Double NAT and IP Issues

[spsmyk]

Using Apple TIme Capsule as my router. Initial install was Modem>Router>Ooma - Call quality = horrible.

Switched to Modem>Ooma>Router and call quality is better. I still run into QoS issues, but at least some (50%) of calls work well.

Problem I have now is Double NAT and devices on my network are unable to communicate as both the Router and Telo are handing out IP addresses.

Spent the evening trying to limit IP address range that Ooma hands out (doesn't help) - Ooma ignores my DHCP Configuration and hands out tons of address even when trying to limit it. Tried changing Time Capsule to bridge mode - this created much havoc and many devices couldn't get online. Can't figure how to turn off Ooma DHCP and NAT handling - when trying to do this can't get it to work.

I tried doing some looking this evening to find someone who has experienced this and figured out a way around it and haven't had any success. Anyone have a similar experience that was able to solve it?

Thanks...

[murphy]

There is nothing wrong with double NAT. It is more secure than single NAT. Ignore the Apple boxes complaints.

Make sure that Ooma and the router issue IP addresses in different subnets.
Leave Ooma at it's default of 172.27.35.1 and put the router at it's default which is probably 192.168.0.1.

[thunderbird]

Using Apple TIme Capsule as my router. Initial install was Modem>Router>Ooma - Call quality = horrible.

Switched to Modem>Ooma>Router and call quality is better. I still run into QoS issues, but at least some (50%) of calls work well.

Problem I have now is Double NAT and devices on my network are unable to communicate as both the Router and Telo are handing out IP addresses.

Spent the evening trying to limit IP address range that Ooma hands out (doesn't help) - Ooma ignores my DHCP Configuration and hands out tons of address even when trying to limit it. Tried changing Time Capsule to bridge mode - this created much havoc and many devices couldn't get online. Can't figure how to turn off Ooma DHCP and NAT handling - when trying to do this can't get it to work.

I tried doing some looking this evening to find someone who has experienced this and figured out a way around it and haven't had any success. Anyone have a similar experience that was able to solve it?

Thanks...

See topic viewtopic.php?f=9&t=12986&p=90710&hilit ... nat#p90710 for how to suppress double NAT light.

Next:
To help stabilize your Ooma Internet connection turn off MAC address Spoofing, which can cause dropped calls and garbled voice, by doing the following:
If your Ooma device is connected Modem-Ooma-Router, access your Ooma Setup pages by typing http://172.27.35.1 in your computer browser window. The Ooma Setup pages open. Click on Internet, go down to INTERNET Port MAC Address: and change setting from Automatic to Use Built In. Click on Update device. Remove power from your Modem and the Ooma Device. Repower the Modem. When the Modem is done booting repower your Ooma device.

If your connection is Modem-Router-Ooma, temporarily connect a network cable from your Ooma device home port, to the wired LAN port of a computer. Temporarily turn off Wi-Fi in the computer, if turned on. Reboot the computer. Access your Ooma Setup pages by typing http://172.27.35.1 in your computer browser window. The Ooma Setup pages open. Click on Internet, go down to INTERNET Port MAC Address: and change setting from Automatic to Use Built In. Click on Update device. Remove power from your Modem, your Router and Ooma Device. Repower the Modem. When the Modem is done booting repower your Router. When the Router is done booting, repower your Ooma device.

Next:
Run http://speedtest.phonepower.com/ to see how your modem and Internet connection is doing. Then click on the Advance tab on the lower left side of the Phonepower page, and post the following values here in this thread, by clicking on "Quote" in the upper right hand corner of this Ooma Forum post. Then fill in the blanks.

Download Speed: ________________
Upload Speed: ________________
Download Consistency of Service ________
Upload Consistency of Service _________
Maximum TCP Delay _____________
Jitter you server __________
Jitter server you _________
Packet loss: you server_______
Packet loss: server you ______
Packet discards _________
Packets out of order _________
Estimated MOS score ________

If you do the Java fix in your computer, instructions located at viewtopic.php?f=9&t=12085. Then you can click on the Speedtest Phonepower Advanced tab, then "view test" at the bottom. Instead of filling in the blanks above, you can select CTRL+A to highlight, CTRL+C to copy; CTRL+V for paste into the Ooma Forum.

[spsmyk]

Thanks for the replies. I did try the double NAT suggestions and it did not work for me. I ran into a number of conflicts and given all the devices (Phones, Tablets, TV's, computers, Tivo's, Sonos, etc.) on the network, I need to dedicate some time to testing - hoping that happens this weekend. I found that when connecting other devices, even with the Telo limited to one IP address range, it seems like it was handing out IP's to additional devices and it did not work --- what I'm finding is that my Sonos equipment looks to be getting IP's from Ooma and some are from the Time Capsule, making them unable to communicate with each other. After some playing around last nightI reverted back to the Ooma at 172. and the router is at 192.I selected ignore wanting and warning has gone away...I could care less about the warning, I just need everything to remain in same IP range

MAC Address is already selected to Built-In. I will rerun the speed test and post results. Found Road Runner's connection was very good when trying to resolve phone quality issues, so assumed it is an internal network problem that is impacting me. Hoped that moving it outside the network would resolve the quality issues and it has made it better, but still not optimal.


Thanks again for the help.

[EX Bell]

spsmyk,

Could you post your stats from phonepower as Thunderbird suggested? Reason I ask is that I do not have horrible call quality issues and I am using a 1st gen Time Capsule with my Telo after the router. How are your Telo and Time Capsule connected together, by wireless or direct ethernet? My wife says she has experienced occasional dropped calls or one sided conversation (they can't hear my wife) after 10 minutes or so into the call, but the actual quality of the sound on both ends has been excellent. I was connected by Powerline Ethernet adapters up until last night, but now I'm direct connect from the Time Capsule to the Telo and I changed the MAC Address setting from Automatic to Use Built In. We'll see how it goes from here.

My Telo is using the default 172.27.35.1 IP address and my Time Capsule is configured as a DHCP server to distribute IPs starting with 172.x.x.x, however the last three octets are completely different than the Telo. I reserve specific IP addresses, for certain devices that connect to the Time Capsule network by entering their MAC address and the desired IP, but I do not do this for the Telo because it's internal network is not in the same range as my Time Capsule. This is similar to connecting a router behind another router. The only reason I reserve IP addresses in my case is so that I can always find the device at the same IP address or another application can find it. For example, I have a print server attached to my Time Capsule because Apple has never added support for my printer and I now use the USB port on the Time Capsule for an external HDD. Adding the MAC address of the print server and assigning it an IP above the range of my DHCP range allows me to configure IP printing from our laptops without conflicting with the DHCP server.

I don't have routing rules to send my telo back through the network because I don't want to risk a security loop hole I many not have thought about. When I want to administer my Telo, I just plug an ethernet patch cable into the Home Network port and configure it directly from my laptop. So this leave me wondering what is so different in your case? My internet service is better than some, but below average in many respects. Not as good as it was before going to dry-loop (Bell line tech said this might improve when they restore a dial tone on my line), but it's still at that "just acceptable enough for the money" level. Here are my phonepower stats.

Download Speed: 5788 kbps
Upload Speed: 620 kbps
Download Consistency of Service: 93%
Upload Consistency of Service: 94%
Maximum TCP Delay: 55 ms
Jitter you server: 0.2 ms
Jitter server you: 0.9 ms
Packet loss - you server: 0%
Packet loss - server you: 0%
Packet discards: 0%
Packets out of order: 0%
Estimated MOS score: 4.2

One thing I have learned from experience configuring a router behind another router is, if they are both acting as DHCP servers, they need to be on completely different networks and the IP address ranges they distribute need to be completely different. For example, I currently have another router behind my Time Capsule that manages a VPN connection (independent network not related to the Telo) and it is configured with 192.x.x.x for its internal IP and the starting range for it to distribute IP addresses. It however connects to my Time Capsule automatically via a IP address from the pool on the Time Capsule. This allows it to get internet access (since reserved IPs outside of the pool often will not get internet access, depending on the primary router manufacturer and firmware level), connect to my VPN service and forward those packets to its internal network switch without conflicting with the primary DHCP server.

[spsmyk]

Modem>Ooma>Time Capsule - All wired (was originally wireless, but with quality problems I removed wireless adaptor from Telo).

Currently Home port is the default 172.27.35.1
Time Capsule is 172.27.35.10
All devices on the network are in the Time Capsules 192.168.1.100-200 range - so it looks like for whatever reason, the Ooma is now only allocating the one IP and not more than the one I was trying to limit it to. Not sure what or how it happened, but not arguing.

Phone used twice tonight - both times worked fine. Even Sonos is working - woohoo! Going to bed before anything breaks...

Stats:

Download Speed: 17406 kbps
Upload Speed: 945 kbps
Download Consistency of service: 55%
Upload consistency of service: 96%
Download test type: socket
Upload test type: socket
Maximum TCP delay: 79 ms
Average Download Pause: 2 ms
Minimum round trip time to server: 89 ms
Average round trip speed to server: 93 ms
Estimated download bandwidth: 26400 kbps
Route concurrency: 1.5166563
Download TCP forced idle: 79 %
Maximum route speed: --

Thanks all - I'll update.

[EX Bell]

Sounds better. I actually experienced an issue, which at this point seems to be related to switching the Telo MAC address from Automatic to Built In. I switched it last night in an attempt to resolve a dropped call and one sided conversation issue, but instead my Telo seemed to have become unreachable by Ooma's server after a time.

It seemed to work fine all day, but early this evening a friend tried to phone us. She was calling from her cell phone and it rang on her end. My wife answered, heard a beep and the line was dead. On our friends side, she said the call just went dead and her phone said access denied. She tried to phone back, but just got a fast busy. When she contacted my wife on her cell phone and told us about the issue, I tried from my cell phone and also got a fast busy. I rebooted the Telo with a 2 minute off time and it worked normally again. An hour later I tried again and once more got a fast busy. So I set the Telo MAC address back to Automatic (which of course caused it to automatically reboot) and it's been fine for several hours now.

I don't have a cable modem, and reading the help files again in the Telo setup, it doesn't seem that a Telo that is connected like mine is (after the router) would benefit from changing the MAC address setting, since the Telo is not distributing IPs to a router or other computers on my network. So now I'm thinking that possibly the Time Capsule firewall has been blocking some network traffic at inopportune times. I don't really want to punch a hole in my firewall, but I don't mind if the Telo is exposed to the internet, since that's what Ooma is suggesting you do by putting it before your router.

To do this, under the Time Capsule Internet>NAT tab, I turned on "Enable default host at: 172.x.x.253" and I disabled the "Enable NAT Port Mapping Protocol" option since I don't want to use this function. Next, under the Internet>DHCP tab, I added a DHCP reservation for the Telo and entered its MAC address, with the IP reservation being the same IP as found in the "Enable default host at:" field previously noted.

Time Capsule help entry regarding NAT options

Enable default host: A default host is a computer on your network that is exposed to the Internet and receives all inbound traffic. A default host may be useful if you use a computer on your AirPort network to play network games, or want to route all Internet traffic through a single computer.

So far, this is working correctly. I'll update as the testing goes on.

By the way, where did your stats come from? Did this come from phonepower.com ?

These stats are missing:

Jitter you server:
Jitter server you:
Packet loss - you server:
Packet loss - server you:
Packet discards:
Packets out of order:
Estimated MOS score:

My understanding from reading posts here and information from elsewhere, is jitter needs to be low to avoid sound quality issues. Also I'm wondering if it's common for Download consistency to be around 55% as yours is. I've never had a score of less than 90% download consistency of service, no matter when I've run the test.

[spsmyk]

So made it two days without any problems and today all heck was breaking loose again. Phone calls cut off - other party can't hear me, etc.


Download Speed: 11980
Upload Speed: 973
Download Consistency of Service 56%
Upload Consistency of Service 98%
Maximum TCP Delay 73ms
Jitter you server 5.9ms
Jitter server you 0.5 ms
Packet loss: you server 0.0%
Packet loss: server you 0.0%
Packet discards 1.6%
Packets out of order 0.0%
Estimated MOS score 4.1

[thunderbird]

So made it two days without any problems and today all heck was breaking loose again. Phone calls cut off - other party can't hear me, etc.


Download Speed: 11980
Upload Speed: 973
Download Consistency of Service 56%
Upload Consistency of Service 98%
Maximum TCP Delay 73ms
Jitter you server 5.9ms
Jitter server you 0.5 ms
Packet loss: you server 0.0%
Packet loss: server you 0.0%
Packet discards 1.6%
Packets out of order 0.0%
Estimated MOS score 4.1

Download Consistency of Service 56%........Is usually around 80%, but at 56% would probably still work okay.
Jitter you server 5.9ms.........................Should be less then 5ms, will probably still work if the Packet discards were zero.
Packet discards 1.6%............................Should be zero. This will cause Quality of Service problems.

There probably is a problem with your Modem or Internet provider signal.

Check your Modem manual and see if you can do a reset of the modem. Some Modems have batteries installed which have to be taken out to do a rest, if your Modem has the reset function. Then test with Phonepower again.
If your Modem doesn't have a reset, try removing power from the Modem, then repowering the modem, and test with Phonepower again. Sometimes you have to do this over and over again to get a good Internet connection. Test with Phonepower until you get satisfactory readings.
If you still have problems, borrow or purchase a Modem and try it. If you purchase another Modem, in most cases you can return it, if it doesn't help.
If the Modem doesn't help, make sure that the Internet cable coming in from the street to the modem, is in good condition, and if there are splices, or other connections like splitters, in the Internet cable coming in from the street, that all of the connections are tight and in good condition.
If that doesn't help, contact your Internet provider and advise them of your problem.

[EX Bell]

spsmyk, since making this change in my Time Capsule, my connection stability and call quality have been very good.

under the Time Capsule Internet>NAT tab, I turned on "Enable default host at: 172.x.x.253" and I disabled the "Enable NAT Port Mapping Protocol" option since I don't want to use this function. Next, under the Internet>DHCP tab, I added a DHCP reservation for the Telo and entered its MAC address, with the IP reservation being the same IP as found in the "Enable default host at:" field previously noted.

Which generation of Time Capsule do you have and what is your firmware version? Mine is a 1st gen and I'm using version 7.6 firmware. It also seems you may have an issue with the connection from your ISP or your modem. I don't know a lot about the download consistency, but mine is always very high and of the two readings you've posted, yours is always below 60%. Mine is always above 90% (was 99% for both download and upload consistency the last time I ran this test myself). Also your jitter is high and will affect quality. My measured jitter from me to the server is usually 0, but goes as high as 0.5 ms. Serve to me is high when we're streaming video (I think it's because Time Capsule doesn't support QoS and I'm working on a solution to address that, but usually my jitter is measured below 1.0 ms. My packet discards are always 0%, so I don't know if yours being at 1.6% is an issue or not. No one actually ever said weather or not the less than 60% download consistency you have is normal or not, so I only have my score as a reference. Can someone comment?

Also, if you have your Time Capsule set to wireless N mode @ 5 Ghz, lower it to 2.4 Ghz and see if this helps. I've been able to raise mine up to 5 Ghz again, but only after dumping my old 5 Ghz Uniden phones that were interfering. I have Panasonic DECT 6.0 now and they're perfect.