Case Study

Residential VoIP System Analysis — BSNL (India)

Tested remotely from Canada • Residential FTTH VoIP • Safe & anonymized case study

Overview

This case study examines a residential VoIP system provided by BSNL, India’s national telecom provider with over 4.36 million subscribers. The goal was to evaluate network assumptions for a residential service and verify whether remote access is possible via VPN. Testing was conducted on my own home FTTH connection and performed from Canada using secure, authorized access.

Note: Sensitive configuration details and step-by-step commands are intentionally omitted for security reasons. This document focuses on methodology, observations, and professional insights.

Objective

Evaluate assumptions of a residential VoIP system that uses private IP addressing.
Test remote access feasibility despite private-IP-only restrictions.
Document practical lessons in network security and remote connectivity.

Scope

Testing was limited to my own home network. No BSNL internal infrastructure, other customers' devices, or privileged systems were accessed. Remote access was simulated using a VPN connection to the home router.

Network Architecture (safe overview)

[Remote Device in Canada] --VPN--> [Home Router] --> [BSNL VoIP server] --> [Calls to Indian Mobile Numbers]

This diagram illustrates the traffic flow without exposing IPs or credentials.

Methodology (detailed, non-sensitive)

Network Analysis: Identified private IP addressing and local-access assumptions.
VPN Simulation: Connected a remote device to appear as part of the home LAN.
Functionality Verification: Made test calls from Canada to Indian mobile numbers using the VoIP system — all calls completed for free.
Documentation: Logged anonymized connectivity, call performance, and behavioral observations to derive insights on real-world network assumptions and system behavior.

Key Observations

The VoIP system assumes devices are only reachable from inside the home network (private IP).
A remote device connected through VPN is treated as part of the home LAN, enabling access to the VoIP device.
Residential services relying solely on private-IP assumptions may be exposed under remote-access scenarios.
Given BSNL’s large user base, this is a real-world observation with potential scale implications.

Security Implications

Designers should not assume "local-only" equals "secure-by-default." Practical testing shows remote-access methods (like VPNs) can render private-IP restrictions ineffective. Consider validating access assumptions and applying layered controls where appropriate.

Skills Demonstrated

VoIP Analysis VPN Configuration Network Troubleshooting Security Assessment Technical Documentation

Outcome

This project demonstrates hands-on ability to test, analyze, and document a residential VoIP system safely. It highlights how private-IP-only assumptions can fail, showing that remote access enabled free calls from Canada to Indian mobile numbers. These observations are highly relevant to network engineers and cybersecurity professionals analyzing system assumptions and real-world network behavior.

Demo Video

The following video demonstrates the test scenario in action: verifying my location in Canada, connecting through VPN to my home network in India, registering with the BSNL VoIP server, and successfully placing a call to an Indian mobile number. This confirms that the residential VoIP service can be accessed remotely, enabling calls without an international subscription.

Disclaimer: Router configuration and VPN setup details are intentionally omitted for confidentiality. Only high-level behavior and outcomes are shown.