(in-house) VoIP with TL-WR1043N v5

Hello everyone, have a nice and chill day.
First, I am not a native English speaker. I suppose it will work though.

In the beginning of January 2018, I bought 2 TP-Link WR1043N v5 when they were acutely cheap. One would remain as a backup. My plan was using the other one as a simple router for cable-based Internet access (normally 1 PC, up to 3 PCs) and sometimes a tap of WLAN (1 laptop, 1 smartphone), both via DSL below 16 MBit/s (ADSL2+) – nothing thrilling, that is for sure.

The center of attention for selecting that device was (expected) support for Open-Source firmware, ergo long-time IT security and support, if ever necessary. Other than safe, reliable and stable Internet access as well as a short manufacturer blacklist, there are no requirements. Maybe I will upgrade to 16 MBit/s in the next years.

Until switching to the new v5, I was using a very old All-in-one solution – ADSL2+ modem with router including telephony (basics) – from a popular producer of my country. The last (i. e. latest AND final) firmware release was years ago (!!!). Usually, their hardware does get constant firmware updates for quite a long time after release, while their customer support is regarded very varying. But their products are expensive, I distrust and dislike market leaders. Even more, they field modems et al. from my blacklist. Open-Source firmware seems not to be an option there, too.

So I thought I would just turn that old thing into modem-only mode (no security problem?), connect the WR1043N v5 with LEDE/OpenWrt inside, configuration, done. But unfortunately, my housemates insist on having a traditional in-house telephone.
I have tiny knowledge about telephony. Because of the local situation, that phone has to work with the router. The Internet (and thus telephoning) provider only allows VoIP with login credentials consisting of

1. (selecting the Internet telephony provider)
2. full international telephone nummer,
3. "registrar" (domain name registrar, I guess) and
4. a non-changeable password.

This is the way the ancient All-in-one's interface looks (not in English; disguised): http://fs1.directupload.net/images/180809/swzkstnn.jpg

My network hardware assortment comprises of

• two TL-WR1043N v5
• the ancient modem+router with telephony AiO, able to function as a pure modem
• an Asus DSL-AC68U modem+router – a VoIP model did not exist back then, does today [wail]
• (another ancient AiO with telephony basics, but without modem-only mode, I think).

If it helps, I am ready to

• buying a new telephone – the current being an ancient analog telephone with a RJ-11 connector
• buying cables
• buying adapters.

Now the TL-WR1043N v5 seems not to support any telephony with stock firmware. I could not find a way to enter my 3 (or 4) login credentials. On top of that, it does not offer a RJ-11 or "phone" port. I hoped installing LEDE/OpenWrt would fix the whole issue by somewhat magical means: Perhaps I could plug the telephone via RJ-45 cable(s) or adapter(s) and type in my strings into some 500 KB telephony extension or whatever...

After flashing a LEDE or OpenWrt file (openwrt-ar71xx-generic-tl-wr1043n-v5-squashfs-factory_4.bin, I suppose), learning the basic SSH command to mount LuCI and putting at least stun-client_0.96-7_ar71xx.ipk on it, I did not advance anywhere. As a result of my lack of knowledge (and skills?), I could not find a solution to my problems.

Due to the huge setback, I put the WR1043N v5 literally back on shelf. The ancient modem+router device continued its service in the meantime. It bugs me enormously, especially as I am security-oriented. Out of fear no one can help me – even on OpenWrt forums! – I did not do much since then.

Now here I am. 7 months have passed since purchase alone, not to speak of my long-standing planning. Please prove my sorrows wrong.

I would be pleased to deliver more information, like the exact OpenWrt build on the shelved v5. For now, I believe it is enough to judge the situation.

Your ideal solution would be to setup your WR1043N as standard router no VoIP. Then purchase a VoIP phone similar to these
https://www.gigaset.com/hq_en/telephones/voip-phones/
You will need to get the settings for the VoIP from your telephony provider.

As mentioned by mbo2o, an easy option would be to replace your existing phone with a SIP variant, be it via a dedicated SIP phone or an SIP-ATA (the later may be cheaper/ provide longer vendor firmware support; no 3rd party firmware support to be expected).

If your desire to run free software firmware is stronger, there would be some further options - but they're a bit more involved...

• e.g., you could use your existing AVM Fritz!Box solely for phone (SIP to analogue FXS + DECT) uses, in IP-client mode (IPoE) behind your OpenWrt (locked into a dedicated VLAN, if you don't trust its firmware), but keep in mind that SIP has a rather high attack surface and should have active security support (it may help to upgrade to current lowend alternative with ongoing vendor support for this task); this obviously needs an additional xDSL modem.
• if you want a full opensource stack, you can look for a device with supported FXS ports and run a SIP pbx yourself. A cheap option (presumably you're in an ADSL-Annex B region), could be buying a second hand "O2 box 6431" for 5-10 EUR, wich has a supported VDSL modem (backwards compatible to ADSL2+/ Annex B) and two supported FXS ports (TAE-6F). Setting up OpenWrt on it requires a slighty involved initial installation procedure (see the wiki, there is a forum thread promising flashing without serial console access though), but getting the xDSL functionality configured is pretty straight forward. However setting up/ configuring asterisk and chan_lantiq is not quite for the faint of heart and a very security sensitive task. One drawback, wlan support of this router is not exactly the best - it works, but you might want to use one of your existing routers as APs long term.

See if you can get an ATA box from your provider, you should be able to plug your current telephone into an ATA box instead of the provider's modem.

Most likely, your provider will not disclose settings to enable you to use their telephone service on 3rd party hardware/software.

BTW, if you have an iOS or an Android smartphone, you can run a SIP client (enabling internet-telephony) on it, no need to buy anything.

An educated guess, based on the language of the existing router of HelplessTelephonyGuy suggests a location in germany - which is good, as this means the ISP must provide him with the login credentials (new law that went into effect a year ago). This means users are now allowed to provide their own "compatible" hardware, all what the ISP can enforce are the naked wires on the wall (they can provide their own hardware, but they can't mandate it anymore - they don't need to actively support your choice of hardware, but they must provide you with the login data).

General thoughts about solutions:

1. Dont use your analog RJ11 phone any more. Just use your free software mobile phone you are already using. Take the VOIP(SIP) login data that have to be provided by your ISP and enter it into for example linphone https://f-droid.org/packages/org.linphone/

2. Take your free and opensource coreboot computer and use linphone or any other sip client there with cheap headphones or a bluetooth headphone jack.

3. Use an really old fritzbox and flash your own updated image you compiled with freetz https://www.freetz.org/ and use that as a VoIP ATA adapter to support analog phones. Older Fritzboxes also support IWF and not just more recent tone-dial. So you can use real ancient phones if you like their style.

4. Get a mostly free or 1€ easybox 802/803, install openwrt on it and use those analog ports as ATA

5. Get a free software replacement for a more modern AVM fritzbox. The Fritzbox 7490 and some other devices are just a lantiq xrx200 devices. Many of those, for example the o2 6431 box @slh mentioned, can also be used as a VoIP ATA box. But please dont buy the market away. If you get them on ebay for 1€, then its fine. If someone else also bids on those(prise rise more then 1€), just get an easybox 802/803 and use their analog ports and leave the buyer of the xrx200 devices get a ADSL/VDSL Modem with analog phone ports.

While I understand the sentiment, I'd recommend against the easybox 802/803 (although they're dirt cheap and available in quantities), as they're both limited to 8 MB flash. Asterisk+chan_lantiq are large, you can still fit them into 8 MB, but only barely (and by removing everything (luci, wlan, ppp, ...) that isn't 100% crucial), the 16 MB flash of the O² box 6431 are much easier to work with (my O² box 6431 image with asterisk weighs around 13 MB).

To begin with, thank you very much for your quick contributions. I immensely appreciate your input.

Software alike an Android/iOS device are not a thinkable solution, as one of the housemates... well, imagine a ninety-year-old rejecting any innovation or change. That idea should work for catching the circumstances.

The solution has to conserve traditional telephoning. The telephone may look different, but its usage has to remain > 90 % the same.

mbo2o: "purchase a VoIP phone"
Do I get it right? The VoIP phone would bring a male RJ-45 connector with it, which – to enjoy Internet access – would be plugged into the V5 (router) behind the ancient AiO (as a pure modem). The VoIP phone serves an interface for my login credentials and additional settings received from my Internet/telephony provider. After entering, it would find its way and function reliably without the V5 recognizing it as a telephone or sorts.

mbo2o: "You will need to get the settings for the VoIP from your telephony provider."
That should not be any obstacle, or anyway the least, I reckon.

slh: "a dedicated SIP phone or an SIP-ATA"
Dedicated SIP phone = VoIP phone discussed above?
ATA = https://en.wikipedia.org/wiki/Analog_telephone_adapter? "Ethernet port" sounds good (-> RJ-45 -> V5-compatible?), "remote VoIP server" pretty bad, "communicates directly with the VoIP server" disastrous: Would an ATA feature an interface for all my settings (see above) in the first place? The aligned protocols and codecs also make me worry: That infrastructure will not last even without security concerns.

slh: "provide longer vendor firmware support; no 3rd party firmware support to be expected"
So both a dedicated SIP/VoIP phone and an ATA are relevant to security and need current firmware? Yikes! No free software in sight, too?

slh: "e.g. […]"
That idea makes me whining: another modem-only device needed, installed as front-line sacrifice, the V5 as second chain link, the ancient AiO in full mode (?) as condoned extension, lastly the ancient phone in fourth line. So the severely outdated AiO would be critical to security, both routers would have to be configured to work in conjunction, the chain would be long (burden to fault finding) and consume much electricity.
slh: "SIP has a rather high attack surface and should have active security support"
Almost the same as before, plus need to buy another telephony-ready router for replacing the ancient AiO? Please not, lord.
slh: "more involved...", "FXS + DECT", "VLAN", "involved", "without serial console access", "not quite for the faint of heart and a very security sensitive task", "drawback"
Please spare me, sir or ma'am, please, I don't carry anything with me!

stangri: "See if you can get an ATA box from your provider"
Does this mean I (presumably) cannot freely buy an ATA box on the market? Is an ATA box a full-fledged router or even modem-router combo? Does it call for frequent security or sundry updates?

stangri: "plug your current telephone into an ATA box instead of the provider's modem"
Would it a) form a chain with modem and router, b) be arranged in tandem with modem only or c) be plugged into the wall independently from the modem line? Your clause sounds like c).

wgqoufsn: "Just use your free software mobile phone you are already using."
I am not using any phoning software. Ninety-year-old problem, see above.
wgqoufsn: "Take your free and opensource coreboot computer and use linphone or any other sip client there with cheap headphones or a bluetooth headphone jack."
Ninety-year-old problem, see above. I do not own a coreboot, Libreboot or similar PC. If one of my machines is actually compatible, it consumes too much energy and is too large.

wgqoufsn: "flash your own updated image you compiled with"
I am afraid cutting unnecessary elements, updating and compiling is far too deep for me. Flashing is everything I bear.
wgqoufsn: "https://www.freetz.org/"
While I heard of freetz years ago and love that prospect, I always figured it going beyond my ken – just as OpenWrt and Co.

wgqoufsn: "Older Fritzboxes also support IWF"
Inter-working function that is? Could its axing have been security-driven?
wgqoufsn: "just get an easybox"
Are all (mentioned) Easyboxes fielding Lantiq hardware? Are all (mentioned) Easyboxes full-weight modem-router combos or "even more AiO"? Could I run them in a reduced mode (although modem-only precluded)? Are all of them ruled by Open-Source alternatives?

In general, I really prefer not adding any routers, modems or related items – dubbed network hardware – to my pool. Besides financial reasoning, I envisaged a two's complement of network hardware, as it seemed to be easier and offering more. If it is not enough, then aim at a tandem of the Asus modem-router combo and a missing link.
If possible without gigantic drawbacks, focus on not security-related additions and changes not obligating handicraft/tweaking, like cables, adapters and (hopefully) the phone, dubbed phone accessory. (If for example an ATA box conforms to this wannabe definition, it is phone accessory.)

No , a VoIP phone is a connected to your LAN. It is like running VoIP app on a smartphone but in a dedicated physical devices.

If you actually still want to use a standard phone you can instead get a VoIP ATA, which id an voip adapter with a rj11 socket to plug a standard phone and it also connects to your LAN.

So both types allow you to have VoIP with a standard router.

Eg of ATA

You can also check with your ISP if they provide any devices

To give you some background, your ISP runs a SIP service, and whatever solution you wind up with must speak SIP with the isp. If you want to use an old familiar telephone for the 90 year old person to not learn something new, then you need an ATA (analog telephone adapter) device which connects between your network and your old style analog phone. The real question is which one. Please see the previously linked article to get started shopping.

I finally found some time to dig deeper into the ATA matter, so I am back. I am highly sorry for the silence and wait.

stangri: "See if you can get an ATA box from your provider"
mbo2o: "You can also check with your ISP if they provide any devices"
I sent a request today after flicking through my provider's homepage, where not a single ATA or VoIP phone was to be seen.
They did not do any enforcement even before customers were allowed to freely select their devices.

dlakelan: "Please see the previously linked article to get started shopping."
I have read that plus
https://lifewire.com/ata-or-router-3426317
https://lifewire.com/ata-its-features-and-functions-3426336
https://lifewire.com/troubleshooting-your-voip-phone-adapter-3426676
(and perhaps more lifewire texts).

• The Ooma Telo, Obi200, Obi202, and MagicJack Go mentioned there seem not to be available around here.
• For the Grandstream GS-HT802 I find a result being dubbed "Grandstream HandyTone 802 (HT804)" which looks the same. I suppose both are identical.
  Only the Cisco SPA112 is a definitive hit alongside a "Cisco SPA122 ATA VoIP Gateway with Router", priced identically.
• "2x RJ-11 (FXS), 1x RJ-45 (100Base-TX)" in 2012 vs.
• "1x 100Base-TX (RJ-45), 1x WAN (RJ-45), 2x FXS (RJ-11)" in 2013 it is.
  Could I just take the latter and use it the same way as the SPA112 without having anything to fear?

mbo2o: "If you actually still want to use a standard phone"
That arises as the main question now, as a number of Grandstream GXP phones look usual/traditional/familiar enough and cost about the same as the two/three aforementioned ATAs.

So what I have to know first: Is it true VoIP telephones (like the GXP series) are only functional while plugged into a running PC? I read something suggesting that.
Would using such a VoIP phone be > 90 % the same as the old analog telephone?

Regarding the ATAs, I do not really trust or like Cisco as a vendor (cartel issues in the past?). I think I remember their products often being overpriced and not too secure (possibly due to their dispersal). I might be mistaken.
With lifewire highlighting "best security", the HT802/804 rooting in 2016, and it enjoying frequent firmware updates I would bet on this candidate.

The Cisco SPA112/122 would be the cheapest option: 30 bucks.
Grandstream GXP-1610: 32 bucks
Grandstream GXP-1615/1620: 36 bucks
Grandstream HT802/804: 36 bucks
A Grandstream GXP-1625 sports the largest price tag: 38 bucks.

Of course there should be vast alternatives. I just digged into the named offerings.

May I ask for advice choosing the right candidate concerning

1. security (device's general layout, firmware, support)
2. longevity as a solution
3. obligatory configuration (the less, the better)
4. dependability
5. electric power consumption
6. freedom of voluntary configuration (the more, the better)?

.
(On a side note, I am interested in which maker's components are built-in in ATAs and VoIP phones. Since I newly know of ATAs not being routers nor modems, there should not be xDSL stuff in them.
But is Lantiq or Realtek or Qualcomm hardware in them?)

I've had SPA112 and it worked ok, but never supported ipv6 and after several years it died of hardware failure. This seems to be a thing with all these low end ATA devices, they are not exactly robust electrical engineering wise (capacitor failures and power regulator failures and etc). The HT802/804 is the first one to support IPv6 successfully, and that was important to me. Both SPA112 and HT802 do have lots of configuration, which is good and bad, you have to figure out the best config for your system. It can mean tuning many parameters.

I can tell you at the moment I am using HT802s with ipv6-only config via DHCPv6 and they usually work. I do probably unplug and replug them about once a month, with ATAs I've found this to be beneficial. I really can't tell you why, but they tend to get "stuck", mysteriously not receiving calls or no audio either way etc, and reboots fix it. It doesn't seem to be a configuration issue because as I say reboots fix it. This is true with every vendor I've ever had and I've used Obi, Cisco, Linksys, and Grandstream devices over the last 15 years. ATAs and SIP over consumer level ISPs are just not anywhere close to as reliable as old copper wire telephony. But they can be reliable enough, maybe 1/50 or 1/100 calls fail. Whereas with old school telephony it was probably 1/5000 or something

First, I am very grateful for your latest posting. It reads like a huge help and quite interesting insight.
Why do you prefer ATAs to SIP phones?

I have not stumbled upon any reason for switching to IPv6 yet. Of course compability is a concern towards the future.

Which is the lesser evil in terms of security and reliability, ATA or SIP phone?

I have to repeat:

• Do VoIP telephones (like the GXP series) only work while plugged into a running PC?
• Do they need firmware (or other software) updates?
• Would using such a VoIP phone be > 90 % the same as the old analog one?

No, they need to be plugged into your ethernet network, be it your router or additional switches (depending on the phone, having a PC might be handy for configuration/ management purposes or even provide optional PC integration (dial numbers from a PC phone book), but that is orthogonal to normal standalone operations).

Yes.

Yes.

Because I have DECT cordless already and don't want to spend extra cash to replace them.

As far as ATA vs SIP native phones, they're the same more or less, usually even running very similar software.

Hello again.
To cut a long story short: I bought a Grandstream GXP-161x series SIP telephone, conducted a firmware upgrade, read through its plenty of configuration options, changed what seemed to offer an improvement, connected it to the old AiO, checked incoming and outbound calls. Everything seemed to be fine.

Then I switched the AiO into modem-only mode and put the TL-WR1043N v5 with existent

• LEDE Reboot SNAPSHOT r5422-9fe59abef8
• Kernel version 4.9.65
• [LuCI Master (git-18.051.28524-09ea6db)]

into service. Again, it seemed to ramp my DSL speed up. Phoning mobiles from the new Grandstream worked as well – mighty fine. (I do not remember whether I tested ringing the GXP.)

Evenfall, night, morning, getting up: For playing safe, I ringed the GXP from my cell phone. "The user/network client/terminal you are calling is not available/reachable."
Outgoing telephoning was possible, but no incoming call hit(s) the GXP.

I tried lots of thoughts, but I did not achieve anything by plugging devices and cables or changing GXP settings. (In the meantime, DSL proved to be flawless.) Clueless reconfiguring LEDE on the contrary smashed the whole Internet connection. Not able to repair it – as I could not fathom the reason/point of failure – and for lack of time, I swallowed the bitter pill: AiO back to bondage, GXP plugged directly into it, at least working.

So my next targets are:

1. current Open Source firmware on v5
2. correct firmware settings
3. bidirectional telephoning.

As I read it, I can just flash OpenWrt 18.06.1, since it (newly) supports the v5. But I am not sure about doing "upgrade" or "install", as my existing (broken) configuration shall not corrupt the new image/system. And I doubt my (hopefully fine) LEDE settings backup to be fully compatible, whether importing before or after flashing 18.06.1.

Who might be so nice bestowing some advice upon me?

Kindest regards
HTG

The trick usually is to configure the SIP client (as in your SIP phone) to keep the connection open by pinging the SIP servers in regular intervalls (e.g. every 30s). Your router (any router) would otherwise not consider incoming packets as related and thereby rejecting them.

The best option here would be to enable such a feature in your ISP phone, if that isn't available (it should be) you'd need to configured port forwardings for incoming SIP connections (port 5060/ udp and several more, check your ISP and SIP phone) - but this also opens a huge and potentially expensive attack surface, so the former is to be preferred.

Edit: AVM would call this "Portweiterleitung des Internet-Routers für Telefonie aktiv halten. Diese Option kann dann erforderlich werden, wenn der Internet-Router ankommende Telefonate nicht mehr an FRITZ!Box weiterleitet. FRITZ!Box hält die Portweiterleitungen des Internet-Routers für Telefonie aktiv. Portweiterleitung aktiv halten alle: 30s"

If that is the problem, why does it happen with the LEDE v5, while the ancient AiO puts the inbound call through?

I stumbled upon a feature like you describe one, but I opine being evocative of it lingering on 30 min or something as the standard value.

The larger part of the German depiction sounds like your second – insecure – solution, only the last 4 words remind of your favorite remedy. ("Portweiterleitung" = port forwarding)

It needs to be in the multiple seconds range, not minutes.

Your old Fritz!Box is modem, router and SIP client/ pbx - it can communicate the ports it needs to have forwarded through the firewall internally (almost like UPnP). As soon as you use dedicated devices, you're the one in charge and need to configure it accordingly. That also applies to AVM's devices, as soon as you use them behind any other router (including another AVM router) in pure SIP pbx mode (something you can do), you need to enable that setting as well (or configure hardcoded port forwardings).

And no, it's more secure than using hardcoded portforwardings, because it only keeps the connection open to your ISP's SIP servers, it keeps the existing connection (point to point) established.

Have a nice day (at least you).
I wanted to try the pinging/connection re-establishing trick per GXP’s features. Unfortunately LEDE or the v5 hardware refused to work properly. Even entering the LEDE control center via browser was not possible, since every attempt of summoning the URL resulted in a) timeout, b) endless connecting, or c) decline of contact.

After a long while, I had no better answer for that than resetting the device with the internal button.
It took me some time to figure out LuCI has been missing since at least the reset. So I installed it anew with PuTTY.
Then I used LEDE’s image flashing function in conjunction with

openwrt-18.06.1-ar71xx-generic-tl-wr1043n-v5-squashfs-sysupgrade.bin
sans Keep settings option.

Behind the AiO in full mode, v5@OpenWrt just passes the established Internet connection to my PC now, well. But of course I desire the ancient AiO in modem-only mode, so I tried that. v5@OpenWrt did not work as intended thereafter.
So I strived toward reproducing my first LEDE success: the working connection settings/router configuration. I had done that whole procedure in January/February, yet I failed yesterday – for several hours. The only condition I managed to get…just read sentence 3 and 4 of this post. The v5 even did not appear in the AiO’s list of tied devices.

After another reset, the OpenWrt status looks like that (5 screenshots):
https://picload.org/folder/rrpoia.html
(alternatively: https://picload.org/view/dlwiiccl/openwrt_1.jpg.html and the following 4 pictures).

I suppose I have to convert one of the 3 "interfaces", probably "LAN", perhaps one of the "WAN"s, into PPPoE or PPP:
Edit -> select desired Protocol -> Switch Protocol -> enter both PAP/CHAP username and password from my ISP -> leave other options open (or enter sth.) -> Save & Apply.
But I tried changing every single of the 3 existent "interfaces" and I tested adding one without touching the present 3, accomplishing nothing.

Would some savior please lend me a helping hand?

Best regards
HTG