I've got a confusing problem here and would love some assistance.
Yesterday I refreshed my network and have since lost WiFi calling / Phone registration for my Mint Mobile (T-Mobile) phone. I live in a remote area and require WiFi calling to function.
Previously I had a WG1608 w/LTE running with ROOter GoldenOrb_2022-10-21 (OpenWrt 21.02-SNAPSHOT)
This served an SSID my WiFi6 router (AX3600, stock firmware) would repeat, in wireless repeater mode.
This configuration permitted WiFi calling when connecting to the AX3600 SSID. If my phone connected directly to the WG1608 SSID, the phone would not register and WiFi calling would not function.
I have refreshed this configuration:
I now have a Proxmox VM x86 router running OpenWRT 22.03.2 and the same AX3600 is connected now via ethernet because the platform I've built on has no wireless. The AX3600's mode was changed from Wireless Repeater AP to Wired AP mode.
[x86 Router]<Wired>[AX3600]<WiFi>[Phone]
With this topography/sw stack I can not get my phone to register on the service, so WiFi calling does not function.
I'm not clear what configs or logs would be desirable to see, but I'm highly motivated so, please, let me know!
/edit: Just Checked [x86 Router]<Wired>[Phone] with a USB C Dock and was unable to register/perform calling.
/edit2: Attempted to use a VPN app on my phone to encapsulate the traffic. No dice, but it was a freeware VPN utility so I'm not sure that's conclusive.
/edit3: I've enabled logging on the Firewall rules and am not seeing any clearly relevant blocking events
I'm going to guess it has something to do with IPv6. T-Mobile really likes IPv6. If your ISP doesn't offer IPv6, you need to make sure OpenWrt is only showing the phone an IPv4 address and V6 is completely shut down. If your ISP does offer IPv6, the router needs to be properly configured to pass it to the phone.
Proxmox is a Debian-based server for virtualization.
Are you sure that the underlying hypervisor is not blocking any network traffic required for Wifi call?
No I'm not certain. I'll move my tcpdump up a layer to see if there might be more to follow on the Hypervisor.
@mk24
I have been on an IPv6 chase with this as you have suggested. Workstations on the network fail the ipv6-test.com large packet test. I do appear to have IPv6 from the ISP and playing with IPv6 delegation/RA settings impacts my ipv6-test.com results. I'm hoping once I get that test to 10/10 I'll be calling once again.
I may go the USB stick route here in a few moments.
The vm-router is able to ping6 to ipv6.google.com, but the Proxmox host is not able.
After disabling delegation and converting to relay mode, I retain some IPv6 functionality according to test-ipv6.com but I'm still 1/10- would you mind running that test as a sanity check for me? Maybe it's not useful.
/edit: after you run tests, click on 'Tests Run' - I can not succeed in the Large IPv6 Packet Test
/edit2: sample output from ipv6test
|Test with IPv4 DNS record||ok (0.572s) using ipv4|
| --- | --- | --- |
|Test with IPv6 DNS record||ok (0.576s) using ipv6|
|Test with Dual Stack DNS record||ok (0.575s) using ipv6|
|Test for Dual Stack DNS and large packet||ok (0.567s) using ipv6|
|Test IPv6 large packet||timeout (15.015s)|
|Test if your ISP's DNS server uses IPv6||ok (0.738s) using ipv6|
|Find IPv4 Service Provider||ok (0.837s) using ipv4 ASN 20057|
|Find IPv6 Service Provider||ok (0.477s) using ipv6 ASN 20057|
I use relay as well on a non-virtualized x86 OpenWRT 22.03.2 behind a cable router
10/10.
all ipv6 tests ok for me.
large packet test ok.
all targets except test-ipv6.arauc.br work.
Thank you Pico. I mentioned before, but I have a LTE/modem connection from OpenWRT to the internet, so interfaces wan and wan6 are not used, instead I have a ModemManager interface which controls the modem and sets up the tcp. Do I need to add an entry into the DHCP config for the modemmanager interface or are the wan and lan designations here firewall zones?
/edit: you may notice my ipv6 mtu @ 1280, this was a recommendation I came across last night. There has been no material effect in changing the mtu I've observed
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option authoritative '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option leasetime '12h'
option dhcpv4 'server'
option limit '254'
option ra 'relay'
option dhcpv6 'relay'
option ndp 'relay'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'miwifi'
option dns '1'
option mac '8C:53:C3:B4:7E:23'
option ip '192.168.13.2'
config host
option dns '1'
option mac 'F8:5E:3C:30:EC:EE'
option ip '192.168.13.249'
option name 'rooter'
config host
option name 'clplexsrv01'
option dns '1'
option mac '92:A3:7C:32:18:56'
option ip '192.168.13.10'
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd5d:b54f:c504::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.13.1'
config device
option name 'wwan0'
option mtu '1500'
option mtu6 '1280'
config interface 'Broadband'
option proto 'modemmanager'
option device '/sys/devices/pci0000:00/0000:00:1e.0/0000:01:1b.0/usb3/3-1'
option apn 'firstnet-broadband'
option auth 'none'
option iptype 'ipv4v6'
option mtu '1500'
option ip6weight '0'
option delegate '0'
config device
option name 'eth0'
option mtu6 '1280'
config dhcp lan
option dhcpv6 relay
option ra relay
option ndp relay
i am though not gifted with extra ipv6 config for lte sticks, I kind of miss a correspondig config for your broadband. At least thats what wan6 is doing for on the default wan interface.
never had that before.
So far, I dont know, why your connection partly works.
But your Broadband config seems to have a MTU value, I would try 1300 and if that works, try to bisect the largest working value.
Ok. Added the DHCP config to the Broadband interface, configured as you have indicated. Now my clients aren't getting IPv6 leases per the Status page and the ipv6test fails detecting no ipv6 address
Attempted to apply the iptables config to resolve, but still seeing checksum/length errors and not succeeding with the ipv6 test.
/edit: The link suggests that the error was being registered because packets were being generated on the interface where the capture occurred. I have some bad checksums getting thrown for packets originating on the internet in addition to those generated on the router interface, such as DHCP.
The result of the link was that the OP realized there was no problem actually.
Don't have a clue why this isn't working for you; however, thought it might help to let you know that the following works for me.
[x86 Router]<wire (2 vlans)>[openwrt AP (22.03)]<wifi>[android device with custom rom, tmobile, wifi calling working]
I don't think the udp checksum is an issue, but it is apparently possible to set up a nft firewall rule to set the udp checksum to 0 which results in the checksum not being checked (i'm guessing your firewall is on the x86 router, my openwrt AP firewall is off). Link - you likely will have to adapt this to your firewall.
I've had issues in the past with tmobile and visual voice mail. Mysteriously, visual voice mail now works for me. This is probably related to the android device, updates to it's custom rom and I suspect also changes with tmobile. That said, if you have updates to your device recently you might also want to look there.
Are you removing your sim card from the tmobile device when attempting wifi calling? (i.e. using the sim card for your router? sorry it's not clear to me from your first post). Is the tmobile device ipv6 address different in the non working senarious but always the same when wifi calling works? I don't think a different ipv6 address should matter, but if your removing your sim and the ipv6 address changes, I wonder if Tmobile might become unhappy and refuse the connection.
thanks @anon98444528 I'm also skeptical it's the UDP Checksum because I have a lot of other traffic successfully traversing the path that's getting checksum errors. The only utilities I know at this point which do not work are test-ipv6 and phone registration / wifi calling.
Yes the firewall is running on the router. The router actually uses another carrier called FirstNet, it uses its own SIM and modem to connect. I was using that same modem and SIM on the previous router.
I don't have a network I can connect to at the moment to give me IPv6 address infos, but a trip into town will help with that. I'm headed that way tonight and can do some looking. With the configuration I have in place at the moment, my phone has 5 IPv6 addresses when I look at my wireless connection. I guess I've got a lot to learn about IPv6 cause that is confusing.
I'm an individual subscriber. The organization I work for qualifies but does not have an enterprise account with FirstNet so I manage my own account individually. I have not yet been in touch with FirstNet but have found their IPv6 MTU advice and applied that to interfaces in the stream.