Cataract2 Posted September 20, 2015 Share Posted September 20, 2015 So, just working on configuring my QOS service on my router and want to set it up for WIFI Calling when needed. To do so I need to know the port ranges used by Sprints WIFI Calling. Wonder if anyone on here might know this information. Quote Link to comment Share on other sites More sharing options...
lordsutch Posted September 20, 2015 Share Posted September 20, 2015 Wouldn't it be easier just to assign the phone a static IP and do QOS priority on its IP? Quote Link to comment Share on other sites More sharing options...
Cataract2 Posted September 20, 2015 Author Share Posted September 20, 2015 Wouldn't it be easier just to assign the phone a static IP and do QOS priority on its IP? Normally I would say yes, though I prefer to save static ips for wired devices. In the case of the phones, I would prefer to QOS the port so that it doesn't matter what device (phone) is used. 1 Quote Link to comment Share on other sites More sharing options...
Cataract2 Posted September 20, 2015 Author Share Posted September 20, 2015 Should also add. I prefer not to give any device complete bandwidth priority. I prefer to give it to the service needing it. 3 Quote Link to comment Share on other sites More sharing options...
techfranz Posted September 21, 2015 Share Posted September 21, 2015 Use Port 4500. Definitely is 4500. I know by experience because the ASUS routers Sprint sends out slow all other Port 4500 traffic to a standstill in order to give priority to WiFi calling. Anyway I would most likely start by setting Port 4500 to the Highest QOS Priority you have. Additional settings beloe: 500,4500,5060,5061,52000:59999 for WiFi Calling. 53,67,68,500,4500 for an Airvanna (if you have on connected to your router as well. The below details are just a summary of my research. Please let me know if you agree with my conclusions. Port 444 is for emergency 911. WiFi calling Gateway: IP Address: 68.31.26.1 Host of this IP: 68-31-26-1.pools.spcsdns.net From T-Mobile Documentation: From T-mobile's Instructions but much the same for Sprint WiFi Calling Routers. http://serverfault.com/questions/628379/qos-settings-for-wi-fi-calling-on-pfsense-firewall-gateway There seems to be a consensus of sorts that you may want to also do some of the AIRRAVE QOS ports as well likethe following from T-mobile as well. Enter the following two rules giving them a meaningful name like "WiFi Calling", enter the MAC for your phone, enter at least 85% of your available bandwidth (e.g 0-42500 if your maximum transfer rate is 50 Meg), the highest priority and:Rule 1: Destination port "4500" Protocol "UDP"Rule 2: Destination port "5060, 5061" Protocol "TCP" lso 52000 to 59999. From Sprint Documentation: Sprint also details additional ports for the Airvanna and Airrave. http://support.sprint.com/support/article/Know_if_you_need_to_enable_additional_ports_on_your_router_for_your_AIRAVE_Access_Point/case-wh164052-20100806-134201#!/ If your AIRAVE cannot connect to the Sprint network due to a unique network configuration, you may need to open the following UDP ports on your switch or router that the AIRAVE is connected behind: Airave (Airave 1.0 Samsung) ports are: 53, 500, 4500, and 52428 Airave Access Point (Airave 2.0 Airvana) ports are: 53, 67, 68, 500, and 4500 3 Quote Link to comment Share on other sites More sharing options...
djw39 Posted September 21, 2015 Share Posted September 21, 2015 Can you handle the airave in one shot by setting its MAC address to highest priority? Sent from my LG-LS980 using Tapatalk 1 Quote Link to comment Share on other sites More sharing options...
techfranz Posted September 21, 2015 Share Posted September 21, 2015 Can you handle the airave in one shot by setting its MAC address to highest priority? Sent from my LG-LS980 using Tapatalk Yes, that should work as well, since it really does not create any unnecessary traffic that you would want to filter out by ports. 1 Quote Link to comment Share on other sites More sharing options...
shaferz Posted September 22, 2015 Share Posted September 22, 2015 Excellent post above techfranz. Going to play with this a bit when I get home 1 Quote Link to comment Share on other sites More sharing options...
Thomas L. Posted September 22, 2015 Share Posted September 22, 2015 Use Port 4500. Definitely is 4500. I know by experience because the ASUS routers Sprint sends out slow all other Port 4500 traffic to a standstill in order to give priority to WiFi calling. Anyway I would most likely start by setting Port 4500 to the Highest QOS Priority you have. Additional settings beloe: 500,4500,5060,5061,52000:59999 for WiFi Calling. 53,67,68,500,4500 for an Airvanna (if you have on connected to your router as well. The below details are just a summary of my research. Please let me know if you agree with my conclusions. Port 444 is for emergency 911. WiFi calling Gateway: IP Address: 68.31.26.1 Host of this IP: 68-31-26-1.pools.spcsdns.net From T-Mobile Documentation: From T-mobile's Instructions but much the same for Sprint WiFi Calling Routers. http://serverfault.com/questions/628379/qos-settings-for-wi-fi-calling-on-pfsense-firewall-gateway There seems to be a consensus of sorts that you may want to also do some of the AIRRAVE QOS ports as well likethe following from T-mobile as well. Enter the following two rules giving them a meaningful name like "WiFi Calling", enter the MAC for your phone, enter at least 85% of your available bandwidth (e.g 0-42500 if your maximum transfer rate is 50 Meg), the highest priority and: Rule 1: Destination port "4500" Protocol "UDP" Rule 2: Destination port "5060, 5061" Protocol "TCP" lso 52000 to 59999. From Sprint Documentation: Sprint also details additional ports for the Airvanna and Airrave. http://support.sprint.com/support/article/Know_if_you_need_to_enable_additional_ports_on_your_router_for_your_AIRAVE_Access_Point/case-wh164052-20100806-134201#!/ If your AIRAVE cannot connect to the Sprint network due to a unique network configuration, you may need to open the following UDP ports on your switch or router that the AIRAVE is connected behind: Airave (Airave 1.0 Samsung) ports are: 53, 500, 4500, and 52428 Airave Access Point (Airave 2.0 Airvana) ports are: 53, 67, 68, 500, and 4500 Really nice, informative post, with references. That's awesome. Quote Link to comment Share on other sites More sharing options...
fdigiovanni@wmrhsd.org Posted July 23, 2018 Share Posted July 23, 2018 (edited) Here's the packet capture. Once I added 68.31.20.2 with ports 4500 Sprint Wifi Would not work. 08:16:41.648117 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2cd), length 116 08:16:41.667976 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2ce), length 116 08:16:41.688023 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2cf), length 116 08:16:41.707756 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2d0), length 116 08:16:41.727834 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2d1), length 116 08:16:41.747943 IP 10.10.176.233.4500 > 68.31.20.2.4500: UDP-encap: ESP(spi=0x4a00603a,seq=0x2d2), length 116 Edited July 23, 2018 by fdigiovanni@wmrhsd.org Quote Link to comment Share on other sites More sharing options...
fdigiovanni@wmrhsd.org Posted July 23, 2018 Share Posted July 23, 2018 I mean until I added 68.31.20.2 with ports 4500 Sprint Wifi Would not work. So add 68.31.20.2 as well to your firewall rules. Quote Link to comment Share on other sites More sharing options...
ingenium Posted July 24, 2018 Share Posted July 24, 2018 I mean until I added 68.31.20.2 with ports 4500 Sprint Wifi Would not work. So add 68.31.20.2 as well to your firewall rules.They likely have many IP addresses as endpoints. It might be a whole subnet that you can map.But I'm not sure why you're manually adding firewall rules with the IP address? Sent from my Pixel 2 XL using Tapatalk Quote Link to comment Share on other sites More sharing options...
fdigiovanni@wmrhsd.org Posted July 24, 2018 Share Posted July 24, 2018 Well because we block as many things as we can on our network to prevent _______ fill in the blank. You could add the entire subnet 68.31.0.0 but then you may be adding addresses to... who knows. There are a lot of vpn's that run on port 4500 so we block that to prevent students from skirting around our firewalls and content filters. All I know is the packet capture showed my phone attempting to connect to that IP over 4500. Allowing 4500 out to that IP instantly connected my phone to Sprint WiFi. So sprint is not even honest and forthcoming with their information as that address is nowhere on their network firewall instructions. Quote Link to comment Share on other sites More sharing options...
ingenium Posted July 25, 2018 Share Posted July 25, 2018 Well because we block as many things as we can on our network to prevent _______ fill in the blank. You could add the entire subnet 68.31.0.0 but then you may be adding addresses to... who knows. There are a lot of vpn's that run on port 4500 so we block that to prevent students from skirting around our firewalls and content filters. All I know is the packet capture showed my phone attempting to connect to that IP over 4500. Allowing 4500 out to that IP instantly connected my phone to Sprint WiFi. So sprint is not even honest and forthcoming with their information as that address is nowhere on their network firewall instructions. Ahh, you're doing a larger scale network, not a home network. I don't think you'll be able to get an IP list from Sprint. They probably have a domain name that is used, and likely has many A records (or may only return 1 for load balancing reasons, preventing you from getting a list. Amazon Alexa does this for example). You could maybe sniff DNS lookups from an Airave when it's powered on, or when WiFi calling is toggled, to see if that's one way to get all the IPs. I suppose you could allow port 4500 to any IP in Sprint's allocation (should be public somewhere). It's possible that someone might have a routed IP (hotspot plan) and decide to host an ipsec tunnel to bypass your filters, but I'd say the odds are fairly low. Regular plans have non-routable IPs so can't host servers. Sent from my Pixel 2 XL using Tapatalk Quote Link to comment Share on other sites More sharing options...
ingenium Posted July 25, 2018 Share Posted July 25, 2018 I just did a packet capture on my Airave (which should use the same servers as wifi calling), and it connected to segw06.femto.sprint.net for the ipsec tunnel (ports 500 and 4500). It established two tunnels (one for LTE, and one for CDMA) to IP addresses 68.28.116.127 and 68.31.0.1 So you can likely try to explore their DNS records to build an IP list. Sent from my Pixel 2 XL using Tapatalk Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.