Jump to content

Snom auto-provision via multicast and HTTPS


Kristan

Recommended Posts

Hi,

 

I'm trying to get my snoms to pull the configs via multicast and HTTPS on startup. Basically I have the following:

<?xml version="1.0"?>
<plug-and-play>
 <file name="snom360.htm" encoding="ascii">
   <pattern>!snom3[26]0-([0-9A-F]{12})\.htm!\1!</pattern>
   <vendor>snom</vendor>
   <model>snom360</model>
   <pnp-vendor>snom</pnp-vendor>
   <pnp-content-type>application/url</pnp-content-type>
   <pnp-url>https://{IP-Adr}:{HTTPS-Port}/{Model}-{MAC}.htm</pnp-url>
 </file>
</plug-and-play>

 

If I read the wiki right, and understand correctly, this should mean that if I have a file called snom360-xxxxxxxxxxxx.htm, the HTTPS server will give the snom this file when it requests it's startup config. The idea is that I can have a generic snom360.htm with my domain defaults in, then if I want to provision specific items on individual phones, I can do it by creating one with the mac address and the phone will pull that file. This seems to work ok doing it via tftp, but not via multicast. I have my snom360.htm file in the same folder (html) as the one with the MAC address but it always seems to take the generic file instead of the more specific one. Watching with filemon, the pbxnsip process doesn't even attempt to serve the specific file, instead it creates a "generated" folder and places it in a subfolder named after the mac address.

 

Can anyone shed some light on what I'm doing wrong?

 

Thanks,

 

Kristan

Link to comment
Share on other sites

Further to this too, I thought I'd have a play with the address book auto provisioning too. This doesn't seem to work at all.

 

I've got two address book entries in my PBX, and the following lines in my config

 

{Adrbook-Start 0 99}
tn_{Adrbook-Speed}!: {Adrbook-First-Name} {Adrbook-Last-Name}
tu_{Adrbook-Speed}!: {Adrbook-Number}
{Adrbook-End}

 

Which should work, (assuming I labeled the speeddials 0-99 in the pbx) however in the generated file, there is just an empty space. The PBX is clearly parsing the file to trim them out, yet doesn't actually seem to be doing the replacements. Does this feature actually work?

 

While we're at it, would it be possible to request a replacement variable to give the number of the phonebook entry (ie 0, 1, 2, 3) etc. for phones that do them in numeric orders (like the snoms?)

 

Thanks!

Link to comment
Share on other sites

Well, with the snom we are in the middle of finishing something really nice. The 7.2 version will support "buttons", where the PBX can take full control over the LED. it will also support XML-based directory, where the phones pull the address book on the fly from the PBX.

 

Unfortunately, there is no usable 7.2 version available yet...

Link to comment
Share on other sites

Well, with the snom we are in the middle of finishing something really nice. The 7.2 version will support "buttons", where the PBX can take full control over the LED. it will also support XML-based directory, where the phones pull the address book on the fly from the PBX.

 

Unfortunately, there is no usable 7.2 version available yet...

 

Is that 7.2 of the snom firmware? We're running beta 7 versions on some of our phones at the moment to try to fix some other issues. I notice they are moing into line with others by going for XML settings and phonebooks.

 

Can you shed any light on the auto-provisioning side of things as to how I'd be able to achieve sending individual config files to each phone using multicast instead of tftp?

 

Thanks

Link to comment
Share on other sites

  • 1 month later...

Version 7.1.23 also does that, and this version is available as beta from the snom web server. If you are using 2.1.0.2115 then PnP should be working smoothly.

 

For example, you find the snom firmware here (it is not so easy to find on the snom Wiki):

 

http://fox.snom.com/download/snom300-7.1.24-SIP-f.bin

http://fox.snom.com/download/snom320-7.1.24-SIP-f.bin

http://fox.snom.com/download/snom360-7.1.24-SIP-f.bin

http://fox.snom.com/download/snom370-7.1.24-SIP-f.bin

 

If you need to upgrade from version 6, see the descriptions on http://wiki.pbxnsip.com/index.php/Snom.

Link to comment
Share on other sites

  • 2 weeks later...
Version 7.1.23 also does that, and this version is available as beta from the snom web server. If you are using 2.1.0.2115 then PnP should be working smoothly.

 

For example, you find the snom firmware here (it is not so easy to find on the snom Wiki):

 

http://fox.snom.com/download/snom300-7.1.24-SIP-f.bin

http://fox.snom.com/download/snom320-7.1.24-SIP-f.bin

http://fox.snom.com/download/snom360-7.1.24-SIP-f.bin

http://fox.snom.com/download/snom370-7.1.24-SIP-f.bin

 

If you need to upgrade from version 6, see the descriptions on http://wiki.pbxnsip.com/index.php/Snom.

Any update please on timeframe for v.7.20? Thanks, Fred

Link to comment
Share on other sites

At the moment I don't see a need for that - 7.1.x seems to do everything that we can dream of...

Your reply makes no sense to me. You stated in August:

"Well, with the snom we are in the middle of finishing something really nice. The 7.2 version will support "buttons", where the PBX can take full control over the LED. it will also support XML-based directory, where the phones pull the address book on the fly from the PBX.

 

Unfortunately, there is no usable 7.2 version available yet..."

I am simply following up on your historical post. Why would you indicate there is no need for 7.2 when you claimed in August it was being worked on? Familiarizing yourself with all prior posts before responding would be appreciated.

Link to comment
Share on other sites

Okay, sorry if the response was not very clear. The 7.2 version had a feature called buttons (see http://wiki.pbxnsip.com/index.php/Assigning_Buttons), and because 7.2 is still not out snom put the support for buttons also in version 7.1. Therefore, there is no more need to wait until 7.2 is out. 7.1 is also fine now.

Link to comment
Share on other sites

Okay, sorry if the response was not very clear. The 7.2 version had a feature called buttons (see http://wiki.pbxnsip.com/index.php/Assigning_Buttons), and because 7.2 is still not out snom put the support for buttons also in version 7.1. Therefore, there is no more need to wait until 7.2 is out. 7.1 is also fine now.

Thank you very much for the clarification. On another note, I'm trying to hook-up Snom 370's from employee's homes. I would like to use VPN feature, but the Snom directions seem geared more to Linux setup & are difficult to follow. I'm able to connect to pbxnsip (without phone VPN) with Intertex SIP router connected that that server however still have to jump through all the SIP hoops at home & if home router doesn't support SIP, it connects but no audio. Anyway with or without phone VPN to beat the home firewall configuration (ICE, STUN?) that you know of, and if via phone VPN any advice on configuration? Thanks, Fred

Link to comment
Share on other sites

VPN on a phone is a difficult topic... It is very useful if your SIP infrastructure does not support application layer security.

 

The good thing about pbxnsip is that TLS and SRTP already keep your voice pretty private. I think it is much easier to go this way.

Can you speak to the setup please? My understanding of the ports on home firewall that need to be opened are:

TCP: 5060-5061

UDP: 5060,49152-64512

Does TLS pass through these ports, does the firewall have to support TLS? I could only get connection by setting ;transport=TLS switch via port 5061 in outbound proxy field. Should it be different setup if connecting from outside the domain? Thanks

Link to comment
Share on other sites

Thank you very much for the clarification. On another note, I'm trying to hook-up Snom 370's from employee's homes. I would like to use VPN feature, but the Snom directions seem geared more to Linux setup & are difficult to follow. I'm able to connect to pbxnsip (without phone VPN) with Intertex SIP router connected that that server however still have to jump through all the SIP hoops at home & if home router doesn't support SIP, it connects but no audio. Anyway with or without phone VPN to beat the home firewall configuration (ICE, STUN?) that you know of, and if via phone VPN any advice on configuration? Thanks, Fred

 

Hello Fred,

 

a secure solution with openvpn and pbxnsip is possible and works without problems!

The best way is to run pbxnsip on a debian linux system. You have only to:

 

- install openvpn

- generate your keys for the server

- generate the keys for the phones.

- you have to bring the vpn configuration on the phone (described on http://wiki.snom.com/Networking/VPN)

- pbxnsip needs a domain, the best is to add domain that has the vpn ip address of pbxnsip

- disable the firewall, if necessary

 

A configuration for a openvpn-server can look like this:

 

# server.conf for the openvpn server on pbxnsip machine, or elsewhere

port 1194

;proto tcp

proto udp

dev tun

ca keys/ca.crt

cert keys/example.snom.com.crt

key keys/example.snom.com.key # This file should be kept secret

# Diffie hellman parameters.

# Generate your own with:

# openssl dhparam -out dh1024.pem 1024

# Substitute 2048 for 1024 if you are using

# 2048 bit keys.

dh dh1024.pem

# Configure server mode and supply a VPN subnet

# for OpenVPN to draw client addresses from.

# The server will take 10.8.0.1 for itself,

# the rest will be made available to clients.

# Each client will be able to reach the server

# on 10.8.0.1. Comment this line out if you are

# ethernet bridging. See the man page for more info.

server 10.30.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

# Uncomment this directive to allow different

# clients to be able to "see" each other.

# By default, clients will only see the server.

# To force clients to only see the server, you

# will also need to appropriately firewall the

# server's TUN/TAP interface.

client-to-client

keepalive 10 120

persist-key

persist-tun

status openvpn-status.log

verb 5

 

 

A configuration of snom 370, could look like this:

# client config snom370 vpn.cnf

client

dev tun

;proto tcp

proto udp

 

# The hostname/IP and port of the server.

# You can have multiple remote entries

# to load balance between the servers.

 

 

remote 196.2.181.146 1194

nobind

persist-key

persist-tun

ca /openvpn/ca.crt

cert /openvpn/phone1.crt

key /openvpn/phone1.key

ns-cert-type server

verb 0

ping 10

ping-restart 60

 

 

The princip of generating the keys and to setup a vpn infrastructure is generic, nothing special. Howto setup a

VPN environment with OpenVPN is described on http://openvpn.net

 

 

Thats all!!!

 

 

regards,

 

Hirosh Dabui

Link to comment
Share on other sites

Thanks very much Hirosh:

We have a different subnet on the 2nd NIC that is connected to the Intertex router which in turn is conncected straight to the internet. Should virtual ip address for openvpn be changed from 10.5.0.1 in your sample config to one from within that subnet? Can you explain the 2 IP addressed in the config file? Thanks, Fred

Link to comment
Share on other sites

  • 2 weeks later...

Issues with current FW's:

After issues with 7.1.17 than much more with 7.1.19 I was really glade they put out the 7.1.24. It solved most of the major issues which were occurring. But still not enough. For example when u use extra 42 button expansion module for snom360 with FW 7.1.24. U receive a call, pick it up, than receive a another one on second line, nothing special no? But after you pick up the 2nd call while 1st one on hold you cant do anything. All buttons stop working transfer, hold, etc.

Thought I found solution when 7.2.3 came out but unlucky it's still causing same issue.But till now this is the best FW which solved most of the issues which I had with Snoms. Worst FW was 7.1.6 almost didn't worked at all, you just got shiny new phone ;) (7.1.17 - 7.1.19 too many bugs)

 

http://fox.snom.com/download/snom300-7.2.3-SIP-f.bin

 

Also I've got one big problem. how to get phone book working trough mass deploy on 7FW. Im still using .htm files.

I know how to deploy address book on FW6 but with FW7 it changed. Not working with tn_0&: tu_0&: etc.

Can anybody help me with this. Our costumers are getting really angry because their address books arent getting updated automatically on 7FW. On wiki isnt almost anything regarding to 7FW. If I'm wrong pls paste here link.

 

BTW: to snom. Guys how could you put out new phones with 7FW when it has got so many bugs? We received our first new Snom delivery something like 1.5moth ago with 7.1.6 and this one wasnt even compatible with asterisk. No documentation at all (now it's better). For next time hope you'll take more care before releasing new FW.

 

Cheers guys

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...