Here we are in 2026 - WiFi calling is ubiquitous on most phones.
Is there an easy way with my Peplink Balance One to use Outbound Policy to prioritize WiFi calling to a specific WAN?
The outbound Protocol choices (with firmware 8.5.3) are:
Or is WiFi calling handled as some sort of SIP protocol?
I’d think you’d have to be asking the network how they do it, and manually set that. Like T-Mobile tells me which IPs and which ports to allow through your firewall:
Thanks, but that’s quite a lot to deal with - here’s a text-only summary of TMobile’s info:
EAP-FAST (if available) is the recommended EAP type for use of VoWLAN deployments.
Firewalls
IPv4 Address Block: 208.54.0.0/16:
Port & TCP/UDP and their descriptions|Port &TCP/UDP|Description|
| — | — |
|Port: 500 / UDP|IPsec - IKE : Authentication [WFC 2.0]|
|Port: 4500 / UDP|IPsec - NAT traversal : Encrypted voice traffic [WFC 2.0]|
|Port: 5061 / TCP/UDP|SIP/TLS : Encrypted SIP [WFC 1.0]|IPv4 Address Block: 66.94.0.0/19:
Port & TCP/UDP and their descriptions|Port &TCP/UDP|Description|
| — | — |
|Port: 443 / TCP|HTTPS : Used for handset authentication [WFC 1.0]|
|Port: 993 / TCP|IMAP/SSL : Visual Voicemail [WFC 1.0]|Also allowlist the CRL server for DIGITS OTT and WFC 1.0: crl.t-mobile.com 206.29.177.36
It’s great that TMo provides the details, but…wouldn’t it be great if PepLink did the work so I could just click a “WiFi Calling Protocol” checkbox and have it just work?
Might be something that Peplink could add as a SaaS steering option when outbound policy is managed via Ic2 as Wi-Fi calling isn’t a “protocol” as you’re understanding it, it is an application.
In reality your phone is opening a specific IPSEC VPN (hence you see instructions relating to UDP500/4500 in a lot of guides) and then passing the media traffic through that tunnel.
In almost every instance I have seen the phone will open the VPN connection to a provider using a domain specific to them but under the TLD “3gppnetwork.org” containing the specific MNC and MCC mapping.
For example EE in the UK (they have multiple):
epdg.epc.mnc008.mcc234.pub.3gppnetwork.org
You could try the easy path and just make an outbound policy for the TLD to steer it to a specific WAN:
If you need to be more granular down to each operator a bit more work is required.
You can normally figure out the exact domain for a provider either with some packet captures or looking up the MNC and MCC of the provider, providers often have multiple MNCs and not all of them may be used for Wi-Fi calling.
MNCs will be reasonably static over time, the IPs behind the domains is more likely to change over time.
This site generally is reasonably up to date:
I wouldn’t overcomplicate it with carrier IPs. WiFi Calling is just an IPSec VPN tunnel back to the provider.
In Apple’s ecosystem that’s only true of iPhones. When you enable WiFi calling “on other devices”, then those [Apple] devices use SIP.
I’ve filed a bug via Apple’s Feedback Assistant to make iPhones stop being weird and use SIP instead of IPSec, which would be simpler, more consistent, and more NAT friendly.
As an ex-Apple person, they view “duplicate” bugs as votes so if you care about this topic, please file a bug report.
