Ooma Telo + Apple Airport Extreme
How to make them work together without the dreaded double NAT error
This is an Ooma Telo VOIP telephone interface box. If you have internet service via cable modem you can connect it to your home network and home telephones, fire your old school land line company and enjoy cheap internet phone service. I'm not going to go on about its features here. If you want to know more you can visit the Ooma web site.
The Ooma Telo box can be connected to any port on your home network without much thought. Simply connect the "To Internet" port to your network and it works. However, this is not optimal. Other devices on your network can sometimes hog all the bandwidth and interfere with voice quality. The best way to hook up the Telo is to put it between your network and all your other devices. This way it can give it's own packets priority over the others and avoid voice quality issues. The Telo has a built in NAT router to facilitate this.
This is how Ooma expects you to connect it.
For most users the Telo router's minimal feature set is fine but my network had some requirements beyond it's capabilities. I have a name server on my lan. The router DHCP server needs to let me specify the IP address of the my name server for the benefit of DHCP clients. Sadly, the Telo does not. It only sends DHCP clients the address of its own internal name server and there is no way I can override it. So, what to do. Ignore the wife's complaints about voice quality or lose a some lan functionality? I chose none of the above.
This is an Apple Airport Extreme WiFi router. It does everything I need to do as long as the Ooma Telo isn't involved. To get the best of both worlds I needed to put the Airport behind the Telo and let the Airport do the DHCP and NAT functions.
My first few attempts failed because my networking skills aren't all that great. I could get basic internet connectivity but no port forwarding. Later I discovered I could setup port forwarding in the Telo and it passed through the Airport fine but the Airport always complained about a 'double NAT error" and the indicator light flashed amber all the time. I won't waste your time with all the other stuff I tried before I found a configuration that worked.
By trial and error I discovered the "double NAT error" is triggered anytime the Airport sees a private lan IP address on the WAN (internet) port such as 192.168.x.x or 10.0.0.x or 172.16.0.x. Since the Telo DHCP server defaults to handing out IP addresses in the 172.16.x.x private IP range the Airport will complain about double NAT unless it's in bridge mode. Since bridge mode doesn't NAT I can't specify a name server so it won't work for me. However, the Telo can be configured to any IP address range on the LAN side. Can I get away using a DHCP range outside the private IP space that won't screw up normal operation?
Why yes. Yes I can. AMPRnet to the rescue. In the 1970s Hank Magnuski obtained a block of 16 million IP addresses for amateur packet radio use. It's 184.108.40.206/8 . At this time it seems to be mostly abandoned with only a few AMPRnet gateways in existence. Within this space is a block reserved for testing and is similar to the private IP addresses we are familiar with. It's 220.127.116.11/16 . I hoped Apple didn't know about this obscure private IP space and fail to test for it. And guess what... When I configured the Ooma Telo to use addresses in that range and configured the WAN side of the Airport with a matching static IP address it worked with out any double NAT errors! Whoo-Hoo! Green status light at last.
Here's the setup.
Airport "WAN" port connects to Telo "Home Network" port. Telo "To Internet" port connects to cable modem.
LAN addresses in the range 192.168.213.0/24
Airport Internet setup as static on 18.104.22.168
My local LAN name server is 192.168.213.20 (Set to IP of your nameserver)
You can also use DHCP mode and let the Telo assign the IP address.
The router mode needs to be set to DHCP and NAT
To access the browser based Telo configuraton page connect a laptop directly to the home network port and enter http://setup.ooma.com. (Telo has a name server in it at its lan IP address) The Ooma Telo home network port is then set to 22.214.171.124 and the DHCP is set to serve only 1 address 126.96.36.199 which is the address of the Apple Airport router. I set the DMZ to the Airport also.
I forwarded most of the ports to the Airport router. I had to avoid 1194 and a block above 40000 because Telo uses them. The Airport then forwards them to devices on my lan as required.
Telo port forwarding
The only down side to this setup is I can only access the Ooma Telo with 188.8.131.52 instead of setup.ooma.com. I can live with that.
Hit Counter = 13277