Due to the fact that many of my colleagues have very isolated buildings and the mobile reception within our offices is more bad than good, it was necessary to deal with Vodafone WiFi calling in connection with Sophos UTM 9.
Vodafone does not use classic SIP as you might think at first. Instead, the UDP ports 500 and 4500 are used, which are more likely to be in the IPsec range. I tested the whole thing on my private UTM9 and released the outgoing ports for my subnet:
However, I didn't get the typical notification on my smartphone.
Further research revealed that Vodafone uses geoblocking to unlock the service. Since I use the QUAD9 DNS servers, it was clear where the rabbit was. However, I didn't want to direct the entire network to the DNS servers assigned by the provider, in my case Unity Media. So a separate DNS router had to be set up:
The domain here is vodafone-ip.de on which the DNS queries land. I have set up an availability group here with the 4 Unity Media DNS servers assigned to me.
And now I can use Vodafone WiFi calling.
I have now installed the whole thing on our UTMs in the company in the same way. However, we have more than one Internet connection here. Our synchronous gigabit connection is used exclusively for server services and VPN. We use the weaker asynchronous DOCSIS 3.0 line for surfing and as a backup. Now I would like to route the above-mentioned traffic via the UnityMedia line and also need to set up two multipath rules, one for each protocol. For port 500:
And for Port 4500:
Now WiFi calling also works in the company.
It is important to know that the technology does not work with an activated UltraCard!