Amazon Alexa Calls not working unless...

unlikely · April 14, 2023, 8:19pm

Hi all,

recently changed my home network setup from a simple Huawei B818 LTE router and Alexa calls doesn't works anymore: I can hear the other part but other path can't hear me.

Current Setup invove a Mikrotik RB5009Upr with

bridge1

ether1: UniFi U6-Pro Access Point powered by POE
ether2: MiniPC as Home Automation HUB
ether3: POE switch with PC and NAS

ether8: Huawei B818 LTE in bridge mode, no wifi, so ether8 get by DHCP client the public/routable IPv4 address of my LTE connection; powered by POE with POE splitter.

I setup and "advanced firewall" as per Miktorik web site tutorial. I tried to completely disable the firewall but the problem persist.

Now the fun part: if I start a "torch" on ether1 fomr winbox from PC, problem vanish until torch is running and pc not in stand-by.

Any idea?

MrYan · April 14, 2023, 9:31pm

Does it work if you configure “/ip/settings/set allow-fast-path=no”?

unlikely · April 14, 2023, 9:55pm

Apparently yes. So the solution is to globally and permanently disable this feature?

[admin@MikroTik] > /ip/settings
[admin@MikroTik] /ip/settings> print
              ip-forward: yes
          send-redirects: yes
     accept-source-route: no
        accept-redirects: no
        secure-redirects: yes
               rp-filter: no
          tcp-syncookies: no
    max-neighbor-entries: 16384
             arp-timeout: 30s
         icmp-rate-limit: 10
          icmp-rate-mask: 0x1818
             route-cache: yes
         allow-fast-path: yes
   ipv4-fast-path-active: no
  ipv4-fast-path-packets: 0
    ipv4-fast-path-bytes: 0
   ipv4-fasttrack-active: yes
  ipv4-fasttrack-packets: 26507559
    ipv4-fasttrack-bytes: 26039853508
[admin@MikroTik] /ip/settings> /ip/settings/set allow-fast-path=no
[admin@MikroTik] /ip/settings> print
              ip-forward: yes
          send-redirects: yes
     accept-source-route: no
        accept-redirects: no
        secure-redirects: yes
               rp-filter: no
          tcp-syncookies: no
    max-neighbor-entries: 16384
             arp-timeout: 30s
         icmp-rate-limit: 10
          icmp-rate-mask: 0x1818
             route-cache: yes
         allow-fast-path: no
   ipv4-fast-path-active: no
  ipv4-fast-path-packets: 0
    ipv4-fast-path-bytes: 0
   ipv4-fasttrack-active: no
  ipv4-fasttrack-packets: 26508102
    ipv4-fasttrack-bytes: 26040063366
[admin@MikroTik] /ip/settings>

rextended · April 15, 2023, 10:10am

Ignoring you config because you do not post the /export here, torch disable temporarly the fast path for see the traffic on CPU.

Is why @MrYan ask that without explaining why he asked that question.

Incorrect configuration need allow-fast-path disabled for remedy to errors.

unlikely · April 15, 2023, 1:10pm

Thanks for reply. I read the wiki about fast-path and I understood the the request of @MrYan.
But from the same wiki I understand fast-path should not be available in my case because I do have firewall rules and address lists.
So I don’t understand how

allow-fast-path=no

can make a difference.

I didn’t post the full configuration because was a bit confusing: many not relevant dhcp options, dns static entries, IPv6 and 6to4 disabled configurations, other related to non running containers, many sensitive data for VPNs…

I started with the default configuration of RB5009 and later added the firewall after switching my LTE router to bridge mode. Any explicit rounting configuration. For the firewall I followed the wiki about advanced firewall because I didn’t have any idea on how to build a decent firewall. Honestly a firewall issue was my first guess, but a quick check seems to exclude this.

rextended · April 15, 2023, 2:04pm

http://forum.mikrotik.com/t/amazon-alexa-calls-not-working-unless/165989/1

MrYan · April 15, 2023, 2:29pm

If performance is good enough with it disabled, then yes - permanently disable the feature.

unlikely · April 15, 2023, 2:40pm

thanks
if I would like to better investigate and search the “error” where do you recommend start searching?

MrYan · April 17, 2023, 8:32pm

Hard to say. You have an RB5009 and RouterOS 7 both of which have quirks. If it affects Alexa calls, perhaps something VoIP related - SIP ALG/helper? Not sure what Amazon use under the covers…

unlikely · April 17, 2023, 8:44pm

Thanks,

I’ll try to disable SIP ALG.

By the way, disabling fast-path not completely solve the calls issues.
Sometimes, after few minutes of talinkg, the call drop.

It is strange that with the common huawei router I never had such issues.

unlikely · April 18, 2023, 9:36pm

SIP ALG doesn’t make any change.

I tried adding a Firewall Filter Rule between “defconf: accept all that matches IPSec policy” and “defconf: fasttrack” to forward from all my amazon echo devices to WAN.
This seems to solve the biggest issue (some minor random issue persists).

From what I understood IPSec is not compatible with this fasttrack (and is not a “configuration error” as someone wrote) and maybe alexa voice calls neither.