Help troubleshooting wifi calling on android - no solution problem exists at other end

I’m attempting to troubleshoot why my android phones refuse to do wifi calling. I finally have some time to do some tcpdump sessions. I’m trying to determine if the problem is my phone or if the firewall is blocking the port after some time. Here’s a tcpdump output of the wifi calling attempt:

09:19:56.220712 IP gateway.appalachian.home.53 > 192.168.4.179.42996: 23450 2/0/0 CNAME epdg.epc.geo.mnc260.mcc310.pub.3gppnetwork.org., A 208.54.80.99 (103)
09:19:57.349798 IP 192.168.4.179.40729 > 208.54.80.99.500: isakmp: parent_sa ikev2_init[I]
09:19:57.382756 IP 208.54.80.99.500 > 192.168.4.179.40729: isakmp: parent_sa ikev2_init[R]
09:19:58.427815 IP 192.168.4.179.40729 > 208.54.80.99.4500: NONESP-encap: isakmp: child_sa  ikev2_auth[I]
09:19:58.646201 IP 208.54.80.99.4500 > 192.168.4.179.40729: NONESP-encap: isakmp: child_sa  ikev2_auth[R]
09:19:58.963360 IP 192.168.4.179.40729 > 208.54.80.99.4500: NONESP-encap: isakmp: child_sa  ikev2_auth[I]
09:19:59.384491 IP 208.54.80.99.4500 > 192.168.4.179.40729: NONESP-encap: isakmp: child_sa  ikev2_auth[R]
09:19:59.384577 IP 208.54.80.99.4500 > 192.168.4.179.40729: NONESP-encap: isakmp: parent_sa inf2
09:19:59.559988 IP gateway.appalachian.home.53 > 192.168.4.179.41538: 10515 2/0/0 CNAME epdg.epc.geo.mnc260.mcc310.pub.3gppnetwork.org., A 208.54.80.99 (103)
09:20:01.139934 IP 192.168.4.179.42152 > 208.54.80.99.500: isakmp: parent_sa ikev2_init[I]
09:20:01.173297 IP 208.54.80.99.500 > 192.168.4.179.42152: isakmp: parent_sa ikev2_init[R]
09:20:02.276699 IP 192.168.4.179.42152 > 208.54.80.99.4500: NONESP-encap: isakmp: child_sa  ikev2_auth[I]
09:20:02.507884 IP 208.54.80.99.4500 > 192.168.4.179.42152: NONESP-encap: isakmp: child_sa  ikev2_auth[R]
09:20:02.892278 IP 192.168.4.179.42152 > 208.54.80.99.4500: NONESP-encap: isakmp: child_sa  ikev2_auth[I]
09:20:03.385232 IP 208.54.80.99.4500 > 192.168.4.179.40729: NONESP-encap: isakmp: parent_sa inf2
09:20:03.512218 IP 208.54.80.99.4500 > 192.168.4.179.42152: NONESP-encap: isakmp: child_sa  ikev2_auth[R]
09:20:03.513167 IP 208.54.80.99.4500 > 192.168.4.179.42152: NONESP-encap: isakmp: parent_sa inf2
09:20:03.552271 IP 192.168.4.179 > 208.54.80.99: ICMP 192.168.4.179 udp port 40729 unreachable, length 108

I don’t know why it becomes unreachable at the end after some successful communications. It looks like the other end is refusing the connection and there doesn’t seem to be anything I can do about it.

Are you sure that your mobile phone provider even supports WiFi calling on Android? Have you been successful using it with a different router/WLAN?

It used to work until a few months ago.

I haven’t spent much time on other networks, working from home. I’ll get a chance to test this out in about a week when I go back in to work.

It seems the phone cannot establish the IPsec connection.
Can you verify in the firewall you have the rules named Allow-IPSec-ESP and Allow-ISAKMP ?
Is the phone connected to network defined in LAN zone or do you use some other zone?

I found a couple unnamed rules, one was for allowing IPSec-ESP and one was for port 500 UDP, which seems to match with ISAKMP. They’re both set to Accept Forward from wan and wan6 to lan

The phone connects to the wireless SSID that’s attached to lan. I have another SSID set up for IOT that should be strictly local.

I’ve gotten back to work and still have the no Wi-Fi calling, so I’m closing this for now since it doesn’t appear to be a firewall issue on my end at all.