Setting my ISP's modem to let me call via my landline when I'm not home, using its internal hidden SIP server

sip networking router openvpn

My ISP offers to his VDSL users the ability to use any smartphone as a cordless home phone, using an official app.

They provide no documentation or source code, but someone managed to de-obfuscate the app and found out that it works thanks to a SIP server that runs on the modem/router the ISP lends to their customers. There is no way to configure it, it's completely hidden to the average user.

This guy also found the way the app obtains the credentials needed for the login, thus enabling any device with a SIP client installed on it to connect to the router and receive and make calls on the land line.

The address the app uses for the login is a string (modemtelecom.homenet.telecomitalia.it) that is resolved to the router's LAN address (by default 192.168.1.1). If I try to login to [email protected] it works fine; anyway, if I attempt to log in to the server, using as host address my external IP address, it fails.

I tried to set the router to forward traffic incoming from the WAN on the SIP port to its own address, but it refuses to do so (I don't know if this may be a restriction from the ISP or something one just can't do).

Do you think there may be a way to trick my router into letting me login to the SIP server while I'm outside my home LAN?

As MariusMatutiae suggested me, I set up a OpenVPN server on a PC connected to my LAN; I then proceeded to masquerade the traffic from OpenVPN, and successfully connected my Android smartphone to the VPN and the SIP server inside my LAN. So far though it seems like I can only send audio, without being able to receive anything.

Anyways, this looks like the right track: to try to get help with the issues I encountered, I asked another question here.


If I try to login to [email protected] it works fine; anyway, if I attempt to log in to the server, using as host address my external IP address, it fails.

Of course it fails: if it didn't, I (and many, many other people ;-) ) would be making calls thru your SIP server, at your expense.

The way to make it work is to make sure your phone, when outside your home, has an IP address within your LAN. This can be achieved if you set up a routed OpenVPN server on a Linux box at home (it can be done with a Raspberry pi 3, a small pc which costs little more than 40 euros).

There is an OpenVPN app for Android and iOS (and perhaps some other OS but I am not sure, you will have to check), which allows phones to use routed OpenVPNs (not bridged OpenVPNs, careful). The only missing ingredient is the use of a MASQUERADE rule on the Linux box,

sudo iptables -t nat -A POSTROUTING -o eth0 ! -d 10.0.0.0/24 -j MASQUERADE

(if you are using the subnet 10.0.0.0/24 for your OpenVPN clients, otherwise change accordingly). At this point, all traffic from your phone directed to your LAN, including the SIP server, will appear as coming from the Linux box, which does have an IP address in your LAN, and thus your phone will be able to access your SIP server.

This will work, but possibly in a sub-ideal way. If sound quality is not ideal, if there is stuttering or intermittent connections, you will have to learn how to prioritize VoIP traffic on your LAN. But since this already is setup thru your ISP modem, my bet is it will work out of the box.

It is a tad complex, but lots of fun. All steps are well documented on a gazillion sites, just use your Google.

EDIT

Your routing table should look like this:

default via 192.168.1.254 dev eth0
10.8.73.128/26 via 10.8.73.130 dev tun0 
10.8.73.130 dev tun0  proto kernel  scope link  src 10.8.73.129 
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.128 
192.168.73.0/24 dev brlan  proto kernel  scope link  src 192.168.73.1

My Debian router has two interfaces, eth0 is the WAN and brlan is the LAN. 192.168.73.0/24 is the LAN, 192.168.1.0/254 in the WAN-side connection to my modem, 10.8.73.128/26 is the OpenVPN net, and what you are missing is the important statement 

10.8.73.130 dev tun0  proto kernel  scope link  src 10.8.73.129

which defines the tunnel.

Related

Removing the Settings and Search shortcut from the start menu applications list
How to check for false positive from anti-virus
Remove D: or Add C: Drive shortcuts from File Explorer
Looking to wire one CAT6 ethernet cable into TWO keystone jacks
remove leading 0 in front of decimal except when a a non-zero number precedes it
vim-tmux-navigator to use tmux prefix instead of C-[hjkl]
On wsl1, getting clipboard contents using powerhshell changes terminal appearanceā€¦?
Extract x seconds from every minute with ffmpeg
How to select the first number in cell in Excel?
Unable to uninstall Paragon HFS+ For Windows
Can I fix the MBR using a 1 year old MBR Backup?
Routing between two isolated systems without VPN