  1 Reply Last reply Reply Quote 0
                  • P
                    Polle @stephenw10
                    last edited by

                    @stephenw10 Well well
                    I tried a call while looking at the filter log on the console and I notice:
                    Jun 17 18:45:00 pfSense filterlog[49090]: 4,,,1000000103,em1.199,match,block,in,4,0xc0,,64,48162,0,DF,17,udp,240,192.168.22.174,157.240.247.62,49261,3478,220

                    and from nslookup:
                    Name: edgeray-shv-01-ams2.facebook.com
                    Address: 157.240.247.62

                    So now need to find out where/why it get's blocked ... em1.199 is VLAN 199 on NIC em1

                    P 1 Reply Last reply Reply Quote 0
                    • P
                      Polle @Polle
                      last edited by

                      @polle

                      from /tmp/rules.debug:

                      #---------------------------------------------------------------------------

                      default deny rules

                      #---------------------------------------------------------------------------
                      block in log inet all ridentifier 1000000103 label "Default deny rule IPv4"

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by stephenw10

                        @polle said in Whatsapp video and voice calls stopped working:

                        1000000103

                        Yup, that's the default deny rule. So what pass rules do you have on that interface? Have you accidentally set TCP only? A common error.

                        Steve

                        P 1 Reply Last reply Reply Quote 0
                        • P
                          Polle @stephenw10
                          last edited by

                          @stephenw10 I'm going to throw myself from a bridge ... On my personal pfSense box I had only TCP enabled (as you suggested) - how did I ever manage to overlook that - it was standing there right before my eyes.
                          On the other box (very similar setup) - it's most likely the same issue, will check that later

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            It's very easily done. Ask me how I know! 😉

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.