Tmobile Home Internet - getting voip.ms working

I am a new user configuring a Grandstream WP826 for an apartment in NYC (second home) where internet is via Tmobile Home Internet (TMHI).

I have configured the phone and it works when connected via cell phone hotspot so I know the configuration is correct. It does not work via the TMHI router (4GAR). I have also attached to a second network (PC hotspot) that is tailscaled to my primary home and that hasn’t worked (yet).

Does anyone have experience getting voip.ms line working through a TMHI 5G router? Any suggestions?

Have you tried setting the phone to the alternate port (5080)? T-Mobile may be blocking 5060.

I’m away from that location for a couple of weeks. I did try 5080 and it didn’t work but I am going to try it again when I am back as I’m not sure I had everything set up correctly when I tried it. I’m back at my main home and everything works perfectly here.

Do you have a secure TLS connexion over TCP, or standard UPD connexion? Go TLS for your tests just to see.

I experienced the same thing with T-Mobile Home internet.

The connection will not work via T-Mobile Home Internet if set up as UDP. You have to reconfigure as an encrypted TLS connection.

Good Luck!

Thanks - I will try it when I am there next. Quick question - did you need to change any ports and/or reach out to TMHI to change/do anything? Or was it simply changing to encryption on the account (or subaccount) and then changing the client to use TLS and encryption/SRTP?

Hello @JMN10017,

What @MurrayB said just confirms my supposition. Properly setting up the TLS connection should make it work without any other changes. You will see that the TLS port is not the same anyway (5061).

Check the wiki to be sure all the details are set (and check for your device if it is there).

https://wiki.voip.ms/article/Call_Encryption_-_TLS/SRTP

Kind regards.

Here is the way an Obi is set up. This was developed by Ozark Edge. Just adapt it to your ATA. I don’t see how to attach a file.

Good Luck!

VoIP.ms POP server specification:
• Server city#.voip.ms
• Port 5060, 5080, or 42872 for UDP or TCP transport
• Port 5061, 5081, or 42873 for TCP transport with TLS/SRTP call encryption
To use TLS, configure the VoIP.ms SIP account to encrypt SIP traffic.

How TLS/SRTP call encryption looks for an OBi202:

Service Providers – ITSP Profile A – General

General::Name VoIP.ms POP1
General::DigitMap (Msp1) = ? ;VoIP.ms dialing.
General::X_SymmetricRTPEnable Checked ;for TLS/SRTP call encryption.

Service Providers – ITSP Profile A – SIP

SIP::ProxyServer washington1.voip.ms
SIP::ProxyServerPort 5061 ;for TLS/SRTP call encryption.
SIP::ProxyServerTransport TLS ;for TLS/SRTP call encryption.
SIP::RegistrarServer ;leave blank to use SIP::ProxyServer.
SIP::RegistrarServerPort 5061 ;same as SIP::ProxyServerPort.
SIP::OutboundProxy ;leave blank to use SIP::ProxyServer.
SIP::OutboundProxyPort 5061 ;same as SIP::ProxyServerPort.
SIP::X_OutboundProxyTransport Follow ProxyServerTransport ;same as SIP::ProxyServerTransport
SIP::RegistrationPeriod 60 ;seconds registration period.
SIP::RegisterExpires 3600 ;seconds registration expires advice to ITSP.

A longer registration period has less network overhead and is tolerated if i) the User Agent WAN/ISP IP address is not changing frequently; and ii) using UDP transport with a keep-alive mechanism to keep-alive the router NAT session, or using TCP transport which keeps a TCP session open.

Voice Services – SP1 Service

SP1 Service::Enable Checked
SP1 Service::X_ServProvProfile A ;VoIP.ms POP1 server.
SP1 Service::X_InboundCallRoute ph1 ;PH1 PHONE1 Port L1.
SP1 Service::X_AcceptSipFromRegistrarOnly Checked ;prohibit anonymous SIP.
SP1 Service::X_NoRegNoCall Checked ;speed up trunk group failover.
SP1 Service::X_KeepAliveEnable Checked ;keep-alive router NAT session.
SP1 Service::X_KeepAliveExpires 30 ;seconds keep-alive period.
SP1 Service::X_KeepAliveServer ;leave blank to use SIP::ProxyServer.
SP1 Service::X_KeepAliveServerPort 5061 ;same as SIP::ProxyServerPort.
SP1 Service::X_UserAgentPort 6xx61 ;obscure, unassigned local network port.

Use a non-standard User Agent port (not 5060; ports 49152 to 65535 are available) to avoid SIP ALG (Application-Level Gateway) interference with UDP transport and to hide from SIP scanners. The User Agent port is not used with TCP/TLS transport. Disable any router SIP ALG/SIP Passthrough.

SIP Credentials::AuthUserName sip username ;VoIP.ms SIP account accountid.
SIP Credentials::AuthPassword sip password ;12-characters minimum.
SIP Credentials::X_EnforceRequestUserID Checked ;prohibit anonymous SIP (supported by VoIP.ms).
Calling Features::CallerIDName userid ;CallerID name.
Calling Features::MWIEnable Enabled ;PH1 stutter tone message waiting indication.
Calling Features::X_VMWIEnable Enabled ;PH1 visual message waiting indication (LED flashes).
Calling Features::X_SRTP SRTP Only ;for TLS/SRTP call encryption.
Calling Features::X_SRTPCryptos AES_CM_128_HMAC_SHA1_80 ;for TLS/SRTP call encryption (Poly fw only).

WARNING: Configure the VoIP.ms SIP account CallerID number (or the VoIP.ms account global e911 Default CallerID number) to be the e911-enabled DID for the dialing location. Dial 555-555-0911 to confirm the VoIP.ms CallerID number and e911 configuration for trunk sp1.

Thanks all. Not back there until week after next but will try it when I am back.

I wonder if your Tmobile Internet is using CGNAT for the data side of the connection. They used CGNAT here, but I didn’t have them for cell phone service so I couldn’t even try hot-spotting a connection. If that is being used, I would assume outgoing calls should be (more) successful, but incoming calls may have a hard time find the ATA.

If this is the problem, I would look into getting a static IP address. If not - They wouldn’t even offer it to me when I asked, - I would look into possible working with IPv6. I don’t know if that is even an option.

To close the loop. Got TLS working before I went back to the home with TMHI. Just got back yesterday, connected to my router and everything worked like a charm. Thanks all for the help.