unwat
wifi calling isn't "user" traffic, but rather is "telecom" traffic, so it doesn't go through the user VPN tunnel. Makes sense when you think about it, even if we don't like it.
When I first saw this thread I didn't like it either, but having thought about it some since then, in some scenarios I realized I would actually prefer this behavior to having Wi-FI calling routed over VPN. (In some other specific scenarios, I of course don't like it at all.)
Above some reasonable baseline level of security and privacy, one of the more easily-definable portions of my threat model relates to ad tech and behavioral fingerprinting for the purposes of building consumer profiles which are sold, traded, and otherwise monetized with little regard to personal privacy.
If my carrier already knows my phone is at [store] in [city x] on [date] I don't particularly care that they additionally know I have a Wi-Fi connection at [store] with no cell signal in [city x]. But I would be particularly troubled if I'm researching, for example, medical products over VPN while standing in that store, and a clearinghouse can later associate my search queries with carrier IP logs, which is what could (and eventually certainly would) happen if Wi-Fi calling activity was piped over the same profile's VPN interface.
If there was a privacy-respecting carrier I would happily switch, but the practical options are all similar degrees of terrible in that regard, so by using their service I'm already conceding some ground which doesn't get much worse by having Wi-Fi calling route out directly, except in some specific scenarios I will outline at the end.
What would bother me far more is if unavoidable carrier activity (e.g., Wi-Fi calling network checks) was routed over VPN against my will, at which point my carrier is free to sell my VPN IP address (and all related activity which they are able to scrape) to people wanting to integrate it into their consumer profiling.
This is why I have some still-unanswered questions surrounding what apps in a given profile can see about the network interfaces of the device (within the same profile or outside), and whether private IPs are available to be logged by apps, because if they are, then any network-connected app potentially seriously undermines a threat model that makes a strong attempt to sidestep much of the ad tech hellscape in which we find ourselves.
It's not difficult to imagine scenarios in which routing it over anything but the active connection for the profile could be disastrous (think: journalists/activists taking a meeting in the headquarters of an organization to which the host government is hostile, and needing to use Wi-Fi during the meeting), but that threat model is less likely to present an issue to most. Even for those same people, reconstructing web logs with IP logs would pose its own kind of threat. Ideally we would have the option of selecting whether or not carrier functionality happens over the cellular connection, VPN connection, or not at all, as there are legitimate reasons to prefer or avoid any one of them.