VoWiFi¶

VoWiFi is a maerketing term for what the specifications call untrusted non-3GPP access to IMS.

So compared with (trusted) VoLTE, the LTE Network (EPS) is replaced with any other non-3GPP IP access technology, such as the public internet, Ethernet, WiFi.

Technically, there is nothing WiFi specific in this standard. Any physical or transport layer network technology that allows the IMS client to reach the ePDG (typically in the public Internet) can be used.

As the public Internet is untrusted, a cryptographically secured IPsec VPN tunnel is established between the IMS client (on the phone) and the ePDG. This IPsec tunnel replaces the functionality of the LTE bearers, if compared to VoLTE.

The communication inside that IPsec tunnel is the same IMS as you would see in VoLTE.

TODO: Diagram

SWu interface / IPsec¶

Of course 3GPP could never just use an existing IETF (or any other) standard without creating some kind of derivative of it. Only that ensures they can get their own patents included, and only that guarantees job safety of the developers at 3GPP member corporations implementing those derivatives.

So in this case, the existing IKEv2 protocol used for IPsec establishment was extended with support for EAP-AKA, an authentication mechanism that utilizeds the USIM card for subscriber authentication and generation of IPsec key material.

IMS inside¶

Inside that outer IPsec-secured tunnel, normal IMS communication between IMS client and P-CSCF happens. Given that the communication to the P-CSCF is also IPsec secured, this means we indeed have two nested layers of IPsec stacked into each other.