I switched to T-Mobile with the release of the iPhone 6, but have been having some issues with Wifi Calling.
The main issues are:
1) Incoming calls often don't ring the phone (tested in various scenarios)
2) Phone noticeably warm when wifi calling is enabled
3) Carrier name at the top switches between "Tmobile Wifi" and "Tmobile" often
I have done some network debugging and have a bit of insight into why we are seeing this, but no solution. It appears the iphone makes a VPN connection (IPSec) to T-Mobile somewhere in the 208.54.0.0/16 network range. This is presumably to carry the call/sms traffic securely over whatever connection you are using. Here is a partial dump of the handshake/authentication:
13:40:53.455370 IP 192.168.1.50.500 > 208.54.73.75.500: isakmp: parent_sa ikev2_init
13:40:53.530091 IP 208.54.73.75.500 > 192.168.1.50.500: isakmp: parent_sa ikev2_init[R]
13:40:53.566009 IP 192.168.1.50.4500 > 208.54.73.75.4500: NONESP-encap: isakmp: child_sa* ikev2_auth
13:40:53.978595 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: child_sa* ikev2_auth[R]
13:40:53.978600 IP 208.54.73.75 > 192.168.1.50: ip-proto-17
13:40:53.978604 IP 208.54.73.75 > 192.168.1.50: ip-proto-17
13:40:54.417070 IP 192.168.1.50.4500 > 208.54.73.75.4500: NONESP-encap: isakmp: child_sa* ikev2_auth
13:40:54.780110 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: child_sa* ikev2_auth[R]
13:40:54.799109 IP 192.168.1.50.4500 > 208.54.73.75.4500: NONESP-encap: isakmp: child_sa* ikev2_auth
13:40:54.931454 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: child_sa* ikev2_auth[R]
13:40:54.936568 IP 208.54.73.75.4500 > 192.168.1.50.4500: UDP-encap: ESP(spi=0x0c3765bd,seq=0x1), length 148
13:40:54.989651 IP 192.168.1.50.4500 > 208.54.73.75.4500: UDP-encap: ESP(spi=0x003c7a39,seq=0x1), length 1236192.168.1.50
When the phone is put to sleep, it continues to maintain contact with T-Mobile via an isakmp-nat-keep-alive packet (UDP) approx every 20-30 seconds:
13:43:51.901446 IP 192.168.1.50.4500 > 208.54.73.75.4500: isakmp-nat-keep-alive
13:44:18.494643 IP 192.168.1.50.4500 > 208.54.73.75.4500: isakmp-nat-keep-alive
(side note, this doesn't appear to fully wake the wifi radio, as the phone is still unpingable when these packets are seen)
Unfortuantely at some point (asleep or awake doesn't seem to matter) this happens:
13:45:31.425096 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: parent_sa inf2
13:45:31.427986 IP 192.168.1.50 > 208.54.73.75: ICMP 192.168.1.50 udp port 4500 unreachable, length 36
13:45:36.425307 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: parent_sa inf2
13:45:36.597782 IP 192.168.1.50 > 208.54.73.75: ICMP 192.168.1.50 udp port 4500 unreachable, length 36
13:45:41.424608 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: parent_sa inf2
13:45:41.508620 IP 192.168.1.50 > 208.54.73.75: ICMP 192.168.1.50 udp port 4500 unreachable, length 36
It appears the iphone is saying that port 4500 is no longer reachable, forcing the reauthentication of the vpn. The vpn seems to be torn down and restarted over and over, which probably accounts for the heat. It is doing a fair bit of compute work to start the encryption (assumption).
Unfortunately when the vpn enters this state, T-Mobile's backend seems to think it is still connected and doesn't attempt to ring the phone via the cellular network as seen here:
13:48:58.451378 IP 208.54.73.78.4500 > 192.168.1.50.4500: UDP-encap: ESP(spi=0x06d483b4,seq=0x21), length 132
13:49:01.523505 IP 208.54.73.78.4500 > 192.168.1.50.4500: UDP-encap: ESP(spi=0x06d483b4,seq=0x22), length 132
13:49:01.871629 IP 208.54.73.78.4500 > 192.168.1.50.4500: UDP-encap: ESP(spi=0x06d483b4,seq=0x23), length 132
13:49:03.837764 IP 208.54.73.78.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: parent_sa inf2
13:49:03.882334 IP 192.168.1.50 > 208.54.73.78: ICMP 192.168.1.50 udp port 4500 unreachable, length 36
13:49:08.836944 IP 208.54.73.78.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: parent_sa inf2
13:49:08.930204 IP 192.168.1.50 > 208.54.73.78: ICMP 192.168.1.50 udp port 4500 unreachable, length 36
In this case, T-Mobile's server tries to contact me back but fails because the iPhone is no longer interested in chatting on UDP/4500. This leads me to believe the fault is no on T-Mobile's end, but Apple's.
I have done a lot of debugging here, including forcing egress/ingress ports, but in every case the iPhone eventually sends an ICMP port unreachable regarding 4500. I also switched routers during testing and am currently using the T-Mobile Cellspot router. I have also done this testing with two separate iPhone 6s.
This was a lot of annoying debugging, but from this I firmly believe that either 1) T-Mobile and Apple are a bit out of sync on how this vpn should operate. 2) something about iOS sleep state breaks the behind-the-scenes IPSec implementation running on the phone. 3) No idea.
Please fix this Apple. The feature is great, especially when in a location with subpar service. In its current state it drains the battery very quickly and is basically unusable.
The main issues are:
1) Incoming calls often don't ring the phone (tested in various scenarios)
2) Phone noticeably warm when wifi calling is enabled
3) Carrier name at the top switches between "Tmobile Wifi" and "Tmobile" often
I have done some network debugging and have a bit of insight into why we are seeing this, but no solution. It appears the iphone makes a VPN connection (IPSec) to T-Mobile somewhere in the 208.54.0.0/16 network range. This is presumably to carry the call/sms traffic securely over whatever connection you are using. Here is a partial dump of the handshake/authentication:
13:40:53.455370 IP 192.168.1.50.500 > 208.54.73.75.500: isakmp: parent_sa ikev2_init
13:40:53.530091 IP 208.54.73.75.500 > 192.168.1.50.500: isakmp: parent_sa ikev2_init[R]
13:40:53.566009 IP 192.168.1.50.4500 > 208.54.73.75.4500: NONESP-encap: isakmp: child_sa* ikev2_auth
13:40:53.978595 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: child_sa* ikev2_auth[R]
13:40:53.978600 IP 208.54.73.75 > 192.168.1.50: ip-proto-17
13:40:53.978604 IP 208.54.73.75 > 192.168.1.50: ip-proto-17
13:40:54.417070 IP 192.168.1.50.4500 > 208.54.73.75.4500: NONESP-encap: isakmp: child_sa* ikev2_auth
13:40:54.780110 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: child_sa* ikev2_auth[R]
13:40:54.799109 IP 192.168.1.50.4500 > 208.54.73.75.4500: NONESP-encap: isakmp: child_sa* ikev2_auth
13:40:54.931454 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: child_sa* ikev2_auth[R]
13:40:54.936568 IP 208.54.73.75.4500 > 192.168.1.50.4500: UDP-encap: ESP(spi=0x0c3765bd,seq=0x1), length 148
13:40:54.989651 IP 192.168.1.50.4500 > 208.54.73.75.4500: UDP-encap: ESP(spi=0x003c7a39,seq=0x1), length 1236192.168.1.50
When the phone is put to sleep, it continues to maintain contact with T-Mobile via an isakmp-nat-keep-alive packet (UDP) approx every 20-30 seconds:
13:43:51.901446 IP 192.168.1.50.4500 > 208.54.73.75.4500: isakmp-nat-keep-alive
13:44:18.494643 IP 192.168.1.50.4500 > 208.54.73.75.4500: isakmp-nat-keep-alive
(side note, this doesn't appear to fully wake the wifi radio, as the phone is still unpingable when these packets are seen)
Unfortuantely at some point (asleep or awake doesn't seem to matter) this happens:
13:45:31.425096 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: parent_sa inf2
13:45:31.427986 IP 192.168.1.50 > 208.54.73.75: ICMP 192.168.1.50 udp port 4500 unreachable, length 36
13:45:36.425307 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: parent_sa inf2
13:45:36.597782 IP 192.168.1.50 > 208.54.73.75: ICMP 192.168.1.50 udp port 4500 unreachable, length 36
13:45:41.424608 IP 208.54.73.75.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: parent_sa inf2
13:45:41.508620 IP 192.168.1.50 > 208.54.73.75: ICMP 192.168.1.50 udp port 4500 unreachable, length 36
It appears the iphone is saying that port 4500 is no longer reachable, forcing the reauthentication of the vpn. The vpn seems to be torn down and restarted over and over, which probably accounts for the heat. It is doing a fair bit of compute work to start the encryption (assumption).
Unfortunately when the vpn enters this state, T-Mobile's backend seems to think it is still connected and doesn't attempt to ring the phone via the cellular network as seen here:
13:48:58.451378 IP 208.54.73.78.4500 > 192.168.1.50.4500: UDP-encap: ESP(spi=0x06d483b4,seq=0x21), length 132
13:49:01.523505 IP 208.54.73.78.4500 > 192.168.1.50.4500: UDP-encap: ESP(spi=0x06d483b4,seq=0x22), length 132
13:49:01.871629 IP 208.54.73.78.4500 > 192.168.1.50.4500: UDP-encap: ESP(spi=0x06d483b4,seq=0x23), length 132
13:49:03.837764 IP 208.54.73.78.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: parent_sa inf2
13:49:03.882334 IP 192.168.1.50 > 208.54.73.78: ICMP 192.168.1.50 udp port 4500 unreachable, length 36
13:49:08.836944 IP 208.54.73.78.4500 > 192.168.1.50.4500: NONESP-encap: isakmp: parent_sa inf2
13:49:08.930204 IP 192.168.1.50 > 208.54.73.78: ICMP 192.168.1.50 udp port 4500 unreachable, length 36
In this case, T-Mobile's server tries to contact me back but fails because the iPhone is no longer interested in chatting on UDP/4500. This leads me to believe the fault is no on T-Mobile's end, but Apple's.
I have done a lot of debugging here, including forcing egress/ingress ports, but in every case the iPhone eventually sends an ICMP port unreachable regarding 4500. I also switched routers during testing and am currently using the T-Mobile Cellspot router. I have also done this testing with two separate iPhone 6s.
This was a lot of annoying debugging, but from this I firmly believe that either 1) T-Mobile and Apple are a bit out of sync on how this vpn should operate. 2) something about iOS sleep state breaks the behind-the-scenes IPSec implementation running on the phone. 3) No idea.
Please fix this Apple. The feature is great, especially when in a location with subpar service. In its current state it drains the battery very quickly and is basically unusable.