Will we ever get WiFi calling over VPN or at least tunneled domains?

lah23

Once SIM card is inserted into phone, it starts making queries to WiFi calling domains, even if WiFi calling is disabled on device. These queries ignore DNS over TLS private DNS server settings and ignore VPN tunnels. When is this going to change? WiFi calling uses its own IPSec tunnel, but it does not hide your info from ISP and mobile provider. Why can't GOS introduce IPSec WiFi calling tunneling over VPN apps? It can be done with routers supporting VPN's. VPN routers simply tunnel client IPSec data through VPN tunnels (OpenVPN, WireGuard) configured in router.

alfred

lah23 it starts making queries to WiFi calling domains, even if WiFi calling is disabled on device

I did a quick test and have not seen any WiFi calling traffic while it is disabled. Maybe it varies by carrier?

lah23 Why can't GOS introduce IPSec WiFi calling tunneling over VPN apps?

I believe the main issue is it working reliably as there can be issues with IPSec running over another VPN. At least that is my understanding. So could you use a VPN router to route the WiFi calling data? Yes, but you would potentially run into issues.

lah23

There would not be any actual WiFi calling traffic, but there would absolutely be queries to WiFi calling domains. Why that is - I do not know, but such queries escape VPN tunnels the same way connectivity checks do. Connectivity checks can be disabled, but WiFi calling domain queries cannot.

The worst part is that even removal of SIM card does not stop such queries until device is wiped. Airplane mode enablement or disablement does not resolve these leaks either.

DeletedUser237

lah23 how did you log this? Can you tell which carrier or at least country ? There were some other complaints about this yet DNS logging did not confirm this when people tested for said DNS queries if wifi calling was disabled.

alfred

lah23 there would absolutely be queries to WiFi calling domains.

Maybe I should have clarified, when I enable WiFi calling, I see the request go outside of the VPN. If I turn WiFi calling off, those request are not made. I wonder if it is carrier dependent. I seem to remember reading something to that effect, but I can't find it now.

There have been a few different issues created, the second one looks to have only happened on a Pixel 4a though.
https://github.com/GrapheneOS/os-issue-tracker/issues/887
https://github.com/GrapheneOS/os-issue-tracker/issues/1550

I'm curious, does WiFi calling stop working when it is disabled, even though it is still resolving DNS? Don't some carriers have a way to enable/disable WiFi calling from their website? I wonder if that does anything different than the system setting toggle.