Ooma, DD-WRT and OpenVPN trouble

Something on your mind? Want to give us feedback on something in particular or everything in general? Tell us how we are doing!
Post Reply
Jackie_Treehorn
Posts: 8
Joined: Sun Apr 24, 2011 7:39 am

Ooma, DD-WRT and OpenVPN trouble

Post by Jackie_Treehorn » Wed Aug 22, 2012 6:16 pm

Hello everyone.

I've been a very long time and very happy Ooma customer. Just recently I started using a VPN service with my DD-WRT flashed router. I am using OpenVPN with my DD-WRT router. Today I noticed that my Ooma is not working.

My current setup is: Cable Modem - DD-WRT router - switch - Ooma. This setup worked fantastically until I added the OpenVPN setting into my router. Now when I pick up the phone, I get the Ooma dial tone, but after dialing a number there is nothing.

I am open to the idea of placing the Ooma unit back in front of the router if needed, but if a simple setting adjustment in my router will make things work, then that would be preferred.

Thanks for the help everyone. I really appreciate it.

daet
Posts: 359
Joined: Sat Apr 11, 2009 5:21 am
Location: Metairie, LA

Re: Ooma, DD-WRT and OpenVPN trouble

Post by daet » Wed Aug 22, 2012 6:46 pm

Make sure the following ports are open/forwarded by your router (they should be by default): UDP 53, UDP 123, UDP 514, UDP 1194,UDP 3386, UDP 3480, UDP 10000-20000, TCP 53 and TCP 443.

FWIW, I use a similar configuration. dd-wrt router (openVPN build), Telo behind the router. The build is Eko's 15943-snow:

dd-wrt.v24-15943_NEWD_openvpn_jffs_small

DG
Ooma customer since April 2009
Ooma equipment: Hub ; Telo + 4 handsets
Ooma service: Annual Premier subscription

murphy
Posts: 7165
Joined: Tue Jan 27, 2009 12:49 pm
Location: Pennsylvania

Re: Ooma, DD-WRT and OpenVPN trouble

Post by murphy » Wed Aug 22, 2012 6:47 pm

Where does the vpn go?
You are probably forcing the Ooma traffic to go through the vpn.
Ooma uses a vpn to it's servers so now you have Ooma's vpn inside of your vpn.
You need to configure your router so the Ooma traffic does not go through your vpn.
How you do that I have no idea.
Customer since January 2009
Telo with 2 Handsets, a Linx, and a Safety Phone
Telo2 with 2 Handsets and a Linx

Jackie_Treehorn
Posts: 8
Joined: Sun Apr 24, 2011 7:39 am

Re: Ooma, DD-WRT and OpenVPN trouble

Post by Jackie_Treehorn » Thu Aug 23, 2012 3:30 am

daet wrote:Make sure the following ports are open/forwarded by your router (they should be by default): UDP 53, UDP 123, UDP 514, UDP 1194,UDP 3386, UDP 3480, UDP 10000-20000, TCP 53 and TCP 443.

FWIW, I use a similar configuration. dd-wrt router (openVPN build), Telo behind the router. The build is Eko's 15943-snow:

dd-wrt.v24-15943_NEWD_openvpn_jffs_small

DG
Actually I don't see that those ports are open at all in the router. I do have UPnP enabled there and there are many ports open that I didn't open specifically, so I know that the service is opening ports that it has been asked to by an application.

When you say that they should be open by default, are you meaning to say that if I have UPnP enabled in my router, than my Telo should automatically tell my router to open those ports?

I'm wondering if a reset of the Telo is in order.

Jackie_Treehorn
Posts: 8
Joined: Sun Apr 24, 2011 7:39 am

Re: Ooma, DD-WRT and OpenVPN trouble

Post by Jackie_Treehorn » Thu Aug 23, 2012 3:36 am

murphy wrote:Where does the vpn go?
You are probably forcing the Ooma traffic to go through the vpn.
Ooma uses a vpn to it's servers so now you have Ooma's vpn inside of your vpn.
You need to configure your router so the Ooma traffic does not go through your vpn.
How you do that I have no idea.
My VPN is with privateinternetaccess.com and I do believe you are correct with your statement. Since my router controls my VPN settings and everything that is behind the router sends information through my VPN service, then it would only make sense that Ooma is indeed trying to connect to it's own VPN through my VPN.

I would think the simplest solution would be to place the Telo in front of the VPN enabled router. That should make the Telo work as intended. I'm not sure if the Telo would pass thru my internet signal to my router correctly however. Perhaps placing my router behind the Telo AND placing the router IP address in the DMZ of the Telo would make things squeaky clean...

ernieb
Posts: 24
Joined: Tue Jan 26, 2010 7:15 pm

Re: Ooma, DD-WRT and OpenVPN trouble

Post by ernieb » Fri Aug 24, 2012 4:56 am

I run Tomato firmware on my router. Similar but not the same. I use the script below to create the VPN tunnel for some, but not all, clients. I have my Ooma outside of the VPN range.

I call the script file vpn_route.sh.

Code: Select all

#!/bin/sh

if [ "$script_type" == "up" -o "$script_type" == "down" ]
then
	/rom/openvpn/updown.sh
fi

if [ "$route_gateway_1" != "" ]
then
	VPN_IP_LIST=$(nvram get vpn_client1_ip_list)
	VPN_TBL=$(nvram get vpn_tbl_1)
	if [ "$VPN_TBL" == "" ]
	then
		VPN_TBL=101
	fi
elif [ "$route_gateway_2" != "" ]
then
	VPN_IP_LIST=$(nvram get vpn_client2_ip_list)
	VPN_TBL=$(nvram get vpn_tbl_2)
	if [ "$VPN_TBL" == "" ]
	then
		VPN_TBL=102
	fi
fi

export VPN_GW VPN_IP VPN_TBL

# delete rules for IPs not on list
IP_LIST=`ip rule show|awk '$2 == "from" && $4=="lookup" && $5==ENVIRON["VPN_TBL"] {print $3}'`
for IP in $IP_LIST
do
	DEL_IP="y"
	for VPN_IP in $VPN_IP_LIST
	do
		if [ "$IP" == "$VPN_IP" ]
		then
			DEL_IP=
		fi
	done

	if [ "$DEL_IP" == "y" ]
	then
		ip rule del from $IP table $VPN_TBL
	fi
done

# add rules for any new IPs
for VPN_IP in $VPN_IP_LIST
do
	IP_LIST=`ip rule show|awk '$2=="from" && $3==ENVIRON["VPN_IP"] && $4=="lookup" && $5==ENVIRON["VPN_TBL"] {print $3}'`
	if [ "$IP_LIST" == "" ]
	then
		ip rule add from $VPN_IP table $VPN_TBL
	fi
done

if [ "$script_type" == "route-up" ]
then
	VPN_GW=$route_vpn_gateway
else
	VPN_GW=127.0.0.1  # if VPN down, block VPN IPs from WAN
fi

# delete VPN routes
NET_LIST=`ip route show|awk '$2=="via" && $3==ENVIRON["VPN_GW"] && $4=="dev" && $5==ENVIRON["dev"] {print $1}'`
for NET in $NET_LIST
do
	ip route del $NET dev $dev 
done

# route VPN IPs thru VPN gateway
if [ "$VPN_IP_LIST" != "" ]
then
	ip route del default table $VPN_TBL
	ip route add default via $VPN_GW table $VPN_TBL
#Add rules for DNS servers so they route through the VPN too
	ip rule add to 216.131.95.20 table $VPN_TBL
	ip rule add to 216.131.94.5 table $VPN_TBL
	ip rule add to 208.67.222.222 table $VPN_TBL
	
	logger "Routing $VPN_IP_LIST via VPN gateway $VPN_GW"
fi

# route other IPs thru WAN gateway
if [ "$route_net_gateway" != "" ]
then
	ip route del default
	ip route add default via $route_net_gateway
fi

ip route flush cache

exit 0
Then I added some additional parameters to the OpenVPN command line

Code: Select all

script-security 2
route-up /root/vpn_route.sh
down /root/vpn_route.sh
hat tip to the folks over at linksysinfo.org. I can explain this in more detail if you'd like.

dknyinva
Posts: 268
Joined: Sat Feb 07, 2009 7:21 am
Contact:

Re: Ooma, DD-WRT and OpenVPN trouble

Post by dknyinva » Sat Aug 25, 2012 4:57 am

Both Ooma VPN and OpenVPN are using port 1194 by default. I would change the port on the dd-wrt OpenVPN to something else and see if that would help resolve it.

Thanks

Jackie_Treehorn
Posts: 8
Joined: Sun Apr 24, 2011 7:39 am

Re: Ooma, DD-WRT and OpenVPN trouble

Post by Jackie_Treehorn » Sun Aug 26, 2012 9:37 am

dknyinva wrote:Both Ooma VPN and OpenVPN are using port 1194 by default. I would change the port on the dd-wrt OpenVPN to something else and see if that would help resolve it.

Thanks
Brilliant!

I simply changed OpenVPN from the default port of 1194 to port 1195 in DD-WRT --> Services --> VPN, OpenVPN, clicked apply and then rebooted the router.

Now my Ooma is working perfectly once again! Thank you for the help.

#solved

Jackie_Treehorn
Posts: 8
Joined: Sun Apr 24, 2011 7:39 am

Re: Ooma, DD-WRT and OpenVPN trouble

Post by Jackie_Treehorn » Mon Aug 27, 2012 3:20 pm

It looks like it proclaimed this #solved a bit too soon.

While changing the OpenVPN port to 1195 from 1194 did indeed allow my Ooma to function properly once again, it also disconnected me from my paid VPN service. Now my router is not connecting to the VPN service. My internet still works, but my real IP address is exposed to the world instead of the alternate IP address provided by my VPN service.

So there must be an additional setting that needs to be changed in addition to changing the port to 1195 on the OpenVPN page.

Thanks for the additional support.

Post Reply