diff --git a/contrib/py/admin/lokinetmon b/contrib/py/admin/lokinetmon
index 4c36b34e6..d1caba481 100755
--- a/contrib/py/admin/lokinetmon
+++ b/contrib/py/admin/lokinetmon
@@ -155,7 +155,7 @@ class Monitor:
     def time_to(timestamp):
         """ return time until timestamp in seconds formatted"""
         if timestamp:
-            val = int((timestamp - now()) / 1000)
+            val = (timestamp - now()) / 1000.0
             if val < 0:
                 return "{} seconds ago".format(0-val)
             else:
diff --git a/llarp/handlers/tun.cpp b/llarp/handlers/tun.cpp
index e6dba331f..cab17108c 100644
--- a/llarp/handlers/tun.cpp
+++ b/llarp/handlers/tun.cpp
@@ -397,10 +397,11 @@ namespace llarp
                                          service::Address addr, auto msg, bool isV6) -> bool {
         using service::Address;
         using service::OutboundContext;
-        if(HasInboundConvo(addr))
+        if (HasInboundConvo(addr))
         {
-          // if we have an inbound convo to this address don't mark as outbound so we don't have a state race
-          // this codepath is hit when an application verifies that reverse and forward dns records match for an inbound session
+          // if we have an inbound convo to this address don't mark as outbound so we don't have a
+          // state race this codepath is hit when an application verifies that reverse and forward
+          // dns records match for an inbound session
           SendDNSReply(addr, this, msg, reply, isV6);
           return true;
         }
diff --git a/llarp/service/endpoint.cpp b/llarp/service/endpoint.cpp
index 587d6604c..7e6f8f786 100644
--- a/llarp/service/endpoint.cpp
+++ b/llarp/service/endpoint.cpp
@@ -420,9 +420,24 @@ namespace llarp
     void
     Endpoint::PutSenderFor(const ConvoTag& tag, const ServiceInfo& info, bool inbound)
     {
-      auto itr = Sessions().find(tag);
-      if (itr == Sessions().end() and not(WantsOutboundSession(info.Addr()) and inbound))
+      if (info.Addr().IsZero())
       {
+        LogError(Name(), " cannot put invalid service info ", info, " T=", tag);
+        return;
+      }
+      auto itr = Sessions().find(tag);
+      if (itr == Sessions().end())
+      {
+        if (WantsOutboundSession(info.Addr()) and inbound)
+        {
+          LogWarn(
+              Name(),
+              " not adding sender for ",
+              info.Addr(),
+              " session is inbound and we want outbound T=",
+              tag);
+          return;
+        }
         itr = Sessions().emplace(tag, Session{}).first;
         itr->second.inbound = inbound;
         itr->second.remote = info;
@@ -1077,9 +1092,13 @@ namespace llarp
     Endpoint::HandleDataMessage(
         path::Path_ptr path, const PathID_t from, std::shared_ptr<ProtocolMessage> msg)
     {
-      msg->sender.UpdateAddr();
       PutSenderFor(msg->tag, msg->sender, true);
-      PutReplyIntroFor(msg->tag, msg->introReply);
+      Introduction intro = msg->introReply;
+      if (HasInboundConvo(msg->sender.Addr()))
+      {
+        intro.pathID = from;
+      }
+      PutReplyIntroFor(msg->tag, intro);
       ConvoTagRX(msg->tag);
       return ProcessDataMessage(msg);
     }
@@ -1798,7 +1817,7 @@ namespace llarp
         if (const auto maybe = GetBestConvoTagFor(remote))
         {
           // the remote guy's intro
-          Introduction remoteIntro;
+          Introduction replyIntro;
           SharedSecret K;
           const auto tag = *maybe;
 
@@ -1807,20 +1826,20 @@ namespace llarp
             LogError(Name(), " no cached key for inbound session from ", remote, " T=", tag);
             return false;
           }
-          if (not GetReplyIntroFor(tag, remoteIntro))
+          if (not GetReplyIntroFor(tag, replyIntro))
           {
             LogError(Name(), "no reply intro for inbound session from ", remote, " T=", tag);
             return false;
           }
           // get path for intro
-          auto p = GetPathByRouter(remoteIntro.router);
+          auto p = GetPathByRouter(replyIntro.router);
 
           if (not p)
           {
             LogWarn(
                 Name(),
                 " has no path for intro router ",
-                RouterID{remoteIntro.router},
+                RouterID{replyIntro.router},
                 " for inbound convo T=",
                 tag);
             return false;
@@ -1847,8 +1866,8 @@ namespace llarp
             return false;
           }
           f.S = m->seqno;
-          f.F = m->introReply.pathID;
-          transfer->P = remoteIntro.pathID;
+          f.F = p->intro.pathID;
+          transfer->P = replyIntro.pathID;
           auto self = this;
           Router()->QueueWork([transfer, p, m, K, self]() {
             if (not transfer->T.EncryptAndSign(*m, K, self->m_Identity))
diff --git a/llarp/service/protocol.cpp b/llarp/service/protocol.cpp
index 89c6a09aa..8ecf32ac8 100644
--- a/llarp/service/protocol.cpp
+++ b/llarp/service/protocol.cpp
@@ -367,9 +367,15 @@ namespace llarp
                 AuthResult result) {
               if (result.code == AuthResultCode::eAuthAccepted)
               {
-                handler->PutSenderFor(msg->tag, msg->sender, true);
-                handler->PutIntroFor(msg->tag, msg->introReply);
-                handler->PutReplyIntroFor(msg->tag, fromIntro);
+                if (handler->WantsOutboundSession(msg->sender.Addr()))
+                {
+                  handler->PutSenderFor(msg->tag, msg->sender, false);
+                }
+                else
+                {
+                  handler->PutSenderFor(msg->tag, msg->sender, true);
+                }
+                handler->PutReplyIntroFor(msg->tag, msg->introReply);
                 handler->PutCachedSessionKeyFor(msg->tag, sharedKey);
                 handler->SendAuthResult(path, from, msg->tag, result);
                 LogInfo("auth okay for T=", msg->tag, " from ", msg->sender.Addr());