baresip showing vpn internal interface address as registered endpoint to voip provider

[beaglesnuf]

42.20. wireguard (internal subnet) address under [Interface] in the configuration file is being registered as the endpoint to the voip provider (flowroute/telnyx) as opposed to the external server ip as the endpoint. hence, inbound calls fail as they are not routable (e.g. 10.x.x.x/172.x.x.x) from the provider to the end user. is this by design? linphone/zoiper over tls (no stun/no turn) both successfully register the vpn server ip as the endpoint for both flowroute and telnyx and are able to accept inbound calls. how to resolve? no issues with outbound pstn calls.

[juha-h]

I don't know anything about wireguard. baresip should use as contact address the address of the interface that is used when REGISTER request is sent to the registrar.

[beaglesnuf]

it appears only the local subnet address is being submitted during the REGISTER request intead of the public ip. the registrar is unable to route any inbound calls as a result after discussion with both flowroute and telnyx support. perhaps this is a quirk with android 12? is there a way to ensure that the public ip is submitted as the correct interface? issue is similar to the one raised in #152

[juha-h]

As I mentioned, contact address is that of the outbound interface. If your server is at the other end of the VPN tunnel, it should know how to route packets to the other other end.

[juha-h]

I tested with wireguard by setting up tunnel between my Android device and Debian server where my SIP Proxy/Registrar sits. Contact address was that of tunnel endpoint (tun0 interface address 10.0.2.2) and there was no problems with inbound calls via the tunnel.

I can't see any possibility for baresip to figure out what its globally routeable address is without use of ICE/STUN.

I also tried with Linphone and it used exactly the same tunnel endpoint address 10.0.2.2 in Contact URI.

[beaglesnuf]

no idea either. using linphone from f-droid with gms/firebase patched out, the public ip is sucessfully registered (no stun/no turn/no firebase) over tls and inbound can be received. basic credential auth, expiry of 180 seconds.

[juha-h]

beaglesnuf writes:

no idea either. using linphone from f-droid with gms/firebase patched out, the public ip is sucessfully registered (no stun/no turn/no firebase) over tls and inbound can be received. basic credential auth, expiry of 180 seconds.

Check how the REGISTER requests sent out from baresip and Linphone compare. In my tests, both had the same tunnel endpoint IP in Contact header.

[juha-h]

@beaglesnuf Can you provide concrete information (packet traces, etc.) about this, since in my tests baresip works exactly as expected.

[juha-h]

I made another test. WireGuard Peer on my Android device is configured as follows:

Allowed IPs: 0.0.0.0/0
Endpoint: <ip address>:<port> of WireGuard server host

With that configuration, baresip registered account username@sip2sip.info without issues. Also call from this account to The Test Call and inbound call to this account both worked without issues.

So I'll this close this issue.

[arichiardi]

Hi @juha-h I think this is still a problem here (latest APK). I have a VPN software (disabled, not connected to the VPN) running on my phone.

These are the logs I see (IP changed for clarity)

03-06 16:22:53.898 18891 18925 D Baresip Lib: --- Network debug ---
03-06 16:22:53.898 18891 18925 D Baresip Lib: enabled interfaces:
03-06 16:22:53.898 18891 18925 D Baresip Lib:  rmnet_data0:  11.111.111.111 (default)  <- VPN not real device IP
03-06 16:22:53.898 18891 18925 D Baresip Lib:  DNS Servers from Config: (1)
03-06 16:22:53.898 18891 18925 D Baresip Lib:    0: 9.9.9.9:53
...
03-06 16:23:55.189 18891 18926 D Baresip Lib: 16:23:55.188#
03-06 16:23:55.189 18891 18926 D Baresip Lib: TLS 11.111.111.111:47752 -> 85.17.186.23:5061 <- this is Sip2Sip's IP
03-06 16:23:55.189 18891 18926 D Baresip Lib: REGISTER sip:sip2sip.info SIP/2.0
03-06 16:23:55.189 18891 18926 D Baresip Lib: Via: SIP/2.0/TLS 10.1
...
... eventually...
...
03-06 16:23:10.064 18891 18926 D Baresip Lib: reg: sip:2233583754@sip2sip.info (prio 0): 408 Request 
03-06 16:23:10.064 18891 18926 D Baresip Lib: Timeout (SIP Thor on OpenSIPS XS 3.1)

Please let me know if you need more info. FWIW this does not happen with a voip.ms account.

[juha-h]

Andrea Richiardi writes:

Hi @juha-h I think this is still a problem here (latest APK). I have a VPN software (disabled, not connected to the VPN) running on my phone.

These are the logs I see (IP changed for clarity)

03-06 16:22:53.898 18891 18925 D Baresip Lib: --- Network debug ---
03-06 16:22:53.898 18891 18925 D Baresip Lib: enabled interfaces:
03-06 16:22:53.898 18891 18925 D Baresip Lib:  rmnet_data0:  11.111.111.111 (default)  <- VPN not real device IP

When baresip app starts, the app gathers interfaces Android OS and tells what they are. For example, my device now has cellular interface and wifi hotspot interface:

03-07 13:08:38.261 30892 30892 I Baresip : Link addresses: ;100.119.54.200;rmnet0;192.168.182.214;swlan0 03-07 13:08:38.263 30892 30940 D Baresip Lib: starting baresip 03-07 13:08:38.275 30892 30941 D Baresip Lib: Local network addresses: 03-07 13:08:38.275 30892 30941 D Baresip Lib: rmnet0: 100.119.54.200 03-07 13:08:38.275 30892 30941 D Baresip Lib: swlan0: 192.168.182.214 03-07 13:08:38.275 30892 30941 D Baresip Lib: uag: add local address 100.119.54.200 03-07 13:08:38.284 30892 30941 D Baresip Lib: uag: add local address 192.168.182.214

Then when baresip service starts, it tells what interface it is using:

03-07 13:08:38.313 30892 30940 D Baresip : Received 'started' from baresip 03-07 13:08:38.315 30892 30940 D Baresip Lib: --- Network debug --- 03-07 13:08:38.315 30892 30940 D Baresip Lib: enabled interfaces: 03-07 13:08:38.315 30892 30940 D Baresip Lib: rmnet0: 100.119.54.200 (default) 03-07 13:08:38.315 30892 30940 D Baresip Lib: swlan0: 192.168.182.214 03-07 13:08:38.315 30892 30940 D Baresip Lib: DNS Servers from Config: (2) 03-07 13:08:38.315 30892 30940 D Baresip Lib: 0: 203.109.191.8:53 03-07 13:08:38.315 30892 30940 D Baresip Lib: 1: 203.118.191.8:53

So it uses the cellular interface as default.

If yours only shows the vpn interface, then the vpn must be active and is currently the default interface.

Try truly disable the vpn.

[arichiardi]

Well the vpn is disabled but it seems to keep the interface (the equivalent of ifconfig down?)

[arichiardi]

I have to say that even if the VPN is active this should not happen, I personally use always on VPN and add the apps that do not work well with it to "split tunnel" or similar blacklist

[juha-h]

And when I turn off wifi hotspot, I get to log:

03-07 14:52:55.263 32747 32747 D Baresip : HotSpot is disabled 03-07 14:52:55.264 32747 32747 D Baresip Lib: removing address '192.168.182.214' 03-07 14:52:55.264 32747 32747 D Baresip Lib: reseting transports (1, 0) 03-07 14:52:55.265 32747 32747 D Baresip Lib: ua event (REGISTERING) 03-07 14:52:55.265 32747 32747 D Baresip Lib: sending ua/call -5476376616498787952/0 event registering 03-07 14:52:55.266 32747 32747 D Baresip : got uaEvent @./0 03-07 14:52:55.267 32747 402 D Baresip Lib: uag: add local address 100.120.11.255 03-07 14:52:55.267 32747 402 D Baresip Lib: ua: ua_register @. 03-07 14:52:55.481 32747 32747 D Baresip : HotSpot is still disabled 03-07 14:52:55.645 32747 399 D Baresip : Network 487 capabilities changed: [ Transports: CELLULAR Capabilities: SUPL&RCS&INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN&VALIDATED&NOT_ROAMING&FOREGROUND&NOT_CONGESTED&NOT_SUSPENDED&NOT_VCN_MANAGED LinkUpBandwidth>=3400Kbps LinkDnBandwidth>=13000Kbps Specifier: <TelephonyNetworkSpecifier [mSubId = 2]> UnderlyingNetworks: Null] 03-07 14:52:55.650 32747 399 D Baresip : Old/new link addresses {100.120.11.255=rmnet1, 192.168.182.214=swlan0}/{100.120.11.255=rmnet1} 03-07 14:52:55.650 32747 399 D Baresip Lib: removing address '192.168.182.214' 03-07 14:52:55.651 32747 399 D Baresip : Added/Removed/Active = 0/1/487 03-07 14:52:55.651 32747 399 D Baresip Lib: reseting transports (1, 1) 03-07 14:52:55.651 32747 402 D Baresip Lib: uag: add local address 100.120.11.255 03-07 14:52:55.652 32747 402 D Baresip Lib: ua: ua_register @. 03-07 14:52:55.652 32747 399 D Baresip Lib: ua event (REGISTERING) 03-07 14:52:55.652 32747 399 D Baresip Lib: sending ua/call -5476376616498787952/0 event registering 03-07 14:52:55.652 32747 399 D Baresip : got uaEvent @./0 03-07 14:52:55.654 32747 399 D Baresip Lib: --- Network debug --- 03-07 14:52:55.654 32747 399 D Baresip Lib: enabled interfaces: 03-07 14:52:55.654 32747 399 D Baresip Lib: rmnet1: 100.120.11.255 (default) 03-07 14:52:55.654 32747 399 D Baresip Lib: DNS Servers from Config: (2) 03-07 14:52:55.654 32747 399 D Baresip Lib: 0: 203.109.191.8:53 03-07 14:52:55.654 32747 399 D Baresip Lib: 1: 203.118.191.8:53 03-07 14:52:55.654 32747 399 D Baresip Lib: 03-07 14:52:55.655 32747 399 D Baresip : Releasing WiFi Lock 03-07 14:53:17.536 32747 399 D Baresip : Network 487 link properties changed: {InterfaceName: rmnet1 LinkAddresses: [ 100.120.11.255/24 ] DnsAddresses: [ /203.109.191.8,/203.118.191.8 ] Domains: null MTU: 1500 TcpBufferSizes: 58254,349525,1048576,58254,349525,1048576 Routes: [ 0.0.0.0/0 -> 100.120.11.1 rmnet1 mtu 1500,100.120.11.0/24 -> 0.0.0.0 rmnet1 mtu 0 ]} 03-07 14:53:17.543 32747 399 D Baresip : Old/new link addresses {100.120.11.255=rmnet1}/{100.120.11.255=rmnet1} 03-07 14:53:17.544 32747 399 D Baresip : Added/Removed/Active = 0/0/487 03-07 14:53:17.547 32747 399 D Baresip Lib: --- Network debug --- 03-07 14:53:17.547 32747 399 D Baresip Lib: enabled interfaces: 03-07 14:53:17.547 32747 399 D Baresip Lib: rmnet1: 100.120.11.255 (default) 03-07 14:53:17.547 32747 399 D Baresip Lib: DNS Servers from Config: (2) 03-07 14:53:17.547 32747 399 D Baresip Lib: 0: 203.109.191.8:53 03-07 14:53:17.547 32747 399 D Baresip Lib: 1: 203.118.191.8:53 03-07 14:53:17.547 32747 399 D Baresip Lib:

So when there is change in network setup, baresip re-registers the active account.

Follow your log and find out what is going on.

[juha-h]

Andrea Richiardi writes:

Well the vpn is disabled but it seems to keep the interface (the equivalent of ifconfig down?)

On Linux, ifconfig down disables the interface and there is nothing left of it.

I don't currently have VPN available in my device, but I have tested it with WireGuard.

[juha-h]

Andrea Richiardi writes:

I have to say that even if the VPN is active this should not happen, I personally use always on VPN and add the apps that do not work well with it to "split tunnel" or similar blacklist.

It should work fine with VPN and be able to choose VPN or the cellular interface depending on the routing table.

Is your VNP able to reach the Internet or only some destinations?

[arichiardi]

Is your VNP able to reach the Internet or only some destinations?

Fully working internet connection.

I will be traveling the next few days so I can't really do much. I sent you some logs though. I will try to go deeper after my trip.

[juha-h]

Andrea Richiardi writes:

Fully working internet connection.

OK, then best to follow the log and find from there what kind of network changes take place.

I will be traveling the next few days so I can't really do much. I sent you some logs though. I will try to go deeper after my trip.

I'm traveling too and can't do much either.

[arichiardi]

Unistalled the VPN and still have the same problem. No clue what is going on at this point.

[juha-h]

Andrea Richiardi writes:

Unistalled the VPN and still have the same problem. No clue what is going on at this point.

Check with adb shell ip addr that the VPN interface and its address are gone.

If so, then there in message in logcat regarding network interfaces when baresip starts and each time when there is a change.

[beaglesnuf]

Resolved for us by setting DNIS to the appropriate value as referenced in #301