EnthusiastXYZ
Limp Gawd
- Joined
- Jun 26, 2020
- Messages
- 221
For this analysis, outgoing router ports were restricted to TCP ports 80, 443, and UDP port 51820. On my rooted Android phone (without a SIM card), capturing wlan0 via TCPDump showed that all connections from local phone IP connected to VPN IP via port UDP port 51820 (Wireguard). That included Google Voice calls. Capturing tun0 packets showed that Google Voice used STUN UDP ports 19302-19305 and most packets passed through tun0 virtual adapter IP, but to initiate a connection (when either making a call or receiving a call), Google Voice connected my local phone's IP to Google STUN server IP directly without passing through VPN tun0 adapter IP using STUN ports 19302-19305. Router logs for the same time frame did not show any devices attempting to use ports other than Wireguard VPN UDP port 51820 and wlan0 dump for the same time frame also showed that only port 51820 was in use. How was this possible? I could understand how an app could bypass a VPN app, especially a Google app on an Android phone, but why were there no wlan0 dump and router log indicators that there was a direct connection from device's local IP to a Google Voice STUN server?
I decided to take it to the next level and used reverse USB tethering (unencrypted) VPN tunnel for phone's internet connection, which was further tunneled via PC's encrypted VPN connection. I blocked my Android phone's MAC in router. Once again, Google Voice used VPN (reverse USB tethering tunnel) for most of packets, but to initiate a connection, it bypassed reverse USB tethering tunnel and connected (or attempted to connect) to Google STUN servers directly via phone's WiFi local IP! Once again, router logs showed nothing for the same time frame... Disabling WiFi on the phone resulted in Google Voice not being able to make or receive any calls, even though it was connected to the internet via reverse USB tethering and PC's VPN tunnel.
STUN could've created its own socket for a connection, but that would've shown up in router logs or in wlan0 dumps, wouldn't it?
I decided to take it to the next level and used reverse USB tethering (unencrypted) VPN tunnel for phone's internet connection, which was further tunneled via PC's encrypted VPN connection. I blocked my Android phone's MAC in router. Once again, Google Voice used VPN (reverse USB tethering tunnel) for most of packets, but to initiate a connection, it bypassed reverse USB tethering tunnel and connected (or attempted to connect) to Google STUN servers directly via phone's WiFi local IP! Once again, router logs showed nothing for the same time frame... Disabling WiFi on the phone resulted in Google Voice not being able to make or receive any calls, even though it was connected to the internet via reverse USB tethering and PC's VPN tunnel.
STUN could've created its own socket for a connection, but that would've shown up in router logs or in wlan0 dumps, wouldn't it?