IAD 3221 in modem mode – no Internet during phone calls

The article is concerning a device specifically used with Germany’s network provider “Alice” (now O2/Alice), called “Alice IAD 3221”.

The problem

A (really) small site with a VPN connection to the central office reported problems with their Internet connection: Whenever a phone call was made, no new sessions (ssh to central server through VPN) could be established, web pages wouldn’t load.

The setup

That site in question is connected to the world via O2/Alice on an NGN line (“next-generation network”, where voice and Internet go through a single DSL line via pure IP). The provider box (“IAD 3221”, build by Spairon) contains a VoIP-to-analog converter plus “DSL modem” and optional router pus Ethernet switch).

The provider box wasn’t configured as a router, leaving it as a bridge to the separate VPN router. The “phone” part of the IAD was activated, an analog phone attached.


This setup ran trouble-free for about half a year, but then the problems somehow manifested. During a stay at the location I could trouble-shoot the networking devices and indeed, as soon as the analog phone had established a call, the Internet connecting was majorly degraded. Irritatingly, while ssh, http and anything else using TCP didn’t work at all, ICMP requests went through just fine – I could “ping” remote systems, but got no ssh nor http connection. As soon as the call was over, the ssh calls came back alive and finished their connect.

A quick check on the Internet gave hints about drops in line quality, where the phone call would use up most of the bandwidth – but the Internet connection was rather quick, there ought to be plenty of room for a VoIP call in parallel. So I decided to give the support line a call (which in itself would justify an article – I won’t elaborate on getting the correct number and getting through to a person, since that’s no technological problem 😉 ), where a friendly technician made me configure the IAD 3221 as a modem and gave proof that the problem wouldn’t exist then. Fine – but now our router won’t work… at least I had proof that the DSL line itself is ok.

I’ve found no documented way to un-set the router mode, short of resetting the device to factory defaults. Luckily, in this case, all that was required to reconfigure was the PIN to re-register the VoIP part of the device.

Of course, the problem still persisted.

Further tracing only revealed excessive “Async event (0x20) timer epxired” output from “ip xfrm monitor” on the VPN router, rather than the usual “Async event (0x10) replay update” overhead.

The solution

Then I came across the ATM mode settings for the IAD 3221 (reachable via i.e., once you’re logged in to the

A word of warning: Changing any of those settings can seriously damage your connections – you might find yourself doing a factory reset plus a full reconfiguration of the IAD to recover!

Well, in our case, it was set to “Router (1VC), Voice over PPPoE”. I changed this to “Modem (1VC), Voice over PPPoE” and immediately, the problems were gone.

I don’t know what changed in the first place, to cause the problems. Whether that setting got somehow unset or some new firmware got installed via the provider path (and the previous version worked without changing that Modem/Router setting), I cannot tell. Just for reference: The IAD now reports a firmware version “2.21-2.49.6b”.

A short summary for our German readers

Ein als Modem genutztes IAD 3221 beeinträchtigte die Internet-Verbindungen des externen Router immer dann, wenn über den analogen Telefonie-Anschluss das IAD telefoniert wurde. Ein “factory reset” des IAD brachte keine Abhilfe, erst die Konfiguration des Modus “Modem (1VC)…” anstelle von “Router (1VC)…” ermöglichte die Internet-Nutzung auch während telefoniert wird.

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

2 Responses to IAD 3221 in modem mode – no Internet during phone calls

  1. Alan Wade says:

    If you’ve got multiple computers or numerous devices connected to your network, and want for them to be routed through your VPN servers, you will opt to setup a VPN affiliation on your actual router. By doing therefore there ought no to tack together each device severally, as your router can mechanically connect all devices to our service. This can be particularly helpful for connecting devices with no inbuilt VPN support.

    • jmozdzen says:

      …or you can simply set up a VPN tunnel using StrongSwan, which is available on your router, anyhow. I don’t see why one would need a separate service for this?
      (As the article was more about problems with the “modem” mode of the provider device than setting up VPN tunnels, I tend to believe that the above comment was targeting at more traffic for the referenced service. But since someone might find that service useful nonetheless, I’m not counting it as spam.)

Leave a Reply