Got something else to discuss that is not covered by the previous forums? Post it here!
#106664 by kurt_dicke
Fri Feb 15, 2013 7:59 am
my config:
modem <-> ooma <-> router

why this config: ooma qos, router may not have this.

i tend to have visitors whom i give my wifi password. i would like to prevent them from configuring my ooma device, not that they would, or would even know how, it is just peace of mind having my network elements secure.
i currently can not password protect the ooma device.
#106822 by lbmofo
Mon Feb 18, 2013 4:23 pm
If you have Ooma ahead of the router, what's the chances of someone messing with http://setup.ooma.com or http://172.27.35.1?

If not comfy, just put Ooma after the router and do not forward port 80 to 172.27.35.1. This way, you can't get into setup.ooma.com unless you have a physical ethernet connection to the "Home Internet" port.

If you have to put Ooma ahead of the router, get a router with "Guest Network." Of course, if you do that, then router likely has QoS so might as well connect Ooma to the router right? :)
#107371 by kurt_dicke
Thu Feb 28, 2013 9:54 am
Since I own a device (not my router, but my ooma device) that performs QoS for VOIP and not a router with this capability, the best solution for me would be password protection of my device perfoming QoS and to place my QoS device in a location where it can do it. It is not the best solution for me to buy a new expensive router with the features you describe, open up my data closet and replace the router and reorder the devices.

Since neither my router nor my ooma device supports NAT loopback, any attempt from inside my LAN to browse my local server ends up on the internal port of my ooma device unless I have configured that user's computer. As I noted before, this port has no security.

If I "Allow access to web interface from INTERNET port" will this port be password protected? If not, moving the device behind my router would not completely solve my security issues. The ooma device is in a data closet and the internet port would be my only route for admin without physically connecting to the local port.

Looking through the history of forum, this security issue has been documented for years. My ooma device supports a phone in an elevator. It would be a shame if someone got access to my ooma device who didn't know what they were doing and disabled this service that is required by law.

> If you have Ooma ahead of the router, what's the chances of someone messing with http://setup.ooma.com or
> http://172.27.35.1?

> If not comfy, just put Ooma after the router and do not forward port 80 to 172.27.35.1. This way, you can't get into
> setup.ooma.com unless you have a physical ethernet connection to the "Home Internet" port.

> If you have to put Ooma ahead of the router, get a router with "Guest Network." Of course, if you do that, then router
> likely has QoS so might as well connect Ooma to the router right?
#107374 by lbmofo
Thu Feb 28, 2013 10:38 am
I think the best solution for this case is to put the Ooma on router and then do not do port forward.

Connect to device via "home internet" port and then disable QoS (set up/down all to 0). Set to use built in MAC.

Then forget about the device. It would work and no further admin needed.
#107410 by kurt_dicke
Fri Mar 01, 2013 7:28 am
lbmoto suggests i give up both my QoS for VOIP and my admin access because the Ooma device has no password protection.

I would like to know if lbmoto is a representative of Ooma or not.
If not, I am thankful to lbmoto for the advice on how to best deal with the situation we are stuck with.
However, I would appreciate it if I could get an official response from Ooma on the issue.

It would be sufficient for a statement along the lines of:

It [is | is not] in Ooma's plans for the near future to add password protection to the Ooma device.

Who is online

Users browsing this forum: No registered users and 7 guests