How I hooked up VOIPo

[ctaranto]

I'm hoping this information will help new comers to VOIPo. I've received lots of help from others on this forum and would like to contribute something back.

First, the thread where I was having trouble (long, but may be worth the read):
http://forums.voipo.com/showthread.php?t=1851

I am using a Linksys WRT54GL as my main router, connected to the Cable Modem. I liked the Tomato 3rd party firmware for it's excellent QoS features. After having issues with my previous VoIP provider (losing reauthentication randomly), I came across this:
http://www.broadbandreports.com/foru...h-VOIP-warning

So, I replaced Tomato with DD-WRT (http://www.dd-wrt.com). It's QoS is not nearly as nice as Tomato, but I'm hoping it's good enough. I have it running on both my WRT54GL routers (see below). Please *PLEASE* read the instructions on the dd-wrt page. It's quite easy to brick your router if not done right (I bricked an older WRT54G v4 a few weeks ago because I didn't read all the instructions).

My network currently looks like this:

HTML Code:

Cable Modem --- WRT54GL --- RT31P2 (VOIPo)
                   |
                   ---------- Old PC in Basement
                   |
                   ---------- Linksys 5 port switch (goes to 4 other devices)
                   |
                   ---------- Linksys WRT54G-TM (T-Mobile Router for @Home)
                   |
                   ---------- Many wireless devices, including:
                                Laptops (2)
                                Kids' PC
                                Another WRT54GL (Bridged)
                                Wii
                                PSP

Hooking these up with the correct settings was the interesting part. I'll only concentrate on the first WRT54GL and RT31P2 devices (and only the settings the pertain to core communications between the two devices). Wireless security and other doodads are up to you (but if you need help, feel free send a PM).

WRT54GL settings:
Setup tab
WAN
Connection Type: DHCP (IP provided by ISP)
STP: Disable

Router IP
Local IP Address: 172.20.0.1
Subnet Mask: 255.255.255.0
Gateway: 0.0.0.0
Local DNS: 0.0.0.0

Network Address Server Settings (DHCP)
DHCP Type: DHCP Server
DHCP Server: Enable
Start IP Address: 172.20.0.100
Maximum DHCP Users: 51
Client Lease Time: 1440 Minutes (default)
Static DNS 1, 2, 3: 0.0.0.0
Use DNSMasq for DHCP: checked
use DNSMasq for DNS: checked
DHCP-Authoritative: checked

Security tab
Firewall Protection
SPI Firewall: Enabled
Additional Filters: all unchecked
Block WAN Requests
Block Anonymous WAN Requests (ping): checked
Filter Multicast: checked
Filter WAN NAT Redirection: unchecked
Filter IDENT (Port 113): checked

NAT/QoS tab
Port Forwarding: None
Port Range Forwarding: None
DMZ: Disabled
QoS
Services Priority
bittorrent: Bulk
MAC Priority
MAC Address (enter WAN MAC of RT31P2): Premium

On to the RT31P2:
Setup
Internet Setup:
Static IP
IP Address: 172.20.0.3
Subnet Mask: 255.255.255.0
Default Gateway: 172.20.0.1
DNS 1: 172.20.0.1
DNS 2,3: 0.0.0.0

Network Setup:
Router IP
Local IP Address: 172.20.0.2
Subnet Mask: 255.255.255.0
Local DHCP Server: Disable

Advanced Routing
NAT: Enable
Dynamic Routing: Disable

Applications & Gaming
Port Range Forwarding: None
Port Triggering: None
UPnP Forwarding: None
DMZ: Disable
QoS: Disable

Adminstration
UPnP: Disabled


Now for the wiring hookup.

Wire from Cable Modem to WRT54GL WAN
Wire from WRT54GL LAN to RT31P2 LAN (I used Port 2)
Wire from RT31P2 LAN (Port 1) to RT31P2 WAN

I only connect systems (laptops, PCs, consoles, etc.) to the WRT. It provides IP addresses and handles all the traffic in and out of the house. In the end, you can administer the WRT at 172.20.0.1 and the RT at 172.20.0.2.

In short, the RT went from a router to a switch. Voice traffic only goes in and out of the RT WAN Port, so by connecting the WAN to the LAN within the RT, it's moving out the WAN of the RT and into the LAN of the RT, and then out the LAN of the RT into the WRT, and then out to the internet (and vice versa).

This has been rock solid for me for 3+ days (not long, but long enough to prove reauth works fine). My wife was on one call yesterday for 3.3 hours. No disruptions, disconnects, etc. I find it interesting (and wonderful) that this works without port forwarding and/or DMZ.

My goal was to put the WRT first in line due to it's stronger firewall. I attempted to put the RT first, but found that many ports were either open or closed (not stealth). A great resource to test for security is "Shields UP!" at http://www.grc.com. In my currently setup, all ports appear to be "stealth"

If I find that this fails reauth in the future, I'll provide an update.

Feel free to ask questions or for clarifications. I can update this post with necessary information.

Thanks,

-Craig

[lost_]

So, I replaced Tomato with DD-WRT (http://www.dd-wrt.com). It's QoS is not nearly as nice as Tomato, but I'm hoping it's good enough.

I'm running Tomato on a Buffalo router -- no problem so far.

Now for the wiring hookup.

Wire from Cable Modem to WRT54GL WAN
Wire from WRT54GL LAN to RT31P2 LAN (I used Port 2)
Wire from RT31P2 LAN (Port 1) to RT31P2 WAN

Any particular reason why you needed to go through RT LAN to WAN? It's practically the same as RT WAN being connected directly to router LAN, without the dummy switching on the RT LAN.

I simply hooked up mine the way I have always hooked up ATA for years with no issue or any port forwarding needed:

Cable Modem -> Router -> ATA's WAN Port.

Also, instead of setting the static IP on the RT, just leave RT in DHCP mode and set the DD-WRT to hand out static IP to the RT. No need to manually set DNS server on the RT either.


EDIT: I read the original thread, and errr... well... if that works for you, great! (to quote DSLR: "on second thought, I do not wish to post").

[ctaranto]

Any particular reason why you needed to go through RT LAN to WAN? It's practically the same as RT WAN being connected directly to router LAN, without the dummy switching on the RT LAN.

The behavior for me is different. I'm guessing here, but possibly connecting to the LAN instead of WAN bypasses some "stuff" in the RT. I read about hooking things up this way and the poster gave a reason. I'll have to find the site/post.

I simply hooked up mine the way I have always hooked up ATA for years with no issue or any port forwarding needed:

Cable Modem -> Router -> ATA's WAN Port.

Yep. Tried that. Worked for a little while, but kept losing reauth.

Also, instead of setting the static IP on the RT, just leave RT in DHCP mode and set the DD-WRT to hand out static IP to the RT. No need to manually set DNS server on the RT either.

I could have used DHCP to assign the 172.20.0.3 address, but figured static reduces any lease and renewing issues that could happen during a call.

EDIT: I read the original thread, and errr... well... if that works for you, great! (to quote DSLR: "on second thought, I do not wish to post").

I'm not sure why, but Tomato didn't work for me with a WRT54GL. Wish it did. Maybe if I'm daring enough, I'll try it again.

[MisterEd]

EDIT: I read the original thread, and errr... well... if that works for you, great! (to quote DSLR: "on second thought, I do not wish to post").

I agree ... I've never seen such a simple installation made so confusing. Bottom line was he reset the RT and lost all the provisioning. In the end, had that not happened, the whole issue would have been a non-issue.

[ctaranto]

I agree ... I've never seen such a simple installation made so confusing. Bottom line was he reset the RT and lost all the provisioning. In the end, had that not happened, the whole issue would have been a non-issue.

For the first thread, yes, that's mostly true. But just connecting a LAN Port of the WRT to the WAN port of the RT caused reauth issues. The set up explained in this thread appears to have resolved that.

/c

[MisterEd]

For the first thread, yes, that's mostly true. But just connecting a LAN Port of the WRT to the WAN port of the RT caused reauth issues. The set up explained in this thread appears to have resolved that.

/c

You original post might mistakenly lead people to believe it has to be done that way. You might want to clarify your original post. 99.9% of the people wouldn't need to go through all that and I can't understand why you should have had to either.

[ctaranto]

You original post might mistakenly lead people to believe it has to be done that way. You might want to clarify your original post. 99.9% of the people wouldn't need to go through all that and I can't understand why you should have had to either.

I have updated the post where I begin talking about not getting Phone 1 lit. Good suggestion.

/c

[ctaranto]

I switched my WRT firmware from dd-wrt to Tomato (with hardc0re's mod to enhance performance) yesterday afternoon. Throughout last night and this morning, no loss of connection (calls are fine, no reauth issues). So far, so good.

If things go well with Tomato for the next week or so, I'll assume that the reauth issues potentially come from the NAT/firewall within the RT. Running Tomato and hooking up the WRT to the RT WAN port was problematic (at least for me).

Updates coming later...

-Craig

[tritch]

A quadruple NAT setup to get it to work It's amazing this setup is working without any problems. Personally, I would be hesitant to ever recommend such a setup.

If it's really necessary to have such a complicated setup, then it's either:
1) a bad ATA or
2) a bad ATA configuration/provisioning issue or
3) a bad router or
4) router setup problem.

It should be as simple as modem - ATA - router, or modem - router - ATA with a preferred single NAT at the most. Any other setup indicates a problem component and/or setup issue.

[ctaranto]

A quadruple NAT setup to get it to work It's amazing this setup is working without any problems. Personally, I would be hesitant to ever recommend such a setup.

If it's really necessary to have such a complicated setup, then it's either:
1) a bad ATA or
2) a bad ATA configuration/provisioning issue or
3) a bad router or
4) router setup problem.

It should be as simple as modem - ATA - router, or modem - router - ATA with a preferred single NAT at the most. Any other setup indicates a problem component and/or setup issue.

With modem -> router -> ATA, how does one get single NAT? Turning NAT off on the RT makes it not get Phone 1 lit.

And where are my "4 NATs"? Not knowing what happens internally, I believe that having the RT entirely on the 172.20.0 network, it's not doing NAT at all. I thought NAT happens when going from 172 to 192, or public to private.

-Craig