Additional firewall tweaks are needed for WhatsApp to work on Android devices when behind adam:ONE’s security feature - DTTS. Detailed instructions are captured in this YouTube video here: https://youtu.be/Qn0EeOnqIRE.
For simplicity, you can also follow the step by step instructions from your pfSense WebGUI below:
1. Create a PORT alias:
- Firewall -> Aliases -> Ports -> + Add
- Name:
WhatsAppPortsTCP
- Port:
443
- Name:
- -> + Add Port
- Port:
5222
- Port:
- Save (bottom) -> Apply Changes (top right)
2. Create a URL alias:
- Firewall -> Aliases - URLs -> + Add
- Name:
WhatsAppIPv4_URL
- Type:
URL Table (IPs)
- URL Table (IPs):
https://adamnetworks.dev/pub/fwaliases/raw/master/ips/whatsapp.txt
/(update frequency):1
- Name:
- Save (bottom) -> Apply Changes (top right)
3. Create an IP alias:
- Firewall -> Aliases - IP -> + Add
- Name:
Facebook_IPv4_STUN
- Type:
Network(s)
- Network or FQDN:
31.0.0.0 / 8
- Name:
- Save (bottom) -> Apply Changes (top right)
4. Create a TCP-based firewall rule:
- Firewall -> Rules -> LAN -> Add
- Under Edit Firewall Rule
- Protocol:
TCP
- Protocol:
- Under Destination
- Change
any
toSingle host or alias
- Destination Address:
WhatsAppIPv4_URL (alias)
- Custom (From Port):
WhatsAppPortsTCP
- Custom (To Port):
WhatsAppPortsTCP
- Change
- Under Extra Options
- Description:
adam:ONE Enabler for WhatsApp for Android App compatibility
- Description:
- Save (bottom) -> Apply Changes (top right)
5. Create a UDP-based firewall rule:
- Firewall -> Rules -> LAN -> Add
- Under Edit Firewall Rule
- Protocol:
UDP
- Protocol:
- Under Destination
- Change
any
toSingle host or alias
- Destination Address:
Facebook_IPv4_STUN (alias)
- From (Port):
STUN (3478)
- To (Port):
STUN (3478)
- Change
- Under Extra Options
- Description:
adam:ONE Enabler for WhatsApp Audio and Video
- Description:
- Save (bottom) -> Apply Changes (top right)
Note: If you have existing “block” rules, make sure to place or drag this rule above them.te that we should define at some point.