[Solved] Ooma not working

  • Its weird. Its an Ooma telo for Voip phones. It worked fine with old (cisco rv325 router w/dhcp ) giving ooma and address. Now running pf sense on lan to work out kinks before it connects to comcast modem.

    Device wont take ip from pfsense, or so it seems. And comes up with 3 different ip's so far and 1 i tried to reserve, but stll shows 3 different ip's.
    And no dial tone.

    Help ?

  • Netgate Administrator

    If you really have the conflicting subnets shown in your other thread then it's not surprising. I'd be surprised if anything worked if that's the case.


  • You're answering me in my Renaming Interface thread. So we should finish there ?

  • Netgate Administrator

    Well dhcp probably wasn't even starting with those conflicts. Check the logs and status > service page to make sure it is after correcting the subnets.
    Check the dhcp status page.


  • Dhcp was working for Rokus and they are connected to internet and Lan.

  • in dhcp leases page 3 ip's and there 3 reservations, dont have a trash can icon.

  • Netgate Administrator

    Ok so if they are all connected to OPT1 as shown in your diagram and the Roku devices did pull an IP then other devices in that subnet should also. Assuming they are configured as dhcp clients that is.
    Not sure what connection to LAN they had if they're are on OPT1 but that would be routed if you have rules to pass it.


  • opt1 has a rule going to Wan

    When i reset ip's i made rules for them to see each other and Wan

  • that didnt help

  • VoipRules.jpg

    Your outbound rules should show up like this. Not with destination to WAN NET or Address.

  • Ooma's not Voip the way Freepbs is.
    its a box that plugs into network. Has a phone jack on the back next to lan port.

    If this doesnt matter, why did it matter with cisco router?

    i dont have a VoIP tab up there, or routing, i only have, floating, wan, lan, and opt1 and 2. How do i get that up there ?

  • I showed you an example. You need to use a little logic. Whatever interface your phone thing is plugged into has to have access through the interface. The above example is how you do it.

    Can you show a screenshot of your interface rules?

  • Screenshot_2020-01-13 MyRouter localdomain - Firewall Rules 1_GIG_LAN.png

  • saw my pic and went in to change protocol to any

  • 😉

  • didnt work.

    Do i need the Voip tab with a rule for a half assed Voip ??

  • No. Devices do not care what you name your interface. Your device simply needs its internet access. If you plug in a computer into these ports does it get out to the internet?

  • 5 port switch had Ooma, port 2 an 3 are Rokus and port 4 is FireTV. Already swappped devices in ports, everything connected exept ooma

  • @x88dually

    Does the Ooma have to go out for a TFTP transfer in order to work? You may need to adjust and use the TFTP proxy..

  • not sure. Theres no real documentation on config other then plug into router, turn on, make calls 5 min later

    It worked fine with dhcp from cisco router, i dont get it. Other then it not plugged into pfsense, but a switch first

  • Well- VOIP was never intended to be behind any kind of NAT when first implemented. It was hacked into the spec later when services like Vonage came around.

    You are trying to double NAT right now. Im not sure why it works with some and not with others but that is the case.

    But you could try putting some inbound firewall rules in place pointed at the Ooma device address. You need to find out what the device is trying to connect to by looking at your state table and watching firewall logs.

    Who is your VOIP provider?

  • Also- go to System/Advanced.. /system_advanced_firewall.php on your firewall.

    Down to "Network Address Translation"

    "TFTP Proxy"

    Select the interface your Ooma resides on.

    Down to the bottom of the page and click "save"

    I do not know if you need a reboot or not.

    See if that helps.

  • OOma, theyre kinda like vonage

  • Ok..

    I thought OOma was just the device.. Im a Voipo guy so know them best..

    Let me see if I can find some server info..

  • This post is deleted!

  • From system/logs/dhcp : the last 3 lines. Firewall logs have nothing about ooma

    Jan 13 17:42:05 dhcpd reuse_lease: lease age 1514 (secs) under 25% threshold, reply with unaltered, existing lease for
    Jan 13 17:42:05 dhcpd DHCPREQUEST for from 00:18:61:2e:8e:7f (myx_0018612E8E7E) via igb1
    Jan 13 17:42:05 dhcpd DHCPACK on to 00:18:61:2e:8e:7f (myx_0018612E8E7E) via igb1

    I did turn on Nat

  • Did you have to make rules for Voipo ?

  • Yep

    Inbound rules with the phone as the destination.

    Server SIP and RTP ports. No port forwards only firewall rules. I do it with all my customers.

    Otherwise SIP traffic can sometimes look like unsolicited traffic and get blocked.

  • ok, where do i dind those ??

  • Looks like the device connects via a VPN..


    Follow this and see. You have to plug into their port.

  • Setup static port on your OOma device address.

    Instead of port 5060 in this article do it for port 1194


  • Netgate Administrator

    OpenVPN shouldn't care about the source port. If they have broken OpenVPN that's an achievement!

    However it won't connect at if it's not pulling a DHCP lease. The logs you showed seem to indicate it did pull an IP assuming your have confirmed 00:18:61:2e:8e:7f is the Ooma device?
    Does it show a current lease in Status > DHCP Leases?

    Check the states it has opened. Go to Diagnostics > States and filter using it's IP address, if it has not changed.
    Show us what states are open for that if any.


  • @stephenw10 said in Ooma not working:

    OpenVPN shouldn't care about the source port. If they have broken OpenVPN that's an achievement!

    Im trying to remember but I believe this would not be the first time someone did..

  • Netgate Administrator

    Ha, well I could certainly believe that! But OpenVPN is what you choose when your device has to be able to plug into any router and connect out as Oooma does. If they broke the server end so it required a static port that would be some spectacular foot-shooting. 😉
    It would also limit them to just one device per public IP which seems like a bad decision.


  • @stephenw10 said in Ooma not working:

    It would also limit them to just one device per public IP which seems like a bad decision.

    Many VOIP providers skirt this by sequentially numbering the ports. My phone uses 5060, 5062 and 5064 for my three lines right here.

    My guess is that if someone wanted more than one OOma device at their house then support would do something similar with their VPNs. I wonder how many do though. Or how many lines that OOma device can do?? two or possibly three depending.

    There is a saying that a Ford engineer will step over 20 hookers to screw a mechanic.. Sometimes I believe the same about software and system engineers and IT personnel..

  • still working on all this and nothing.
    made a few rules but no clue if theyre right.

    think i'm giving up for the night

  • on ooma, i can forward a port, but its 5060 to port 80 om device

  • ok, Ooma ip isn't showing in diag/states/Wan or in its own Lan. But, roku and fireTv's show up in both logs, So WTF ?? The device shows its got an internet connect, but no vpn or tunnel. And i changed it to static ip on device. But old or new ip, neither shows up in logs i already said and checked.

    Think i'm gonna call it a night now.

    Thx for the help so far.

  • Netgate Administrator

    Hmm, well if it's getting an IP but not opening any states then it's either just not trying to connect or being blocked.

    Check Status > System Logs > Firewall for any blocked traffic from the Ooma IP.

    Ultimately running a packet capture in Diag > Packet Capture on the interface it's connected to and filtered by it's IP.
    That will show you what it's doing, if anything.


  • Jan 14 11:28:38	LAN	TCP:S
    Jan 14 11:28:36	WAN	[fe80::1daf:bef0:18ce:e5be]:56059	[ff02::c]:1900	UDP
    Jan 14 11:28:32	WAN	[fe80::1daf:bef0:18ce:e5be]:56059	[ff02::c]:1900	UDP
    Jan 14 11:28:29	WAN	[fe80::1daf:bef0:18ce:e5be]:56059	[ff02::c]:1900	UDP
    Jan 14 11:28:26	WAN	[fe80::1daf:bef0:18ce:e5be]:56059	[ff02::c]:1900	UDP
    Jan 14 11:28:22	WAN	[fe80::1daf:bef0:18ce:e5be]:56059	[ff02::c]:1900	UDP
    Jan 14 11:28:21	LAN	TCP:S
    Jan 14 11:28:19	WAN	[fe80::1daf:bef0:18ce:e5be]:56059	[ff02::c]:1900	UDP
    Jan 14 11:28:16	WAN	[fe80::1daf:bef0:18ce:e5be]:56059	[ff02::c]:1900	UDP
    Jan 14 11:28:14	LAN	TCP:S
    Jan 14 11:28:12	WAN	[fe80::1daf:bef0:18ce:e5be]:56059	[ff02::c]:1900	UDP
    Jan 14 11:28:10	LAN	TCP:S
    Jan 14 11:28:09	WAN	[fe80::1daf:bef0:18ce:e5be]:56059	[ff02::c]:1900	UDP
    Jan 14 11:28:08	LAN	TCP:S
    Jan 14 11:28:07	LAN	TCP:S
    Jan 14 11:28:06	WAN	[fe80::1daf:bef0:18ce:e5be]:56059	[ff02::c]:1900	UDP

    Thats from Sys log/firewall/dynamic

    Do i make a specific rule just for this somewhere ?

Log in to reply