Wi-Fi calling issue with AdGuard (and other VPNs) and its solution #2550
To the moment, we'd had multiple complaints on Wi-Fi calling being incompatible with AdGuard. In this issue, I'll explain what's going on and how we can solve this.
How it works
Any Wi-Fi network is considered untrusted (compared to the provider's own network) so in order to transfer voice data, your phone must establish a secure encrypted tunnel with the provider's server called ePDG .
The tunnel is encrypted and uses IPSec so basically this is another VPN. ePDG server discovery is simple: all ePDG server names look like
Why is there a problem with AdGuard (or other VPNs)
Android cannot establish a tunnel with the ePDG when this connection is routed through a VPN. Presumably, it happens due to a bug in the Android's IPSec client, and we should file a bug report about it. It shows connections as
Example of a temporary solution (manual)
You can figure what your ePDG server is and exclude it from the VPN. In this case, the tunnel connection won't be routed through a VPN, and you won't run into this issue.
For instance, for Vodafone UK,
We should simply lookup these two domains:
Once you have these addresses, do the following:
This section is for devs.
We are yet to figure how to discover the current operator's ePDG server automatically. Once we know it, we can simply add it's IP addresses to the excluded routes. The problem here is that I don't want us to ask for Telephony permission, that'd be too much for such a simple thing.
Another possible solution would be to exclude the
I've filed a bug report to Android devs:
Working with zzebrum I also added the exclusion:
And that was the first time I was able to get WiFi calling working on Vodafone UK without having to flick in to flight mode and disable AG for a moment to get connected.
Should I leave that in the exceptions along with the 2 other you mention to add:
I wish to enable
From differnt issues, the IPv4 and IPv6 addresses for SFR VPN servers are publicly known:
But how to configure my device in the 1st place to add/configure VPN access and enable