NextDNS blocking all text/media messages
We just switched phones (S21). When we activated NextDNS it is blocking all our text/media messages. We just get 'sending...' It does it not matter the app (we tried Samsung and Google apps). Is there something we missed in the configuration or new phone setup? This all worked with our last phone (S10) without any issues and all settings appear the same.
Thanks!
18 replies
-
Have you tried temporarily switching your DNS to Cloudflare or Google to see if you can reproduce the issue on another DNS provider?
-
Been trying a few others now for the past week and have had no issues. As soon as I turn Next back on, the problems return. Grrr.
-
I feel like I am having the same issue. I have been looking at my pihole setup thinking that has been the cause of my issues with text messing and wifi calling, but I never thought about nextdns.io as causing the issue.
-
Erik Neville What Cell phone provider do you use. I had a problem when I first set nextdns up. I fixed the problem. I am on T-MOBILE
-
John DeCarlo What was the solution for TMobile? It might help people on other providers.
-
Jason Berrang T-Mobile https://www.t-mobile.com/support/coverage/wi-fi-calling-on-a-corporate-network
-
Jason Berrang
Log in
MENU
It’s official! T-Mobile & Sprint have merged!
Sprint support pages are available for existing Sprint accounts here. If you are looking for more, visit our Migration Center.
Wi-Fi Calling on a corporate network
Find the technical details to set up a corporate environment for .
On this page:
Setup
In a multipurpose network setting, we recommend setting up a specific SSID (secure network) to exclusively segment traffic for Wi-Fi calling.
Security
Even though voice over Wi-Fi does not require a specific security mechanism or authentication to be put in place in order to work, we recommendation securing the wireless local area network (WLAN) that will be used to carry Wi-Fi calling.
T-Mobile devices support the WLAN security techniques used in corporate environments for authentication and encryption, such as:
- WPA (TKIP) - Personal and Enterprise
- WPA2 (AES-CCMP) - Personal and Enterprise
- LEAP: TKIP, Dynamic WEP, AES. (No LEAP-CKIP)
- PEAP
- EAP-TLS, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA
- Virtual private network (VPN) access security
- Media Access Control (MAC) lists
- Service-specific access security
- Captive portal
EAP
EAP-FAST (if available) is the recommended EAP type for use of VoWLAN deployments.
Firewalls
IPv4 Address Block: 208.54.0.0/17:
Port &TCP/UDPDescription
Port: 500 / UDP IPsec - IKE : Authentication [WFC 2.0] Port: 4500 / UDP IPsec - NAT traversal : Encrypted voice traffic [WFC 2.0] Port: 5061 / TCP/UDP SIP/TLS : Encrypted SIP [WFC 1.0] IPv4 Address Block: 66.94.0.0/19:
Port &TCP/UDPDescription
Port: 443 / TCP HTTPS : Used for handset authentication [WFC 1.0] Port: 993 / TCP IMAP/SSL : Visual Voicemail [WFC 1.0] Also whitelist the CRL server for DIGITS OTT and WFC 1.0: crl.t-mobile.com 206.29.177.36
-
John DeCarlo T-Mobile also
-
Erik Neville
T-mobile domain name's to whitelist.
telephonyspamprotect-pa.googleapis.com
_sips._tcp.us.tmobile.rcs.telephony.goog
us.tmobile.rcs.telephony.goog
rcs-acs-tmobile-us.jibe.google.com
auditrecording-pa.googleapis.com
-
John DeCarlo thanks you...work better now but still some strange stuff going on. like not receiving calls all the time.
-
Erik Neville
Make sure you unblock port 500. 4500 and 5061. You may have to do port forwarding for these ports. Depends on your router.
-
Erik Neville
Also in your firewall on your router allow 208.54.0.0 255.255.128.0
-
John DeCarlo
-
John DeCarlo ok I think I have it working now. here are my rules and I also had to add the phones to a tag and apply QOS to them. Thank you for your help
-
Erik Neville
ns.sipgeo.t-mobile.com must be white listed.
-
Content aside
-
2
Likes
- 3 yrs agoLast active
- 18Replies
- 1466Views
-
4
Following