Pap2t sends wrong src ip after VPN/internet hickup

I have a vpn established between my home router and my asterisk server (tinc vpn).
When the Pap2t first connects, all is well. tcpdump show the pap2t correctly send sip connection requests with its own src ip (192.168.10.x) to the asterisk server (
If I restart my router, the pap2t continues to attempt re-connection. The Wan interface on the router comes up before the vpn interface. Since the Pap2t makes a request before the vpn interface is up, I think the request is then natted, and the sip connection request src ip is my wan ip instead of the pap2t device ip. The router presumably tries to connect to the asterisk server (, but I;m guessing it sends the request through the wan gateway, while the vpn gateway is still being established.
When the vpn interface comes up, the requests are correctly routed over the vpn interface. However, the src ip of the sip connection requests continues to be my wan ip, instead of my pap2t ip. I suppose asterisk responds to this wrong ip address, and the pap2t is unable to establish a connection.

Rebooting the router and/or the pap2t do not correct this, it still attaches the wan ip to the src address on sip requests. Factory resetting the device seems the only solution to correctly connect again over the vpn.

My guess would be that the pap2t is at fault, though peculiar that restarting it does no fix things. I’ve disabled sip nat helper on my router (tomatousb), though it was the same results either way. Would you think my router or pap2t are at fault? Perhaps neither? if the vpn interface comes up delayed after the wan interface, maybe that in itself is the problem? But why can it not correct itself once up and attach the correct src ip?

I really like the idea of securing my voip communcition, at least the leg from my network to my voip server, with a vpn. I can open up the ports publicly if I had to. What else can I try? thanks