How do I access the OOMA setup page without using the Home Port? This article will answer that technical question, but first, I must tell my OOMA story. (Skip on to the real technical stuff…)
When people, those whom I have shared my telephone number with, call my home, they are talking to me or my family over OOMA. OOMA is a VoIP (Voice over Internet Protocol) provider that competes with services such as Vonage, Packet 8, Skype, etc. It has been well over a year now since I gave up my Vonage account in favor of an OOMA device (www.ooma.com). Since the switch, I have paid very, very little for telephone service: the cost of the device, the cost of their premier annual service subscription, and a few cents for international calls to Canada.
Some things distinguish OOMA from other VoIP providers. For example, with OOMA, you buy the OOMA device for a one-time fee (OOMA Telo $249.99 and up as of 1/20/2001) and then have no phone bill, other than some taxes and regulatory fees just like a land line. With the device alone, you get most common call features including caller-ID, call-waiting, voicemail, and the ability to either use OOMA Telo handset or plug in your existing phone system – plus free calling to anyone anywhere in the United States. OOMA devices support e911 service AND can also be hooked up to both the Internet and a backup landline – in case you are concerned about being able to dial 911 when your Internet is down. The OOMA Telo version, which is newer than the OOMA Hub version, supports higher quality voice and is expandable via Bluetooth a USB adapter for some truly interesting additional features for the tech savvy.
An annual service subscription is optional but at $119.99/year, as of 1/20/2001 gives access to an instant second line (not call waiting, that’s free, but the ability to use two lines at once when used with the OOMA Telo Handset), three-way conferencing, multi-ring (ring my phone and the my cell at the same time), allows screen calls as they are leaving voicemail (just like an old answering machine attached to a landline) even though the recording is happening across the Internet/Cloud on OOMA’s servers. Voicemails are then accessible online or from the device AND the audio is available to screen like an old fashioned answering machine – I can choose to pick up or not based upon what I hear. There is also the ability to forwards voicemails as email attachments, reject anonymous calls OR send them to voicemail, community blacklists (which I send to voicemail), customizable personal blacklists, call forwarding, a custom ring for my 2nd line… etc… the list does go on. So, I spend about $120/year on my house phone service in total after buying the OOMA device. I originally paid about $250.00 for my device. As an early adopter, I had the OOMA hub and then out came the new and improved OOMA Telo. I drooled and paid a trade up fee. While Vonage was costing me in hardware and service, about $600/year including long distance – I got my first year and a half on OOMA at about $470.00 in total – and I got way more features for that price. I expect my second year to cost me about $120. I like getting a good deal for a cool thing – and that is what I feel I got with OOMA.
I had been slowly watching as the phone batteries in my ATT multiple handset devices – plugged into my OOMA – started to lose their battery life. Such is life and I could just replace the rechargeable Ni-Cad batteries. However, I also had seen that OOMA released the OOMA Telo + Handset upgrade offering for existing OOMA hub owners. So, I decided to upgrade to the new device, which was purported to have better call quality, some really cool blue-tooth integration (like the ability to transfer calls to a headset). So, I bought, and had a defective OMAA handset (the #2 button would not register when pressed). OMAA replaced the handset for me – sending me a new one – having me send the failed one back, with the RMA they provided. But then I found a problem. The old handset was registered still as handset 1 and my new one as handset 2. Technically, this worked just fine – but I wondered what would happen when I decided to replace my other failing ATT phones with more OOMA Telo handsets. The OOMA Telo can have up to 4 handsets (and with the Bluetooth adapter can pair up to 7 headsets)! So, I called OOMA support and they gave me the setup command below to fix the problem. Ultimately their solution worked and I am happy with my OOMA Telo and look forward to testing it with my Bose QC3 Bluetooth adapter, my Plantronics Bluetooth headset, and my T-MOBILE HTC Touch Pro 2 cell phone.
Accessing the OOMA setup page without using the Home Port
According to the OOMA telephone support representative, I needed to access setup.ooma.com from a computer attached to my OOMA Telo’s Home Port. Depending upon how the OOMA device is deployed in the network – this can be very inconvenient. OMAA seems to prefer customers setup their device so that it fits the following network design:
Option 1: Internet –> Modem –> OMAA –> Router
NOTE: OOMA device’s “Internet” port is attached to modem and “Home” port is attached to the router’s WAN/Internet interface.
This method allows the OMAA device to not have deal with router settings. To OMAA’s credit, that is not really bad thinking because there are a lot of router vendors out there and many routers do not perform well. OOMA wants their device to do the Quality of Service needed to make sure your voice packets are given the highest priority. However, many IT people, avid gamers, XBOX players, small business owners, etc. may find the following configuration more useful for controlling their network:
Option 2: Internet –> Modem –> Router –> OMAA
NOTE: OOMA device’s “Internet” port is attached to the router just like any other PC on the network. Nothing is attached to the OOMA device’s “Home” port.
This 2nd option requires configuring your router to handle and Quality of Service but also means you don’t have deal with OOMA as a port forwarding device, etc., when setting up other things on the network such as XBOX 360’s access to XBOX Live. Although this configuration requires more knowledge of how to configure the router, it is probably preferable since many routers support Universal Plug and Play allowing devices, like the XBOX 360, and PCs, to dynamically tell the router which ports to open and close. Since I do not trust OMMA to be a firewall (for no reason other than that they are not a firewall company) I prefer the 2nd scenario. Besides, I know my router and how to configure it, but I know little about configuration of my OOMA device as a router.
A quick search on the web for how to setup option 2 gives: http://dailybeagle.com/2009/09/how-to-configure-the-ooma-hub-to-work-behind-a-router/ I credit this article and the posts associated with it for helping point me to the right solution – although the guidance it gave did not work for me – it did cause me to investigate the issue further.
One of the chief complaints about option 2 is that the setup.ooma.com home page is only accessible, by default, if accessed through the OOMA device’s “Home” port. No doubt OOMA has made the device this way for security purposes. If you could access the setup page from the OOMA device’s “Internet” port then so could anyone on the public Internet who wanted to play with your device. Not being familiar with the OOMA device itself, but being an IT professional (this article and its contents are my personal opinion and not that of my employer) – I feel confident in saying that the OOMA device is designed as Firewall / NAT / QOS / Router in addition to the obvious telephony functions. It appears to have a built in web server that serves up the setup page on its “Home” port address which is configurable but defaults on the Telo to 172.27.25.1. When a PC or a router is connected to this port, the OOMA device uses a built in DHCP server to serve up an address to the PC/Router and assigns its own address 172.27.25.1 as the default gateway. This means that the attached device will send all packets destined for remote networks to the OMAA device for routing. The OOMA Telo listens on port 80, the standard http port, for traffic from this internal “Home” port. It also maintains some sort of DNS server or cache mechanism to redirect setup.ooma.com to its own home port address for those clients that forward packets to it. I validated this by attaching a PC to my OOMA Telo’s home port and accessing both http://172.27.35.1 and http://setup.ooma.com. Don’t get confused here – setup.ooma.com is directed to the OOMA device only when the requesting system is forwarding packets though the Home port.
Neither setup.ooma.com nor 172.27.35.1 is accessible from the Internet side of the OMAA device by default because the device is a firewall/NAT. It is bad practice for a firewall/NAT device to expose its private network (HOME in OOMA’s case) to the other side (Internet in OOMA’s case). However, if AND ONLY IF, you have setup your OOMA device behind another firewall, you, like me and others, may not want your OOMA device to shield you from accessing its setup page in this manner.
The dailybeagle.com article above suggests simply adding the Home port IP address to the DMZ address. This may have worked on the OOMA Hub (I did not test) but it did not work on my OOMA Telo. Maybe it worked on older versions of the OOMA Telo’s firmware. Making this change seems logical because a DMZ is an address to which all ports are forwarded. Forwarding all traffic coming to the OOMA device’s Modem Port to the DMZ address. However, like many devices, the OOMA just seems to not care to forward a packet back to itself. The OMMA device has two addresses – at the MAC level: Modem Port MAC address & Home Port MAC address. These MAC addresses what IP addresses are resolved to in the final stage of sending traffic from device to device. This is analogous to having both a front door and a back door on your house with two house numbers on different streets. If you had a package in the front door to your kid and tell him to deliver the package to your own back door address – the kid is just going to stand there because the package is already there. Firewall devices are especially sensitive to this because it would look suspicious to send traffic through the front, out the back, and then back into the back again. Because OOMA is acting as a firewall device, I was not surprised to see this fail. Had it succeeded I would have been deeply concerned about the overall security of the OOMA device when used in the configuration OMAA seems to prefer.
The configuration that I tried next was the one that worked: A port forwarding rule. I simply setup my laptop on the home port with the default OOMA device configuration and let it grab an IP address from the OOMA’s internal DHCP server. Then I went to http://setup.ooma.com, navigated to Settings, Advanced, scrolled down to “Add New Rule” and clicked it. Under start port, I entered: 80. Under TCP, I left the default TCP. Under Forward to address, I put the Home port address used by the OOMA device, default 172.27.35.1. I left all other fields blank and then clicked OK. Then I disconnected my laptop from the Home port and reattached it to my router. At that point, I opened my web browser to http://192.168.1.100 (the address my router had assigned to the OOMA Modem Port’s MAC address). I could see the setup page just fine. Mission accomplished. Or not… Yes, I could access the page by IP address but not by http://setup.ooma.com. Technically this does not seem to be a problem since the setup page seems to use relative addresses properly. I can now just substitute http://192.168.1.100/… whenever I need http://setup.ooma.com. But why does this method work? OOMA’s team has clearly decided, like many other outer teams, to allow port forwarding but not DMZ publishing of the internal address. This port forwarding rule is like telling your kid, in the dual addressed house example, to explicitly take the package go out the back door then turn around and set it inside the door. As the device go to forward the packets, it must send them out its network stack headed towards the remote network. It knows the forward must be to an address that is out the Home port. However, my suspicion is that much like any other operating system network stack, at some point the stack realizes the packet is for itself and sends it back up the stack. This is like placing a child outside the back door and having hundreds of packages that are destined for you neighbors – with the kid at the back door running them to the neighbors when you sent them in the threshold from the inside of the back door – but if he sees and one addressed for home, he sets it back inside. Here is a picture of the solution:
Now, if you really want to access this via the name http://setup.ooma.com instead of http://<whateveraddressyourrouterassgiend> then you need to either have a router that runs a DNS server, where you can add a host entry, or make a host file entry on the computer you use to manage the device. To make a DNS entry on your router you will probably need advanced router software like dd-wrt – and is beyond the scope of what I am willing to write in this post. There are other great blogs out there about dd-wrt. Do not make the mistake of thinking you can resolve this name resolution problem by making a DHCP entry. DHCP assigns IP addresses not DNS names (although some routers that run both may integrate the features). Home users routers usually point at a DNS service but do not run one. My Linksys 610N has not been updated to dd-wrt yet – and does not have a DNS server service (ok, it was released since I wrote this but I have not updated my device).
To make a host file change to allow this simply open notepad.exe. Then click file, open and enter %systemroot%\system32\drivers\etc\hosts as the file to open.
The file should look something like this:
After the last line enter your device’s IP address (mine was 192.168.1.100) then TAB then setup.ooma.com. Here is my finished hosts file.
If you have problems saving the change, try opening notepad from the start menu, by right clicking it and choosing “Run as Administrator”. This will likely be necessary on Windows 7 and Vista due to User Account Control.
After you either make configure your router’s DNS service or use the host method above you should be able to access http://setup.ooma.com with the option 2 configuration. Remember to remove the forward rule if you ever revert to Option 1!
Ok, so that got me access to setup.ooma.com without having to deal with the home port. Here is the command OOMA gave me to reset the handsets:
http://setup.ooma.com/cgi-bin/mfgdiags/frontpanel/unlock_hs.lua. Just visiting this URL sends an instruction to the OOMA Telo.
After doing so, reset the phones you want to associate:
1. Go to https://my.ooma.com/account/system and retrieve your setup PIN. You will need this in step 4 to let your TELO handset associate with your ooma device.
2. Hold down the red end-call button on the TELO handset until it shuts off.
3. Press and hold the upper right icon (radio tower) on the OOMA about 5 seconds – until it begins to flash.
4. Press the red-end call button on the TELO handset and then immediately press and hold the soft key button “-“ in the upper left hand corner while simultaneously pressing the button in the lower right corner with the circle process icon. The handset should show “autoregistration” and then ask for a PIN if successful. The timing is tight and if you missed the brief window for the key press – you will have to start over at step one.
I hope you find this bit of information useful.