📡 Case Study

Residential VoIP System Analysis — BSNL (India)

Tested remotely from Canada • Residential FTTH VoIP • Safe & anonymized case study

Overview

This case study explores a unique and practical analysis of BSNL’s residential VoIP system, bundled with its Fiber-to-the-Home (FTTH) service. BSNL, India’s national telecom provider, serves over 4.36 million subscribers. The goal was to challenge the system’s local-only design assumptions and demonstrate remote access feasibility using VPN tunneling — all conducted securely from Canada via my own home network in India.

What makes this study notable is that the VoIP service was originally configured to work only with a corded landline phone connected to the BSNL modem. By reengineering the network setup, I successfully extended its functionality to a mobile VoIP client across continents — without breaching any security boundaries.

Objective

Evaluate the assumptions behind BSNL’s residential VoIP system, which relies on private IP addressing and local-only access.
Test whether remote access is possible using VPN tunneling.
Demonstrate how a mobile device outside India can register and use the VoIP service as if it were local.
Document practical lessons in network design, security, and remote connectivity.

Scope

All testing was strictly limited to my personal FTTH connection in India. No BSNL internal infrastructure, customer data, or privileged systems were accessed. Remote access was simulated using a secure VPN tunnel to my home router.

Network Architecture (Safe Overview)

[Remote Device in Canada] --VPN--> [Home Router in India] --> [BSNL VoIP Server] --> [Calls to Indian Mobile Numbers]

This diagram illustrates the traffic flow without exposing IPs, credentials, or sensitive configurations.

Methodology

Initial Setup: BSNL VoIP was originally tied to a physical corded phone via the FTTH modem.
Network Analysis: Identified reliance on private IPs and local-only access assumptions.
Router Reconfiguration: Enabled VPN access to simulate LAN presence from Canada.
VPN Simulation: Connected my mobile device to the home network remotely.
VoIP Client Registration: Successfully registered a softphone app with the BSNL VoIP server.
Call Testing: Placed multiple calls to Indian mobile numbers — all completed for free.
Documentation: Logged anonymized performance metrics, connectivity behavior, and security insights.

Key Observations

The VoIP system assumes devices are only reachable from inside the home LAN.
A remote device connected via VPN is treated as local, enabling full VoIP access.
The system does not differentiate between physical and virtual presence on the LAN.
This behavior has potential implications for millions of BSNL users relying on similar setups.

Security Implications

This test highlights a critical design oversight: assuming that private IP access equals security. VPN tunneling can bypass such assumptions, exposing services to remote use — or abuse — if not properly secured. Designers should implement layered access controls and validate network boundaries beyond IP scope.

Skills Demonstrated

VoIP System Analysis VPN Configuration & Routing Network Troubleshooting Security Assessment Technical Documentation Real-world Exploit Simulation

Outcome

This project showcases my ability to creatively re-engineer a residential telecom setup and uncover hidden capabilities. By simulating local presence from Canada, I enabled free domestic calls to Indian numbers — bypassing international calling restrictions entirely. The findings are relevant to telecom engineers, cybersecurity professionals, and anyone interested in practical network behavior.

Demo Video

The following video demonstrates the full scenario:

Verifying my location in Canada
Establishing a VPN tunnel to my home router in India
Registering with the BSNL VoIP server
Successfully placing a call to an Indian mobile number

This confirms that BSNL’s residential VoIP service can be accessed remotely — enabling free calls without an international subscription.

Watch Demo Video

Disclaimer: Router configuration and VPN setup details are intentionally omitted for confidentiality. Only high-level behavior and outcomes are shown.

Conclusion

This case study demonstrates how thoughtful network reconfiguration and secure remote access can unlock hidden capabilities in residential telecom systems. By simulating local presence through a VPN, I successfully extended BSNL’s VoIP service — originally restricted to a physical landline — to a mobile device across continents. This not only enabled free domestic calls from Canada to India but also exposed critical design assumptions around private IP-based access. The findings underscore the importance of validating network boundaries and serve as a practical reference for engineers and security professionals working with residential infrastructure.